GOOGLE phish running on reportpronline[.]com

1. Found: 2018-03-05 09:15:52.600000
2. URL: https://reportpronline.com/rbsgroup.com.au/bgl.zip
3. File: reportpronline.com-rbsgroup.com.au-bgl.zip
4. Domain: reportpronline.com
5. Target: GOOGLE
6. Name Size Date MD5 bgl/.DS_Store 6148 2018-01-29 12:51:48 f84a475fa6444d3df94278a615a134c6
7.  
8. __MACOSX/bgl/._.DS_Store 120 2018-01-29 12:51:48 f0d9d90674bab5908378533975df5a01
9. File appears in 149 kits
10. bgl/index.php 520 2017-12-13 14:44:32 e894615a2310531376ca26d3fbac2305
11.  
12. bgl/open/css/office-365log.png 15243 2017-12-09 19:09:50 f39f5d113c2df57d518c736b0b49db1c
13.  
14. bgl/open/css/office.css 4472 2017-12-09 19:14:22 79c3e7fe4fc5bc1d8954e7ac08895c59
15.  
16. bgl/open/css/styles.css 2382 2016-03-28 11:40:20 64552bcab72bae0ca83d4ea83d23bc8e
17. File appears in 4 kits
18. bgl/open/css/styles2.css 1917 2017-02-22 05:19:02 ca463a75be4a44c262a2656ff3613929
19.  
20. bgl/open/css/Thumbs.db 9728 2018-01-24 17:12:40 5f4574bdccc50a9a7d9b08331c313dc5
21.  
22. bgl/open/g-login.html 33824 2017-12-13 16:36:00 0d1d298d0cd6b2e554ade94d10fd2197
23.  
24. bgl/open/geoplugin.class.php 4647 2016-10-17 09:08:02 c8ea1e960b48a620c00bc65d525a721c
25. File appears in 1235 kits and under 3 different file names
26. bgl/open/images/apps.png 2054 2016-03-27 00:57:36 1f1a3d1bd8dfddb532386554b945dee2
27. File appears in 4 kits
28. bgl/open/images/dropbox-logo.png 13225 2017-02-22 04:44:14 1f3d4c4e01e904ba50cd5b774bb86e6a
29.  
30. bgl/open/images/footer.png 1943 2016-03-27 00:57:36 580a36921e0e6ad5590b133889c2ccf8
31. File appears in 4 kits
32. bgl/open/images/gemail.png 1482 2016-03-28 10:48:44 abba1249cc32887a717763d74b4c32b9
33. File appears in 6 kits
34. bgl/open/images/gfavicon.ico 169734 2017-02-22 04:45:42 bc26aeca36d8ff006d684eb638d4966a
35.  
36. bgl/open/images/gphone.png 1429 2016-03-28 07:50:58 4ce57fccfd12ee00d4d69a395222cd34
37. File appears in 6 kits
38. bgl/open/images/HKyucyG.png 73469 2017-02-22 04:40:30 86b04a67abf63dd6afe650c0096206ac
39.  
40. bgl/open/images/large.png 3372 2016-03-27 00:57:36 94fed7b80b02bcfbebbb19a7ed6902ff
41. File appears in 4 kits
42. bgl/open/images/login_form.png 4655 2016-03-27 01:39:42 98fe3c97d1f15ed9baac6dfd92973e2e
43. File appears in 4 kits
44. bgl/open/images/logo.png 2038 2016-03-27 00:57:36 3c06bcc1361d1ee407d242904ec4b511
45. File appears in 6 kits
46. bgl/open/images/medium.png 2314 2016-03-27 00:57:36 04a05eb0e10a9c8ed6285db06b2a5bbc
47. File appears in 4 kits
48. bgl/open/images/small.png 2151 2016-03-27 00:57:36 6c8b0fa5f4d7e0d177efc53c607522d7
49. File appears in 4 kits
50. bgl/open/images/spacer.gif 43 2016-03-27 00:57:36 df3e567d6f16d040326c7a0ea29a4f41
51. File appears in 91 kits and under 13 different file names
52. bgl/open/images/Thumbs.db 62464 2018-01-24 17:18:02 152e683b0e6a7526a5c428d4c5fc00eb
53.  
54. bgl/open/index.html 22748 2017-12-13 00:07:14 7f644f2f75a4f3eb2b1f9285b1bb4aeb
55.  
56. bgl/open/index3.php 16007 2018-01-24 17:16:42 a31226ea071c79a9955dd7c6f771a25a
57.  
58. bgl/open/info3.php 2304 2018-01-29 12:52:48 15676c4cee89869d4e49ee3fb6ff419f
59.  
60. bgl/open/login-index.php 2158 2018-01-29 12:53:14 2c89951715d669f391116b3046f6b141
61.  
62. bgl/open/login.php 530 2018-01-29 12:53:34 41100c89af20614e93d016582c4a1edf
63.  
64. bgl/open/o-login.html 24017 2018-01-24 17:37:26 5e2ebc8e0e3d9682b76673f427456629
65.  
66.  
67. 3 Email addresses found:
68. gp_support@geoplugin.com (appears in 1163 kits)
69. emrickauba@gmail.com
70. 'emrickauba@gmail.com
71.  
72.  
73.  
74. https://texasmalwareblog.blogspot.com @phish_total