URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	criticalmattermediation.com
Domain registrar:	GoDaddy
Domain registration date:	2017-01-23 20:56:51 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-05-31 13:53:03 UTC
Total malware sites :	4
Online malware sites :	0 (0%)
Offline Malware sites :	4 (100%)
A record(s) observed :	9

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 12:22:30	185.230.63.107	unalocated.63.wixsite.com	Not listed	AS58182 wix_com	US	yes
2022-07-16 12:57:44	23.236.62.147	147.62.236.23.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2022-08-17 05:04:21	34.102.136.180	180.136.102.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2022-08-13 11:55:08	185.224.196.92		Not listed	AS21130 IOMART-IE	IE	no
2022-07-30 05:39:04	69.49.229.176	69-49-229-176.webhostbox.net	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no
2022-07-14 04:57:19	162.241.124.140	162-241-124-140.webhostbox.net	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no
2022-06-09 07:01:01	162.240.77.173	server.dericlipski.com	Not listed	AS46606 UNIFIEDLAYER-AS-1	US	no
2022-05-31 13:53:04	31.192.239.24	vps.z19.web.core.windows.net	Not listed	AS44493 CHELYABINSK-SIGNAL-AS	NL	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-05-31 13:53:04	http://criticalmattermediation.com/a3/Qu2.exe	Offline	GuLoader	stoerchl
2022-05-31 13:53:04	http://criticalmattermediation.com/k2/LY.exe	Offline	Formbook	stoerchl
2022-05-31 13:53:04	http://criticalmattermediation.com/a1/Quo1.exe	Offline		stoerchl
2022-05-31 13:53:04	http://criticalmattermediation.com/b3/ptg.exe	Offline	Formbook	stoerchl

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-05-31 13:53:03	484377e2c316d7f368183e822b1023c783d4894db2073df3ace2650dd54295cd	exe		GuLoader
2022-05-31 13:53:03	5648a6a5a1455be6a8a9cb1b416aaeaed41e4fb9457d5811fd7c8b5f8318f6e0	exe		Formbook
2022-05-31 13:53:03	2f7512111865a517857830a32a6389f4bddbf6c7d5cd1e8154986c69625f2e83	exe
2022-05-31 13:53:03	aaf9711abf1917c4e3eb650c32e71de2dc8f4c0999ffe193801e4acf6cf52815	exe		Formbook