GOOGLE phish running on esndenmark[.]org

1. Found: 2018-05-14 22:15:41.694000
2. URL: http://kolding.esndenmark.org/misc/ui/z3.zip
3. File: kolding.esndenmark.org-ui-z3.zip
4. Domain: esndenmark.org
5. Target: GOOGLE
6. Name Size Date MD5 z3/__MACOSX/._favicon.ico 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
7. File appears in 4 kits and under 32 different file names
8. z3/__MACOSX/._geoplugin.class.php 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
9. File appears in 4 kits and under 32 different file names
10. z3/__MACOSX/._Google_docs_files 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
11. File appears in 4 kits and under 32 different file names
12. z3/__MACOSX/._index.php 171 2017-06-29 19:12:18 48b58d24292798958bef9b864a10580b
13. File appears in 122 kits and under 35 different file names
14. z3/__MACOSX/._SpryAssets 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
15. File appears in 4 kits and under 32 different file names
16. z3/__MACOSX/._verification.php 171 2017-06-29 19:12:18 48b58d24292798958bef9b864a10580b
17. File appears in 122 kits and under 35 different file names
18. z3/__MACOSX/Google_docs_files/._.DS_Store 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
19. File appears in 4 kits and under 32 different file names
20. z3/__MACOSX/Google_docs_files/.__notes 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
21. File appears in 4 kits and under 32 different file names
22. z3/__MACOSX/Google_docs_files/._aol.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
23. File appears in 4 kits and under 32 different file names
24. z3/__MACOSX/Google_docs_files/._avatar_2x.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
25. File appears in 4 kits and under 32 different file names
26. z3/__MACOSX/Google_docs_files/._checkmark.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
27. File appears in 4 kits and under 32 different file names
28. z3/__MACOSX/Google_docs_files/._cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
29. File appears in 4 kits and under 32 different file names
30. z3/__MACOSX/Google_docs_files/._docs-icon.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
31. File appears in 4 kits and under 32 different file names
32. z3/__MACOSX/Google_docs_files/._DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
33. File appears in 4 kits and under 32 different file names
34. z3/__MACOSX/Google_docs_files/._email.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
35. File appears in 4 kits and under 32 different file names
36. z3/__MACOSX/Google_docs_files/._favicon.ico 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
37. File appears in 4 kits and under 32 different file names
38. z3/__MACOSX/Google_docs_files/._Google Docs.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
39. File appears in 4 kits and under 32 different file names
40. z3/__MACOSX/Google_docs_files/._google.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
41. File appears in 4 kits and under 32 different file names
42. z3/__MACOSX/Google_docs_files/._googledocs.jpg 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
43. File appears in 4 kits and under 32 different file names
44. z3/__MACOSX/Google_docs_files/._jquery.ddslick.min.js 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
45. File appears in 4 kits and under 32 different file names
46. z3/__MACOSX/Google_docs_files/._jquery.min.js 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
47. File appears in 4 kits and under 32 different file names
48. z3/__MACOSX/Google_docs_files/._live_hotmail.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
49. File appears in 4 kits and under 32 different file names
