URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | bhandaraexpress.com |
|---|---|
| Spamhaus DBL : | Not blocked |
| SURBL : | Not blocked |
| Quad9 : | Not blocked |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Not blocked |
| OpenBLD : | Not blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2020-07-17 15:38:30 UTC |
| Total malware sites : | 3 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 3 (100%) |
| A record(s) observed : | 8 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-06-18 12:41:08 | 34.41.139.193 | 193.139.41.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM |  US | yes |
| 2025-06-18 12:41:08 | 34.159.223.43 | 43.223.159.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM |  DE | no |
| 2025-04-27 09:53:59 | 34.132.102.6 | 6.102.132.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
| 2025-04-27 09:53:59 | 34.136.111.81 | 81.111.136.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
| 2020-10-31 15:23:29 | 164.68.111.157 | vmd86537.contaboserver.net | Not listed | AS51167 CONTABO |  FR | no |
| 2020-07-17 15:38:31 | 172.67.173.121 | Not listed | AS13335 CLOUDFLARENET | n/a | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-10-27 20:37:04 | https://bhandaraexpress.com/wp-includes/xWKoNna... | Offline | doc emotet  epoch2 heodo |  Cryptolaemus1 |
| 2020-10-19 16:21:04 | https://bhandaraexpress.com/wp-includes/Documen... | Offline | doc emotet epoch1 heodo | Cryptolaemus1 |
| 2020-07-17 15:38:31 | https://bhandaraexpress.com/wp-includes/0Iw2jW2/ | Offline | emotet epoch1 exe heodo | Cryptolaemus1 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-10-27 21:04:11 | 19b2ef8602e3efffbd8cde11a0a67d41ccecaa61b565625a2fc3648e48842ac5 | doc | Heodo | |
| 2020-10-27 20:37:04 | eff4ff103b1930c43c7f0ae267a43b853c4cc734db4c80473d028efff6e8f7f2 | doc | Heodo | |
| 2020-10-19 16:21:04 | eef652fa1a210dbf18ad127236f016cc42c62eaa84845a44fdbca44329c91f00 | doc | Heodo | |
| 2020-07-17 16:30:49 | 68a7c5254e95d4454502c0baedcc5e68723d97d2fbc341801b36b82210464084 | exe | Heodo | |
| 2020-07-17 16:20:26 | 25ecaea985f03b867e0ffb80535032f4aa7ba5faffdcd837d4fd2848b1b391d9 | exe | Heodo | |
| 2020-07-17 16:01:32 | 0da8b2dd3e9c0c41f889aa4124d09a694c02e59fe78812525d70a44a7ea0eebc | exe | Heodo | |
| 2020-07-17 15:45:51 | 0884f7038600462abe0ced379c3917f7697c697bc0757132cb735e707e469bc3 | exe | Heodo | |
| 2020-07-17 15:38:31 | 7dd9a20e7f01281ff1ecd6229352fa87c922a3b026113077c1e58caebc5fa0d0 | exe | Heodo |