GOOGLE phish running on thebcgco[.]com

1. Found: 2018-01-21 13:15:18.470000
2. URL: http://www.thebcgco.com/Photos/GOOGLENEWW.zip
3. File: www.thebcgco.com-Photos-GOOGLENEWW.zip
4. Domain: thebcgco.com
5. Target: GOOGLE
6. Name Size Date MD5 GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/favicon.ico 1197 2016-04-14 12:12:30 46f7a1d52b8a46d23ee9c64b24adb4f0
7. File appears in 1067 kits and under 5 different file names
8. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/geoplugin.class.php 4647 2016-04-14 12:12:30 c8ea1e960b48a620c00bc65d525a721c
9. File appears in 1097 kits and under 3 different file names
10. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/index.php 37724 2017-12-01 20:10:54 3674039e86600845836a8fd4530c606e
11. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/verification.php 52867 2017-12-01 20:11:10 a80181ba7a17dfe0d9a73bf9f95cc5ff
12. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/aol.png 1183 2016-04-14 12:12:30 1db15cc5ad50540b10cde2d733efd2a4
13. File appears in 1145 kits and under 3 different file names
14. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/avatar_2x.png 2195 2016-04-14 12:12:30 17540f255f86c00bde81020fcc165989
15. File appears in 885 kits and under 2 different file names
16. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/checkmark.png 239 2016-04-14 12:12:30 8b596881d19d5906d926839a9c23e80c
17. File appears in 1211 kits and under 2 different file names
18. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff 21956 2016-04-14 12:12:30 3eb14f3838ada50e10f062a895c3b9cf
19. File appears in 1083 kits and under 2 different file names
20. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/docs-icon.png 52997 2016-04-14 12:12:30 83ad8d0b5df7150110564b46fc0b3911
21. File appears in 1053 kits and under 2 different file names
22. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff 22656 2016-04-14 12:12:30 7c5d9f078bea8c1fc0b21a764b832138
23. File appears in 1083 kits and under 2 different file names
24. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/email.png 2921 2016-04-14 12:12:30 f093ed003976ef8aa9d299051c06f26b
25. File appears in 1150 kits and under 2 different file names
26. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/favicon.ico 1197 2016-04-14 12:12:30 46f7a1d52b8a46d23ee9c64b24adb4f0
27. File appears in 1067 kits and under 5 different file names
28. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/Google Docs.png 232013 2016-04-14 12:12:30 4ab62a33783d09ef8b8c17a13ec6b0ef
29. File appears in 860 kits and under 2 different file names
30. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/google.png 9005 2016-04-14 12:12:30 b136662d529f0d1dd780056d7a6ff186
31. File appears in 1164 kits and under 5 different file names
32. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/googledocs.jpg 14918 2016-04-14 12:12:30 8ff2f663acec81a399f6eaa002d1eb53
33. File appears in 852 kits
34. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/jquery.ddslick.min.js 7156 2016-04-14 12:12:30 f0dc534351e239e07d258adcde7a63cd
35. File appears in 1085 kits and under 2 different file names
36. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/jquery.min.js 94843 2016-04-14 12:12:30 a13f7f208ba534681deadb1ec7a2e54a
37. File appears in 1029 kits and under 2 different file names
38. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/live_hotmail.png 517 2016-04-14 12:12:30 8dccdb0f930ec8ff6c62dd13474fa9f4
39. File appears in 1144 kits and under 3 different file names
40. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/logo_2x.png 9005 2016-04-14 12:12:30 b136662d529f0d1dd780056d7a6ff186
41. File appears in 1164 kits and under 5 different file names
42. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/logo_strip.png 26647 2016-04-14 12:12:30 a6dd956e0a1b11991ac93335bbf4b4cc
43. File appears in 1025 kits and under 2 different file names
44. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/logo_strip_2x.png 11156 2016-04-14 12:12:30 384a868cf5a995d033c4ac6e30c60355
45. File appears in 1189 kits and under 5 different file names
46. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/mail_gmail.png 1528 2016-04-14 12:12:30 5d2f329d5813e9ad215d0117610a58c5
47. File appears in 1144 kits and under 3 different file names
48. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/Thumbs.db 80896 2016-07-29 09:10:00 3087839f894ea2e63c5b32d2c0838928
49. File appears in 12 kits
50. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/universal_language_settings-21.png 199 2016-04-14 12:12:30 4a2d1168a691747daf4d22e0dc483958
51. File appears in 1294 kits and under 2 different file names
52. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/x_8px.png 154 2016-04-14 12:12:30 4e3d78afc1958e6e12226cbf27f236bd
53. File appears in 1059 kits and under 2 different file names
54. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/yahoo.png 2830 2016-04-14 12:12:30 fda2a0cac8b16568eed32edbc85b5db8
55. File appears in 1145 kits and under 3 different file names
56. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/Google_docs_files/_notes/dwsync.xml 2133 2016-04-14 12:12:30 368e28b664e21e90732382469113dde0
57. File appears in 842 kits and under 2 different file names
58. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/SpryAssets/SpryValidationPassword.css 2426 2016-04-14 12:12:30 97faad16686bef5246d0953311bffdc8
59. File appears in 1032 kits
60. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/SpryAssets/SpryValidationPassword.js 20828 2016-04-14 12:12:30 d6be38fb42c2e9618c9d5f2664078c19
61. File appears in 1030 kits
62. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/SpryAssets/SpryValidationTextField.css 3122 2016-04-14 12:12:30 997fda9f352033c20b5fbb8fc361537c
63. File appears in 1037 kits
64. GOOGLENEWW/GOOGLENEWW/GOOGLENEWW/GOOGLENEW/realestateseller/doc/work/ec/SpryAssets/SpryValidationTextField.js 77624 2016-04-14 12:12:30 7947cb5a92373e747f786adfe1d49356
65. File appears in 1031 kits
66.  
67. 3 Email addresses found:
68. gp_support@geoplugin.com (appears in 1076 kits)
69. 1122johnsonmark@gmail.com
70. 112johnsonmark@gmail.com
71.  
72.  
73.  
74. https://texasmalwareblog.blogspot.com @phish_total