PAYPAL phish running on sunbridge[.]co[.]ug

1. Found: 2018-07-19 12:15:47.697000
2. URL: http://sunbridge.co.ug/cgi_bin-R.zip
3. File: sunbridge.co.ug-foo-cgi_bin-R.zip
4. Domain: sunbridge.co.ug
5. Target: PAYPAL
6. Name Size Date MD5 cgi_bin-R/Share/share/.htaccess 6301 2014-10-17 08:50:08 577e5021372dd3033eb9e9565b885c02
7. File appears in 32 kits
8. cgi_bin-R/Share/share/css/share-point.css 15526 2017-12-31 20:22:34 63df83784cadd3a339b776520600c21a
9.  
10. cgi_bin-R/Share/share/files/assets.svg 379 2017-08-29 04:59:56 2d8f86059be176833897099ee6ddedeb
11. File appears in 32 kits and under 3 different file names
12. cgi_bin-R/Share/share/files/Converged1033.css 86974 2017-08-29 04:33:54 aba30cffbe77415758467a5d70f5e74d
13. File appears in 3 kits
14. cgi_bin-R/Share/share/files/ConvergedLogin_PCore.js 265617 2017-08-29 05:04:06 4c4d2072ae2df64d869899f807fcd22e
15. File appears in 3 kits
16. cgi_bin-R/Share/share/files/ConvergedLoginPaginatedStrings.js 13811 2017-08-29 04:33:54 dd0913b48954541ff0822dab23031b6f
17. File appears in 3 kits
18. cgi_bin-R/Share/share/files/microsoft_logo.svg 3651 2017-08-29 04:33:54 ee5c8d9fb6248c938fd0dc19370e90bd
19. File appears in 33 kits and under 2 different file names
20. cgi_bin-R/Share/share/files/picker_account_msa.svg 379 2017-08-29 04:33:54 2d8f86059be176833897099ee6ddedeb
21. File appears in 32 kits and under 3 different file names
22. cgi_bin-R/Share/share/img/eu_logo_strip.png 20374 2018-01-03 14:19:52 8afd0c9526338e11fc08d9cae0746410
23.  
24. cgi_bin-R/Share/share/img/logo.png 3331 2017-12-31 13:39:06 ef884bdedef280df97a4c5604058d8db
25.  
26. cgi_bin-R/Share/share/img/logo_strip.png 14594 2018-03-09 12:58:08 6d8ab5cd4aada9f6584c89c7ae2a4b68
27.  
28. cgi_bin-R/Share/share/img/logo_strip0.png 17696 2018-04-05 04:56:20 399f448e22522ff925a5bbdb3849c2b5
29.  
30. cgi_bin-R/Share/share/img/logo_strip1.png 19197 2018-04-05 04:53:14 98d7dc6e538677460121270e15b41120
31.  
32. cgi_bin-R/Share/share/img/logo_strip2.png 25617 2017-11-30 07:18:34 9c3e733e91053de20ca7af3404cfe2d1
33.  
34. cgi_bin-R/Share/share/img/pdf.png 6830 2017-12-31 14:33:24 f1e3f187f7c23fa8d1555004f3800356
35.  
36. cgi_bin-R/Share/share/img/SharePoint.png 11567 2018-03-09 10:45:48 e9e49adbb30f52dd54f25ae4bc565154
37.  
38. cgi_bin-R/Share/share/img/sp.png 11435 2018-03-09 11:03:44 1606647f8e4ab2759ce9ba67ae511751
39.  
40. cgi_bin-R/Share/share/img/uae_logo_strip.png 28386 2018-01-03 14:43:38 ed0ab77f4a4a4cabece5ba0dd69bff69
41.  
42. cgi_bin-R/Share/share/indax.php 57 2017-05-23 20:26:22 debfa6d9373ecbfe32271a5c529451e9
43.  
44. cgi_bin-R/Share/share/index.php 986 2018-03-09 10:23:44 b9c9bca4ee04a5e2ee8c953bab517620
45.  
46. cgi_bin-R/Share/share/login2.php 4398 2018-01-25 23:30:34 b0be3a23fe79f3924271a2788d8505cb
47.  
48. cgi_bin-R/Share/share/php.ini 167 2018-06-05 05:38:48 f3bee4318c3649253edd5ae0d037ddbb
49. cgi_bin-R/Share/share/q1y7lddxendi07jbj0mksvf4.php 4323 2018-04-24 11:33:46 1633d289874d6bb94f507b0fab11f1dd
50.  
51. cgi_bin-R/Share/share/script/php.ini 167 2018-06-05 05:38:48 f3bee4318c3649253edd5ae0d037ddbb
52. cgi_bin-R/Share/share/script/throwit.php 2035 2018-06-11 09:16:04 19f6f305e8e8979347bd20f7de16372a
53. cgi_bin-R/Share/share/verification.php 10205 2018-03-07 22:55:14 c325dd167bbcdfab01b55c902d395568
54.  
55. cgi_bin-R/Share/share/verificationAttempt.php 19380 2018-03-09 10:12:00 83f5b5a3b17123d01839bddb4d1b1d25
56.  
57.  
58. 2 Email addresses found:
59. alexcoop2014@gmail.com
60. user_maintanance912566@outlook.com
61.  
62.  
63.  
64. https://texasmalwareblog.blogspot.com @phish_total