GOOGLE phish running on 192[.]249[.]112[.]234

1. Found: 2018-01-07 19:15:20.795000
2. URL: http://192.249.112.234/~saguro5/Tmnd.zip
3. File: 192.249.112.234-~saguro5-Tmnd.zip
4. Domain: 192.249.112.234
5. Target: GOOGLE
6. Name Size Date MD5 Tmnd/Tmnd/geoplugin.class.php 4645 2018-01-04 22:12:24 b4674def67953bccf00daf51983b3248
7.  
8. Tmnd/Tmnd/Google_docs_files/_notes/dwsync.xml 2133 2018-01-04 22:12:26 368e28b664e21e90732382469113dde0
9. File appears in 822 kits and under 2 different file names
10. Tmnd/Tmnd/Google_docs_files/aol.png 1183 2018-01-04 22:12:26 1db15cc5ad50540b10cde2d733efd2a4
11. File appears in 1124 kits and under 3 different file names
12. Tmnd/Tmnd/Google_docs_files/avatar_2x.png 2195 2018-01-04 22:12:26 17540f255f86c00bde81020fcc165989
13. File appears in 865 kits and under 2 different file names
14. Tmnd/Tmnd/Google_docs_files/checkmark.png 239 2018-01-04 22:12:26 8b596881d19d5906d926839a9c23e80c
15. File appears in 1189 kits and under 2 different file names
16. Tmnd/Tmnd/Google_docs_files/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff 21956 2018-01-04 22:12:26 3eb14f3838ada50e10f062a895c3b9cf
17. File appears in 1062 kits and under 2 different file names
18. Tmnd/Tmnd/Google_docs_files/docs-icon.png 52997 2018-01-04 22:12:26 83ad8d0b5df7150110564b46fc0b3911
19. File appears in 1032 kits and under 2 different file names
20. Tmnd/Tmnd/Google_docs_files/DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff 22656 2018-01-04 22:12:26 7c5d9f078bea8c1fc0b21a764b832138
21. File appears in 1062 kits and under 2 different file names
22. Tmnd/Tmnd/Google_docs_files/email.png 2921 2018-01-04 22:12:26 f093ed003976ef8aa9d299051c06f26b
23. File appears in 1129 kits and under 2 different file names
24. Tmnd/Tmnd/Google_docs_files/Google Docs.png 232013 2018-01-04 22:12:26 4ab62a33783d09ef8b8c17a13ec6b0ef
25. File appears in 840 kits and under 2 different file names
26. Tmnd/Tmnd/Google_docs_files/google.png 9005 2018-01-04 22:12:26 b136662d529f0d1dd780056d7a6ff186
27. File appears in 1140 kits and under 5 different file names
28. Tmnd/Tmnd/Google_docs_files/googledocs.jpg 14918 2018-01-04 22:12:26 8ff2f663acec81a399f6eaa002d1eb53
29. File appears in 832 kits
30. Tmnd/Tmnd/Google_docs_files/live_hotmail.png 517 2018-01-04 22:12:26 8dccdb0f930ec8ff6c62dd13474fa9f4
31. File appears in 1123 kits and under 3 different file names
32. Tmnd/Tmnd/Google_docs_files/logo_2x.png 9005 2018-01-04 22:12:26 b136662d529f0d1dd780056d7a6ff186
33. File appears in 1140 kits and under 5 different file names
34. Tmnd/Tmnd/Google_docs_files/logo_strip.png 26647 2018-01-04 22:12:26 a6dd956e0a1b11991ac93335bbf4b4cc
35. File appears in 1004 kits and under 2 different file names
36. Tmnd/Tmnd/Google_docs_files/logo_strip_2x.png 11156 2018-01-04 22:12:26 384a868cf5a995d033c4ac6e30c60355
37. File appears in 1167 kits and under 5 different file names
38. Tmnd/Tmnd/Google_docs_files/mail_gmail.png 1528 2018-01-04 22:12:26 5d2f329d5813e9ad215d0117610a58c5
39. File appears in 1123 kits and under 3 different file names
40. Tmnd/Tmnd/Google_docs_files/Thumbs.db 53248 2018-01-04 22:12:26 6438e1c95adb13a77ea906a7ce3d5ccf
41. File appears in 2 kits
42. Tmnd/Tmnd/Google_docs_files/universal_language_settings-21.png 199 2018-01-04 22:12:26 4a2d1168a691747daf4d22e0dc483958
43. File appears in 1271 kits and under 2 different file names
44. Tmnd/Tmnd/Google_docs_files/x_8px.png 154 2018-01-04 22:12:26 4e3d78afc1958e6e12226cbf27f236bd
45. File appears in 1038 kits and under 2 different file names
46. Tmnd/Tmnd/Google_docs_files/yahoo.png 2830 2018-01-04 22:12:26 fda2a0cac8b16568eed32edbc85b5db8
47. File appears in 1124 kits and under 3 different file names
48. Tmnd/Tmnd/index.php 42272 2018-01-04 22:14:08 f3c5e481a35a6a832fb3c8d2f566b436
49. Tmnd/Tmnd/Read Me.txt 51 2018-01-04 22:14:40 00db63ece6ead0d1f4fa198ccf3052a5
50. Tmnd/Tmnd/SpryAssets/SpryValidationPassword.css 2426 2018-01-04 22:12:26 97faad16686bef5246d0953311bffdc8
51. File appears in 1011 kits
52. Tmnd/Tmnd/SpryAssets/SpryValidationTextField.css 3122 2018-01-04 22:12:26 997fda9f352033c20b5fbb8fc361537c
53. File appears in 1016 kits
54. Tmnd/Tmnd/verification.php 52915 2018-01-04 22:13:18 f45b30696e11321d157476be422a81ae
55.  
56. 2 Email addresses found:
57. gp_supprt@geoplugin.com
58. limasitra@gmail.com
59.  
60.  
61.  
62. https://texasmalwareblog.blogspot.com @phish_total