drive.google.com
Checking live DNS resolution...
100/100
CRITICAL RISK
177
Malware URLs
7
Resolved IPs
2789
Abuse Reports
6
Active URLs

Threat Intelligence Summary: drive.google.com

Risk Level: CRITICAL

Threat Score: 100/100

Assessment: ACTIVE THREAT - Domain is hosting 6 active malware URLs

Recommendation: Block immediately

Total Malware URLs: 177

Active URLs: 6

Resolved IPs: 7

Abuse Reports: 2789

First Seen: 2025-09-18T06:52:07

Last Online: 2026-03-28T22:43:39

Data aggregated from threat intelligence feeds including URLhaus and community reports.
Timeline
First Seen
2025-09-18T06:52:07
Last Seen Online
2026-03-28T22:43:39
Data Last Updated
2026-03-29T05:00:53.055550
Status Activity Timeline (50 changes recorded)

Complete history of all status changes detected for URLs on this domain. Tracking online/offline transitions helps identify malware lifecycle patterns.

ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=1IhjOJh6GMnYt9ri5tNZCeJ65GbOUFUCL
Status changed from online to offline
ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=1fTO6piWETT3AhaaKkeZ6u7X-XwN2lQ2g
Status changed from online to offline
ONLINE
https://drive.google.com/uc?export=download&id=1IhjOJh6GMnYt9ri5tNZCeJ65GbOUFUCL
First detected as online
ONLINE
https://drive.google.com/uc?export=download&id=1fTO6piWETT3AhaaKkeZ6u7X-XwN2lQ2g
First detected as online
ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=1PyqsRKLXw1GypoJQ-TLpXOAGWM2390vb
Status changed from online to offline
ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=1NayRbYneT5PFVrSCoJbr1-pmIRv08ky1
Status changed from online to offline
ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=1my4Utq51Pb4qletOe1oX63ugWvUAAxrs
Status changed from online to offline
ONLINE
https://drive.google.com/uc?export=download&id=1PyqsRKLXw1GypoJQ-TLpXOAGWM2390vb
First detected as online
OFFLINE
https://drive.google.com/uc?id=1pRB6od3pM8uHbdKoY6ykQobAcJhh13eC&export=download
First detected as offline
ONLINE
https://drive.google.com/uc?export=download&id=1my4Utq51Pb4qletOe1oX63ugWvUAAxrs
First detected as online
ONLINE
https://drive.google.com/uc?export=download&id=1NayRbYneT5PFVrSCoJbr1-pmIRv08ky1
First detected as online
OFFLINE
https://drive.google.com/uc?export=download&id=1T8T1ezKQJI_6Sp5pzSj_StKPzsT_ifXH
First detected as offline
ONLINE
https://drive.google.com/uc?export=download&id=1-StTWmIC9YRVk9lpbjtwck6REjrJL3_2
First detected as online
ONLINE
https://drive.google.com/uc?export=download&id=1fK_YmZ89HiXUmZ-d3m3nyo6eIOE_UF3c
First detected as online
ONLINE
https://drive.google.com/uc?export=download&id=1a9cS0o6R-fdx3Wc7p04bhkuH1T99jKP0
First detected as online
ONLINE
https://drive.google.com/uc?export=download&id=1MVtjihhR_cTb-IbzfwYaDaair2TJO5tq
First detected as online
OFFLINE
https://drive.google.com/uc?id=1pyyQRpUmH0YtPG-VqvMNzKUo9i8-RZ7L&export=download
First detected as offline
ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=15M1z1HYA2lfktOlFiddvyPQN1zCAgQAO
Status changed from online to offline
ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=1RpUIW7xtI9aLyo5kw-7niMBw1qejdwih
Status changed from online to offline
ONLINE OFFLINE
https://drive.google.com/uc?export=download&id=1cY31El0h0LSpCI6YWicJiL3iliV4Ayxj
Status changed from online to offline
Showing 20 most recent changes of 50 total
Associated IP Addresses (7)

All IP addresses this domain has resolved to (current and historical). These IPs may host or have hosted malware URLs.

