URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | olgaa.ir |
|---|---|
| Spamhaus DBL : | Phishing domain |
| SURBL : | Not blocked |
| Quad9 : | Blocked |
| AdGuard : | Blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2020-06-04 17:46:29 UTC |
| Total malware sites : | 6 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 6 (100%) |
| A record(s) observed : | 11 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-08-02 17:03:16 | 85.198.21.244 | 85.198.21.244.asiatech.cloud | Not listed | AS60077 AT-CLOUD |  IR | yes |
| 2025-06-02 03:02:11 | 104.21.4.28 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-06-02 03:02:12 | 172.67.131.149 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-06-01 18:46:42 | 188.114.96.3 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-06-01 18:46:42 | 188.114.97.3 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2020-07-16 11:15:48 | 104.237.233.120 | 104-237-233-120-host.colocrossing.com | Not listed | AS16628 DEDICATED-FIBER-COMMUNICATIONS |  US | no |
| 2020-06-04 17:46:32 | 194.180.224.87 | host.vmpars.net | Not listed | AS200436 tehrangaming-com | IR | no |
| 2020-07-08 11:08:22 | 185.123.101.144 | Not listed | AS206991 IXIR |  TR | no | |
| 2020-07-02 08:27:10 | 185.207.38.107 | Not listed | AS203061 itproximus |  DK | no | |
| 2020-06-12 05:29:10 | 185.207.38.108 | Not listed | AS203061 itproximus | DK | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-06-25 17:30:14 | http://olgaa.ir/bin_emnTydXBEH114.bin | Offline | encrypted GuLoader  |  abuse_ch |
| 2020-06-12 07:39:34 | http://olgaa.ir/bin_cMKjmDp215.bin | Offline | encrypted GuLoader | abuse_ch |
| 2020-06-11 15:40:05 | http://olgaa.ir/helgenenso.exe | Offline | exe GuLoader |  zbetcheckin |
| 2020-06-11 13:18:34 | http://olgaa.ir/very1.exe | Offline | AgentTesla exe | zbetcheckin |
| 2020-06-11 12:59:06 | http://olgaa.ir/boaersoper.exe | Offline | exe GuLoader | zbetcheckin |
| 2020-06-04 17:46:32 | http://olgaa.ir/bin_IduoPKK149.bin | Offline | encrypted GuLoader | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-06-12 07:39:34 | e0f24b161aacf4f53724a82709d101466555c910287dbb3d91844c0309ff8772 | unknown | ||
| 2020-06-11 15:40:05 | d3dee842f4f0bae850ac05149003089518a5ca9e6d03222fd5e37188b852d83a | exe | GuLoader | |
| 2020-06-11 13:18:34 | a07ee811211a675d2b1b29783d278f340029b69306778547d69fa73f16b1b115 | exe | AgentTesla | |
| 2020-06-11 12:59:06 | 5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669 | exe | GuLoader | |
| 2020-06-04 17:46:31 | dd279e1ed5316b052af0fe76408225de8e5f25fd679cd71ac972a5d5712a5dc7 | unknown |