50. z3/__MACOSX/Google_docs_files/._logo_2x.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
51. File appears in 4 kits and under 32 different file names
52. z3/__MACOSX/Google_docs_files/._logo_strip.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
53. File appears in 4 kits and under 32 different file names
54. z3/__MACOSX/Google_docs_files/._logo_strip_2x.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
55. File appears in 4 kits and under 32 different file names
56. z3/__MACOSX/Google_docs_files/._mail_gmail.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
57. File appears in 4 kits and under 32 different file names
58. z3/__MACOSX/Google_docs_files/._Thumbs.db 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
59. File appears in 4 kits and under 32 different file names
60. z3/__MACOSX/Google_docs_files/._universal_language_settings-21.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
61. File appears in 4 kits and under 32 different file names
62. z3/__MACOSX/Google_docs_files/._x_8px.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
63. File appears in 4 kits and under 32 different file names
64. z3/__MACOSX/Google_docs_files/._yahoo.png 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
65. File appears in 4 kits and under 32 different file names
66. z3/__MACOSX/Google_docs_files/_notes/._dwsync.xml 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
67. File appears in 4 kits and under 32 different file names
68. z3/__MACOSX/SpryAssets/._.DS_Store 222 2017-06-29 19:12:18 7f1c3925dd941299dacfbc60a13c2e18
69. File appears in 3 kits
70. z3/__MACOSX/SpryAssets/._SpryValidationPassword.css 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
71. File appears in 4 kits and under 32 different file names
72. z3/__MACOSX/SpryAssets/._SpryValidationPassword.js 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
73. File appears in 4 kits and under 32 different file names
74. z3/__MACOSX/SpryAssets/._SpryValidationTextField.css 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
75. File appears in 4 kits and under 32 different file names
76. z3/__MACOSX/SpryAssets/._SpryValidationTextField.js 222 2017-06-29 19:12:18 4d386f6638efd689c0557871b657d7f8
77. File appears in 4 kits and under 32 different file names
78. z3/error_log 16713 2017-06-29 19:12:18 5a2c42fea778723a6c92b03424fb6e83
79. z3/favicon.ico 1197 2017-06-29 19:12:18 46f7a1d52b8a46d23ee9c64b24adb4f0
80. File appears in 1156 kits and under 5 different file names
81. z3/geoplugin.class.php 4647 2017-06-29 19:12:18 c8ea1e960b48a620c00bc65d525a721c
82. File appears in 1307 kits and under 3 different file names
83. z3/Google_docs_files/.DS_Store 8196 2017-06-29 19:12:18 55d73227250dd925f4919f590b45c916
84. File appears in 10 kits
85. z3/Google_docs_files/_notes/dwsync.xml 2133 2017-06-29 19:12:18 368e28b664e21e90732382469113dde0
86. File appears in 910 kits and under 2 different file names
87. z3/Google_docs_files/aol.png 1183 2017-06-29 19:12:18 1db15cc5ad50540b10cde2d733efd2a4
88. File appears in 1269 kits and under 3 different file names
89. z3/Google_docs_files/avatar_2x.png 2195 2017-06-29 19:12:18 17540f255f86c00bde81020fcc165989
90. File appears in 958 kits and under 2 different file names
91. z3/Google_docs_files/checkmark.png 239 2017-06-29 19:12:18 8b596881d19d5906d926839a9c23e80c
92. File appears in 1342 kits and under 2 different file names
93. z3/Google_docs_files/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff 21956 2017-06-29 19:12:18 3eb14f3838ada50e10f062a895c3b9cf
94. File appears in 1203 kits and under 2 different file names
95. z3/Google_docs_files/docs-icon.png 52997 2017-06-29 19:12:18 83ad8d0b5df7150110564b46fc0b3911
96. File appears in 1167 kits and under 2 different file names