142.251.38.110
56 abuse reports Severity: high
216.58.207.206
156 abuse reports Severity: high
216.58.201.238
24 abuse reports Severity: high
142.251.143.142
20 abuse reports Severity: high
172.217.21.174
2387 abuse reports Severity: high
142.250.74.110
130 abuse reports Severity: high
142.250.74.46
16 abuse reports Severity: high
Malware Classification
GuLoader
Malware family "GuLoader" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
PhantomStealer
Malware family "PhantomStealer" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
AgentTesla
Popular since 2014, this .NET-based keylogger evolved into sophisticated spyware. Exfiltrates credentials via SMTP, FTP, or Telegram. Favored by less technical attackers due to builder tools that require no programming knowledge.
encrypted
Malware family "encrypted" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
RemcosRAT
Malware family "RemcosRAT" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
ascii
Malware family "ascii" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
Formbook
Sold exclusively on underground forums since 2016 for $29/week. Designed specifically to evade antivirus through polymorphic code that changes with each build. Captures HTTP/HTTPS form data before encryption, making it highly effective against credential theft.
None
Malware family "None" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
ps1
Malware family "ps1" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
rat
Malware family "rat" detected in threat intelligence feeds. This threat is actively monitored. Exercise caution - infrastructure may be compromised or intentionally malicious.
Malware URLs (177)

All malicious URLs identified on this domain. Status reflects last known state from threat intelligence feeds.

https://drive.google.com/uc?export=download&id=1IhjOJh6GMnYt9ri5tNZCeJ65GbOUFUCL
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-25
encrypted GuLoader rat RemcosRAT
https://drive.google.com/uc?export=download&id=1fTO6piWETT3AhaaKkeZ6u7X-XwN2lQ2g
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-25
ascii Encoded GuLoader rat RemcosRAT
https://drive.google.com/uc?export=download&id=1PyqsRKLXw1GypoJQ-TLpXOAGWM2390vb
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-18
encrypted
https://drive.google.com/uc?export=download&id=1my4Utq51Pb4qletOe1oX63ugWvUAAxrs
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-18
ascii Encoded Formbook GuLoader
https://drive.google.com/uc?export=download&id=1T8T1ezKQJI_6Sp5pzSj_StKPzsT_ifXH
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-18
None
https://drive.google.com/uc?id=1pRB6od3pM8uHbdKoY6ykQobAcJhh13eC&export=download
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-18
connectwise rmm screenconnect
https://drive.google.com/uc?export=download&id=1NayRbYneT5PFVrSCoJbr1-pmIRv08ky1
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-18
encrypted Formbook GuLoader
https://drive.google.com/uc?export=download&id=1a9cS0o6R-fdx3Wc7p04bhkuH1T99jKP0
Active Threat
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-05
encrypted GuLoader xworm
https://drive.google.com/uc?export=download&id=1MVtjihhR_cTb-IbzfwYaDaair2TJO5tq
Active Threat
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-05
ascii Encoded GuLoader VIPKeylogger
https://drive.google.com/uc?export=download&id=1-StTWmIC9YRVk9lpbjtwck6REjrJL3_2
Active Threat
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-05
encrypted GuLoader VIPKeylogger
https://drive.google.com/uc?export=download&id=1fK_YmZ89HiXUmZ-d3m3nyo6eIOE_UF3c
Active Threat
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-05
ascii Encoded GuLoader xworm
https://drive.google.com/uc?id=1pyyQRpUmH0YtPG-VqvMNzKUo9i8-RZ7L&export=download
Taken Down
IP: 216.58.201.238
Type: malware_download
First Seen: 2026-03-05
None
https://drive.google.com/uc?export=download&id=1RpUIW7xtI9aLyo5kw-7niMBw1qejdwih
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
ascii Encoded GuLoader xworm
https://drive.google.com/file/d/1SsbgkhpaxxgDuK_r44Ii-41ou4JBXPwq/view?usp=sharing
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
ascii powershell ps1
https://drive.google.com/uc?export=download&id=1-qKojjjspvV3x__J0CzuMKh_afO8JLct
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
ascii Encoded PhantomStealer
https://drive.google.com/uc?export=download&id=1Qe0GjnodUt91R20XjervB7rBIibb8JFg
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
encrypted GuLoader PhantomStealer
https://drive.google.com/file/d/13cKZ5lk3JS4h7YeRD8ONFArjiQjgGKA3/view?usp=sharing
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
ascii powershell ps1
https://drive.google.com/uc?export=download&id=15M1z1HYA2lfktOlFiddvyPQN1zCAgQAO
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
ascii Encoded GuLoader PhantomStealer
https://drive.google.com/uc?export=download&id=1ebW5Jd94VciuqKug2mUdM5LOQ7tfpB3w
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
encrypted GuLoader PhantomStealer
https://drive.google.com/uc?export=download&id=1cY31El0h0LSpCI6YWicJiL3iliV4Ayxj
Taken Down
IP: 142.251.143.142
Type: malware_download
First Seen: 2026-02-19
encrypted GuLoader xworm
Showing 20 of 177 URLs