ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://drive.google.com/file/d/1QN5mHqCE364sDYEtTWZBngyIEiN4iYOf/view?usp=sharing.

Database Entry


IOC ID:1832950
IOC: https://drive.google.com/file/d/1QN5mHqCE364sDYEtTWZBngyIEiN4iYOf/view?usp=sharing
IOC Type :url
Threat Type :payload_delivery
Malware: Unknown malware
Confidence Level : Confidence level is elevated (75%)
Is compromised? : True
ASN:AS15169 GOOGLE
Country:- US
First seen:2026-06-17 05:45:15 UTC
Last seen:never
UUID:7ea34000-69ca-11f1-9258-42010aa4000a
Reporter DENNISAROSS
Reward 5 credits from ThreatFox
Tags:dentons-impersonation google-drive-abuse homoglyph phishing
Reference: https://urlscan.io/result/019ed22e-347e-7229-af80-c237e0f20fc9/

Avatar
DENNISAROSS
Two additional Google Drive phishing PDFs from the same instantpublicalertnetwork.com campaign (domain age 7 days). Three sender accounts used in rapid succession (~1 min apart): khajobacle2002@, xihebankga2000@, graphunatgeek1999@ — all @community.instantpublicalertnetwork.com. Lure titles use Cyrillic homoglyphs to spoof Dentons law firm. File 1QN5m: "(Оur Firm NоtifiеS) — [YоU RеCеivеd А DеbT LеttеR]". File 1Jpzr: "(Оur Sеcurity Tеаm) — [Sеrvicе Suspеnsiоn Will Оccur]". Campaign CC'd 60+ victims across 3 waves including L3Harris (defense contractor). All emails passed DKIM/SPF/DMARC as genuine Google Drive notifications. Observed 2026-06-16.