MICROSOFT phish running on tarjetasplaystation[.]com

1. Found: 2018-01-11 17:54:30
2. URL: http://tarjetasplaystation.com/JB/closin.%20(3).zip
3. File: closin.%20(3)-tarjetasplaystation.com.zip
4. Domain: tarjetasplaystation.com
5. Target: MICROSOFT
6. Name Size Date MD5 closin/office.php 14990 2016-06-14 01:02:36 f5104e86389fe182d1ba45b83ee6b640
7. File appears in 92 kits
8. closin/error_log 682 2017-08-28 20:31:18 fa22bef92c34e7b2271c3139d0e6df19
9. closin/index.php 29452 2016-08-21 10:49:52 842f61354b3f82c1ea33ec35abaac9a7
10. File appears in 20 kits
11. closin/othr.php 14572 2016-06-14 01:17:12 31adc77a7c29de329d115b3e66a2eabb
12. File appears in 92 kits
13. closin/.DS_Store 6148 2016-06-12 11:13:38 1ef9bb2121b50772da4fcc182b9bbb43
14. File appears in 85 kits
15. closin/Office 365_files/GeminiHomeV2.css 1580 2016-06-12 19:09:38 0182aba6de07288092766e3dfdb937ed
16. File appears in 100 kits
17. closin/Office 365_files/Thumbs.db 2560 2016-06-12 14:24:54 75add51ffa6873ffd23b43e02bab8428
18. File appears in 91 kits
19. closin/Office 365_files/MasterStyles15.css 91849 2016-06-14 00:18:22 c58b1f34b1da58db8d7ac884cc43c49b
20. File appears in 123 kits
21. closin/Office 365_files/conciergehelper.css 5200 2016-06-12 11:13:38 54599d7c2ac4c08c1b52a1bf953b2080
22. File appears in 140 kits
23. closin/Office 365_files/EmbeddedFonts.css 3698 2016-06-12 11:13:38 a255b5893caa2f0134dad55e78c92a38
24. File appears in 134 kits
25. closin/Office 365_files/data.css 13962 2016-06-12 11:13:38 3834c91ca01e90c889eb0e78f4b745cf
26. File appears in 134 kits
27. closin/Office 365_files/shellg2coremincss_ba45585d.css 31917 2016-06-12 11:13:38 a134e23722c4ebf0df81f0056107ac3d
28. File appears in 129 kits
29. closin/Office 365_files/UpsellControl.js 514 2016-06-12 11:13:38 50c3a248519ff92698733c2de56e13bb
30. File appears in 100 kits
31. closin/Office 365_files/DialogManagerInit.js 1442 2016-06-12 11:13:38 0a80e43b6529e8998ecf0fcb4c8750cc
32. File appears in 100 kits
33. closin/Office 365_files/AppTile.css 1380 2016-06-12 23:38:00 9b700990a3e3d707078daaa2ce3a67de
34. File appears in 129 kits
35. closin/Office 365_files/css/Thumbs.db 12288 2016-06-14 00:55:50 b64e48eb6e4105e4278f71f1edfab91b
36. File appears in 85 kits
37. closin/Office 365_files/css/oth.png 16162 2016-06-14 00:19:06 e7e0afa65309105e24355344ac1b91c6
38. File appears in 100 kits
39. closin/Office 365_files/css/aol.png 1452 2016-06-14 00:13:10 17ef4c1e36253395f769541243a027a7
40. File appears in 94 kits
41. closin/Office 365_files/css/home_bkgd_1.png 22035 2016-06-12 11:03:48 ef4ac468dabdd214d220eec6be716215
42. File appears in 135 kits
43. closin/Office 365_files/css/banner.png 4079 2016-06-14 00:04:50 854b0d32cf66f555e750bc7e2c5c99e7
44. File appears in 100 kits
45. closin/Office 365_files/GetPersonaPhoto.gif 42 2016-06-12 11:13:38 32023bb33cfb2a1990a4ef2d85b6ac16
46. File appears in 97 kits and under 2 different file names
47. closin/Office 365_files/AppTile.js 553 2016-06-12 11:13:38 37d5da66933b6f51203f1700efdc9288
48. File appears in 100 kits
49. closin/Office 365_files/GeminiHome.js 3670 2016-06-12 11:13:38 e1b1411b5ec5935bd6553d1641dc2306
50. File appears in 100 kits
51. closin/offphp.php 1247 2017-09-07 02:36:42 655bce1eba57a5b8abaca21ae9e4ba51
52. closin/verification.php 51513 2017-08-27 11:34:52 14d68af7dfeb735e17f814274315b917
53. closin/geoplugin.class.php 4647 2014-04-25 17:44:28 c8ea1e960b48a620c00bc65d525a721c
54. File appears in 1086 kits and under 3 different file names
55. closin/css/Thumbs.db 87040 2016-10-04 06:59:04 235d5f8f56330f9734f1d84004a0781a
56. File appears in 16 kits
57. closin/css/style2.css 7812 2016-06-12 09:17:14 81d1717dd8379e22c8ab66f8f83dc181
58. File appears in 139 kits and under 2 different file names
59. closin/css/DocuSign_logo_new.png 3567 2016-03-21 23:50:52 fc097fc12f8e9a78e6e887571fe13e8d
60. File appears in 145 kits
61. closin/css/heroillustration.png 203294 2016-06-12 07:44:56 65283b123eb235e6176ae98c02ac5b1c
62. File appears in 146 kits and under 4 different file names
63. closin/css/apple-touch-icon-72x72.png 1391 2016-06-12 21:51:40 98c8c7ebd75fd18ccc345de4a11031b0
64. File appears in 134 kits
65. closin/css/style.css 7812 2016-06-12 08:41:26 3879ba44a8776a1989ed026262b5e6a8
66. File appears in 135 kits
67. closin/css/logo.jpg 147647 2016-01-28 06:04:20 5215f29265838aa1d482a0dacf0d2061
68. File appears in 185 kits
69. closin/css/home_bkgd_1.png 22035 2016-06-12 11:03:48 ef4ac468dabdd214d220eec6be716215
70. File appears in 135 kits
71. closin/css/icc.ico 285 2016-06-14 01:15:06 3e47d71cae18960fcd9772c836da50fd
72. File appears in 118 kits and under 4 different file names
73. closin/css/bannerlogo.png 4585 2016-03-21 23:20:26 9f09a27d4f69b3557c7433574a29d726
74. File appears in 74 kits and under 4 different file names
75. closin/css/favicon_a.ico 17174 2016-06-12 09:33:50 12e3dac858061d088023b2bd48e2fa96
76. File appears in 240 kits and under 8 different file names
77. closin/alphp.php 1245 2017-09-07 02:36:00 8be7e24020cdb4c80fe9259a661ddc0d
78. closin/al.php 20339 2016-01-28 07:37:54 9a319182d5b576d1dd64a2751b7717e4
79. File appears in 134 kits
80. closin/error.php 1909 2016-08-22 15:43:42 345fa2b4c557753e0f201e804326f328
81. File appears in 29 kits
82. closin/oph.php 1255 2017-09-07 02:37:24 16414944ee5e68d58a59dfadbc1e66a1
83. closin/icc.ico 285 2016-06-14 01:15:06 3e47d71cae18960fcd9772c836da50fd
84. File appears in 118 kits and under 4 different file names
85.  
86. 3 Email addresses found:
87. walmarttinc@gmail.com
88. gp_support@geoplugin.com (appears in 1063 kits)
89. email@domain.com (appears in 92 kits)
90.  
91.  
92.  
93. https://texasmalwareblog.blogspot.com @phish_total