97. z3/Google_docs_files/DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff 22656 2017-06-29 19:12:18 7c5d9f078bea8c1fc0b21a764b832138
98. File appears in 1203 kits and under 2 different file names
99. z3/Google_docs_files/email.png 2921 2017-06-29 19:12:18 f093ed003976ef8aa9d299051c06f26b
100. File appears in 1274 kits and under 2 different file names
101. z3/Google_docs_files/favicon.ico 1197 2017-06-29 19:12:18 46f7a1d52b8a46d23ee9c64b24adb4f0
102. File appears in 1156 kits and under 5 different file names
103. z3/Google_docs_files/Google Docs.png 232013 2017-06-29 19:12:18 4ab62a33783d09ef8b8c17a13ec6b0ef
104. File appears in 931 kits and under 2 different file names
105. z3/Google_docs_files/google.png 9005 2017-06-29 19:12:18 b136662d529f0d1dd780056d7a6ff186
106. File appears in 1297 kits and under 5 different file names
107. z3/Google_docs_files/googledocs.jpg 14918 2017-06-29 19:12:18 8ff2f663acec81a399f6eaa002d1eb53
108. File appears in 923 kits
109. z3/Google_docs_files/jquery.ddslick.min.js 7156 2017-06-29 19:12:18 f0dc534351e239e07d258adcde7a63cd
110. File appears in 1196 kits and under 2 different file names
111. z3/Google_docs_files/jquery.min.js 94843 2017-06-29 19:12:18 a13f7f208ba534681deadb1ec7a2e54a
112. File appears in 1136 kits and under 2 different file names
113. z3/Google_docs_files/live_hotmail.png 517 2017-06-29 19:12:18 8dccdb0f930ec8ff6c62dd13474fa9f4
114. File appears in 1268 kits and under 3 different file names
115. z3/Google_docs_files/logo_2x.png 9005 2017-06-29 19:12:18 b136662d529f0d1dd780056d7a6ff186
116. File appears in 1297 kits and under 5 different file names
117. z3/Google_docs_files/logo_strip.png 26647 2017-06-29 19:12:18 a6dd956e0a1b11991ac93335bbf4b4cc
118. File appears in 1121 kits and under 2 different file names
119. z3/Google_docs_files/logo_strip_2x.png 11156 2017-06-29 19:12:18 384a868cf5a995d033c4ac6e30c60355
120. File appears in 1292 kits and under 5 different file names
121. z3/Google_docs_files/mail_gmail.png 1528 2017-06-29 19:12:18 5d2f329d5813e9ad215d0117610a58c5
122. File appears in 1268 kits and under 3 different file names
123. z3/Google_docs_files/Thumbs.db 80896 2017-06-29 19:12:18 33c9311b8a554cff717e041a8e42c6e3
124. File appears in 711 kits
125. z3/Google_docs_files/universal_language_settings-21.png 199 2017-06-29 19:12:18 4a2d1168a691747daf4d22e0dc483958
126. File appears in 1441 kits and under 2 different file names
127. z3/Google_docs_files/x_8px.png 154 2017-06-29 19:12:18 4e3d78afc1958e6e12226cbf27f236bd
128. File appears in 1172 kits and under 2 different file names
129. z3/Google_docs_files/yahoo.png 2830 2017-06-29 19:12:18 fda2a0cac8b16568eed32edbc85b5db8
130. File appears in 1269 kits and under 3 different file names
131. z3/index.php 36290 2018-05-13 17:56:38 6b61e77cd9c95d1ed65db92b3c83031f
132. z3/SpryAssets/.DS_Store 6148 2017-06-29 19:12:18 20c5bb4e586f40c563899708ac844b77
133. File appears in 16 kits
134. z3/SpryAssets/SpryValidationPassword.css 2426 2017-06-29 19:12:18 97faad16686bef5246d0953311bffdc8
135. File appears in 1146 kits
136. z3/SpryAssets/SpryValidationPassword.js 20828 2017-06-29 19:12:18 d6be38fb42c2e9618c9d5f2664078c19
137. File appears in 1139 kits
138. z3/SpryAssets/SpryValidationTextField.css 3122 2017-06-29 19:12:18 997fda9f352033c20b5fbb8fc361537c
139. File appears in 1151 kits
140. z3/SpryAssets/SpryValidationTextField.js 77624 2017-06-29 19:12:18 7947cb5a92373e747f786adfe1d49356
141. File appears in 1136 kits
142. z3/verification.php 51500 2018-05-13 17:57:06 27c2aec8e474123d71814c2e72eeda71
143.  
144. 2 Email addresses found:
145. gp_support@geoplugin.com (appears in 1251 kits)
146. eyiacce@gmail.com
147.  
148.  
149.  
150. https://texasmalwareblog.blogspot.com @phish_total