MICROSOFT phish running on nimtzdesigngroup[.]com

1. Found: 2018-05-28 03:19:08.299000
2. URL: http://nimtzdesigngroup.com/outlook.zip
3. File: nimtzdesigngroup.com-foo-outlook.zip
4. Domain: nimtzdesigngroup.com
5. Target: MICROSOFT
6. Name Size Date MD5 outlook/blocker.php 2644 2017-10-10 08:09:48 5aa3f3f406ced12d0bc7742e77b01781
7. File appears in 271 kits and under 5 different file names
8. outlook/fresh/authenticate.php 4081 2018-05-25 17:04:24 892af3e96fe0d6368f2bc131568e8448
9. outlook/fresh/error.php 18429 2017-09-21 14:14:02 d9779b7472f313f36353938cd3664d6c
10. outlook/fresh/geoplugin.class.php 4647 2017-09-21 14:13:48 c8ea1e960b48a620c00bc65d525a721c
11. File appears in 1313 kits and under 3 different file names
12. outlook/fresh/index.php 13326 2017-09-21 14:13:40 05f80413b5927e606bbe6c1ea7186689
13. outlook/fresh/login.php 1296 2018-05-25 17:01:38 9aa5086f097a03e8acf2707b9eebe9ac
14. outlook/fresh/pass.php 18316 2017-09-21 14:13:24 54d9b9ab9208c927460e3f5cccd3fdf6
15. outlook/fresh/Sign in to your Microsoft account_files/AppCentipede_Microsoft.svg 7174 2017-09-21 14:15:52 aed5eb9ccea43f119a25b3b74c59c7e7
16. File appears in 104 kits
17. outlook/fresh/Sign in to your Microsoft account_files/Default1033.css 73727 2017-09-21 14:15:44 902952e2e05ab3451fb7438bb77059fb
18. File appears in 78 kits and under 2 different file names
19. outlook/fresh/Sign in to your Microsoft account_files/DefaultLoginStrings1033.js.txt 9898 2017-09-21 14:15:28 b507b90640721b4e47154d97609105bc
20. File appears in 74 kits and under 2 different file names
21. outlook/fresh/Sign in to your Microsoft account_files/DefaultLogin_Core.js.txt 126766 2017-09-21 14:15:34 a85dcfb7c3eda9c13ad3690c2dd27822
22. File appears in 73 kits and under 2 different file names
23. outlook/fresh/Sign in to your Microsoft account_files/logo.jpg 3602 2017-09-21 14:15:20 885531c6229490a82386b12b01cc5553
24. File appears in 59 kits
25. outlook/fresh/Sign in to your Microsoft account_files/Microsoft_Logotype_Gray.svg 5435 2017-09-21 14:15:12 5feaa482d83c2a69d012f9bff660d373
26. File appears in 104 kits
27. outlook/fresh/Sign in to your Microsoft account_files/prefetch.htm 3326 2017-09-21 14:15:06 68b1e3007431d49789c66d75b9f606c6
28. File appears in 59 kits
29. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot.css 159658 2017-09-21 14:17:24 30da6f6f4e2d60d8aacbe2ed1583ae7f
30. File appears in 59 kits
31. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot.js.txt 650764 2017-09-21 14:17:16 3fcf01abd2872c7fe233a3abaa50e122
32. File appears in 59 kits and under 2 different file names
33. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot_002.js.txt 646615 2017-09-21 14:17:08 9c766769f81c9884d74819f3dfe915be
34. File appears in 59 kits and under 2 different file names
35. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot_003.js.htm 650184 2017-09-21 14:16:58 4cfbdab231025e8b0ee7d08368516d5c
36. File appears in 59 kits and under 2 different file names
37. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot_004.js.txt 648527 2017-09-21 14:16:50 1b403af938697ddd9ed483405ff47cd4
38. File appears in 59 kits and under 2 different file names
39. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/sprite1.css 7304 2017-09-21 14:16:44 7c23768ca9a97f74fc7b0486747deeaf
40. File appears in 59 kits
41. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/sprite1.png 14983 2017-09-21 14:16:38 d502a13c4f154e9fe86802b1f0338466
42. File appears in 59 kits
43. outlook/index.php 618 2018-02-08 16:58:22 4e24c251dddcedfd3c19268d05ada356
44.  
45. 2 Email addresses found:
46. gp_support@geoplugin.com (appears in 1260 kits)
47. mavisbrianna170@yahoo.com
48.  
49.  
50.  
51. https://texasmalwareblog.blogspot.com @phish_total