MICROSOFT phish running on devisa[.]com[.]mx

1. Found: 2018-09-19 10:15:51.031000
2. URL: https://devisa.com.mx/office365.zip
3. File: devisa.com.mx-foo-office365.zip
4. Domain: devisa.com.mx
5. Target: MICROSOFT
6. Name Size Date MD5 office365/geoplugin.class.php 5240 2018-05-21 16:06:26 855843d9cb173722e425fa36a67fa6d9
7. File appears in 9 kits
8. office365/index.php 21836 2018-07-27 19:58:08 cc0847146c2a6ffb7eba7fd0d34ad477
9. office365/index_files/arrow_left.svg 513 2018-07-27 19:18:04 a9cc2824ef3517b6c4160dcf8ff7d410
10. office365/index_files/boot.worldwide.mouse.css 232417 2018-07-27 19:18:08 a7caadb84da8448a7c462ec0381e5476
11. office365/index_files/converged.v2.login.min.css 95294 2018-07-27 19:18:00 499bc0c39e0a17a04873bee1d8c614d9
12. office365/index_files/ellipsis_grey.svg 915 2018-07-27 19:18:04 2b5d393db04a5e6e1f739cb266e65b4c
13.  
14. office365/index_files/ellipsis_white.svg 915 2018-07-27 19:18:04 5ac590ee72bfe06a7cecfd75b588ad73
15.  
16. office365/index_files/microsoft_logo.svg 3651 2018-07-27 19:18:04 ee5c8d9fb6248c938fd0dc19370e90bd
17. File appears in 43 kits and under 2 different file names
18. office365/index_files/prefetch.html 3411 2018-07-27 19:18:08 f923575c5829214731f73a193b329e30
19. office365/index_files/sprite1.mouse.css 7604 2018-07-27 19:18:06 e9ba472d2ddb09fb3ec536dc240b1976
20. File appears in 6 kits and under 2 different file names
21. office365/index_files/sprite1.mouse.png 16664 2018-07-27 19:18:06 2835f067dcf4c8a12464856267ca8ff7
22. File appears in 33 kits and under 2 different file names
23. office365/index2.php 20050 2018-07-27 21:06:34 80c95414a2d331917f00919140a17f0a
24. office365/redirect.php 1316 2018-08-09 08:14:52 e26a1005d099a5ed32a96b916413af13
25.  
26. 3 Email addresses found:
27. gp_support@geoplugin.com (appears in 1306 kits)
28. warkin@airtelmail.in
29. sassyrit@gmail.com
30.  
31.  
32.  
33. https://texasmalwareblog.blogspot.com @phish_total