AOL phish running on cesawards[.]com

1. Found: 2018-04-06 16:15:20.994000
2. URL: https://cesawards.com/dwn.zip
3. File: cesawards.com-foo-dwn.zip
4. Domain: cesawards.com
5. Target: AOL
6. Name Size Date MD5 dwn/dwn/aa.php 1291 2018-04-05 16:55:36 0512be8fb0f5fa9d6f802d0d271bce95
7. dwn/dwn/aodc.php 16989 2017-05-10 13:32:42 6bc3d73a59de8559581de23d19dac346
8. File appears in 10 kits
9. dwn/dwn/error.php 1909 2016-08-22 06:13:42 345fa2b4c557753e0f201e804326f328
10. File appears in 49 kits
11. dwn/dwn/geoplugin.class.php 4647 2014-04-25 08:14:28 c8ea1e960b48a620c00bc65d525a721c
12. File appears in 1266 kits and under 3 different file names
13. dwn/dwn/index.php 39830 2017-05-23 11:10:22 dc346821bc3b6155aad279e8e04f11aa
14. File appears in 10 kits
15. dwn/dwn/Of365.php 14988 2017-05-23 11:03:48 cfe4c40ae6ba038fde4f34e8fc5da478
16. File appears in 10 kits
17. dwn/dwn/ofp.php 1293 2018-04-05 16:57:48 c3aeda471660d5213f177b477c29983d
18. dwn/dwn/otdc.php 14952 2017-05-23 11:06:30 1b588e4a80da86bbc6ffbe0b08e2aa61
19. File appears in 10 kits
20. dwn/dwn/otp.php 1301 2018-04-05 16:58:22 bab1948888368771578a41086f3ab3fa
21. dwn/dwn/ss_files/aodc.png 15857 2017-05-23 01:49:04 ef8a5981db9eb379977dd906bfbb7c88
22. File appears in 14 kits
23. dwn/dwn/ss_files/base.css 3807 2017-05-22 23:33:20 6d1f4c1278de1c5581b9c8ecdf9297d5
24. File appears in 14 kits
25. dwn/dwn/ss_files/bootstrap.css 99961 2017-05-22 23:33:20 8a7442ca6bedd62cec4881040b9a9e83
26. File appears in 14 kits
27. dwn/dwn/ss_files/images.png 2899 2017-05-23 02:23:24 df3829fa7b84d9e92afc174363a61bee
28. File appears in 14 kits
29. dwn/dwn/ss_files/immmm.ico 285 2016-06-13 15:45:06 3e47d71cae18960fcd9772c836da50fd
30. File appears in 184 kits and under 5 different file names
31. dwn/dwn/ss_files/index.css 3112 2017-05-22 23:33:18 d594ebc0f6b1c27a44b26e15e7cb0949
32. File appears in 14 kits
33. dwn/dwn/ss_files/logo.png 7635 2017-05-09 08:54:20 1059986618539574ca4fa0bcfd699006
34. File appears in 70 kits and under 4 different file names
35. dwn/dwn/ss_files/ofdc.png 6905 2017-05-23 00:47:08 9f68017947e9ec02850b97115add63a6
36. File appears in 14 kits
37. dwn/dwn/ss_files/ofdc1.png 4585 2017-05-23 03:48:54 9f09a27d4f69b3557c7433574a29d726
38. File appears in 125 kits and under 5 different file names
39. dwn/dwn/ss_files/pcill.png 203294 2016-06-11 22:14:56 65283b123eb235e6176ae98c02ac5b1c
40. File appears in 230 kits and under 6 different file names
41. dwn/dwn/ss_files/rrrr.ico 17174 2016-06-12 00:03:50 12e3dac858061d088023b2bd48e2fa96
42. File appears in 356 kits and under 9 different file names
43. dwn/dwn/ss_files/s1.css 7815 2017-05-23 03:51:46 779c4723ad3225c9370378f14fc2f570
44. File appears in 14 kits
45. dwn/dwn/ss_files/s2.css 7815 2017-05-23 04:05:32 8df5769d8da3d0a3ba5f37f6c95207d9
46. File appears in 14 kits
47. dwn/dwn/ss_files/stylesheet.css 37811 2017-05-23 02:21:22 3b9f22bb2fb8e2a10918c1f5be1ed95e
48. File appears in 14 kits
49. dwn/dwn/ss_files/Thumbs.db 393728 2017-05-23 11:21:44 6d00da053fed1bc805765652f4d0f659
50. File appears in 13 kits
51. dwn/dwn/Thumbs.db 49152 2017-05-06 15:22:22 aaa74d950bd965dffd62f7b6c3426770
52. File appears in 10 kits
53. dwn/dwn/verification.php 52843 2018-04-05 16:59:04 4e2fbd51f15c6402e50674f696d2513c
54.  
55. 3 Email addresses found:
56. djayresult@gmail.com
57. gp_support@geoplugin.com (appears in 1197 kits)
58. email@domain.com (appears in 130 kits)
59.  
60.  
61.  
62. https://texasmalwareblog.blogspot.com @phish_total