GOOGLE phish running on jeseuses[.]com

1. Found: 2018-04-02 10:16:20.248000
2. URL: http://jeseuses.com/19191.zip
3. File: jeseuses.com-foo-19191.zip
4. Domain: jeseuses.com
5. Target: GOOGLE
6. Name Size Date MD5 19191/19191/blocker.php 2644 2014-12-03 02:17:00 5aa3f3f406ced12d0bc7742e77b01781
7. File appears in 248 kits and under 4 different file names
8. 19191/19191/home/.htaccess 46829 2017-02-18 06:06:26 d7081eb49f862d2fdaca9acb8a1793e8
9. File appears in 5 kits
10. 19191/19191/home/auth.php 406 2017-02-09 06:43:08 f50b6f999a270444c0951dbb1d6a2dde
11. File appears in 25 kits
12. 19191/19191/home/dbx/_notes/dwsync.xml 2133 2014-04-23 23:32:08 368e28b664e21e90732382469113dde0
13. File appears in 902 kits and under 2 different file names
14. 19191/19191/home/dbx/aol.png 1183 2014-04-23 05:02:00 1db15cc5ad50540b10cde2d733efd2a4
15. File appears in 1251 kits and under 3 different file names
16. 19191/19191/home/dbx/avatar_2x.png 2195 2014-04-23 05:03:00 17540f255f86c00bde81020fcc165989
17. File appears in 949 kits and under 2 different file names
18. 19191/19191/home/dbx/checkmark.png 239 2014-04-25 21:01:50 8b596881d19d5906d926839a9c23e80c
19. File appears in 1326 kits and under 2 different file names
20. 19191/19191/home/dbx/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff 21956 2014-04-23 05:03:00 3eb14f3838ada50e10f062a895c3b9cf
21. File appears in 1185 kits and under 2 different file names
22. 19191/19191/home/dbx/docs-icon.png 52997 2014-04-23 05:02:00 83ad8d0b5df7150110564b46fc0b3911
23. File appears in 1151 kits and under 2 different file names
24. 19191/19191/home/dbx/DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff 22656 2014-04-23 05:03:00 7c5d9f078bea8c1fc0b21a764b832138
25. File appears in 1185 kits and under 2 different file names
26. 19191/19191/home/dbx/email.png 2921 2014-04-23 05:02:00 f093ed003976ef8aa9d299051c06f26b
27. File appears in 1256 kits and under 2 different file names
28. 19191/19191/home/dbx/favicon-vflk5FiAC.ico 6518 2017-02-09 06:24:30 9391620020d44c78b0dc51abbcd151a0
29. File appears in 718 kits and under 5 different file names
30. 19191/19191/home/dbx/footer-img.jpg 7601 2017-02-09 06:12:20 69d762cc27ffc5a6a0c6527ae6a36f96
31. File appears in 41 kits
32. 19191/19191/home/dbx/Google Docs.png 232013 2014-04-23 05:02:00 4ab62a33783d09ef8b8c17a13ec6b0ef
33. File appears in 923 kits and under 2 different file names
34. 19191/19191/home/dbx/google.png 9005 2014-08-17 15:26:12 b136662d529f0d1dd780056d7a6ff186
35. File appears in 1277 kits and under 5 different file names
36. 19191/19191/home/dbx/googledocs.jpg 14918 2014-04-23 05:03:00 8ff2f663acec81a399f6eaa002d1eb53
37. File appears in 915 kits
38. 19191/19191/home/dbx/jquery.ddslick.min.js 7156 2014-04-23 05:03:00 f0dc534351e239e07d258adcde7a63cd
39. File appears in 1179 kits and under 2 different file names
40. 19191/19191/home/dbx/jquery.min.js 94843 2014-04-23 05:03:00 a13f7f208ba534681deadb1ec7a2e54a
41. File appears in 1122 kits and under 2 different file names
42. 19191/19191/home/dbx/live_hotmail.png 517 2014-04-23 05:02:00 8dccdb0f930ec8ff6c62dd13474fa9f4
43. File appears in 1250 kits and under 3 different file names
44. 19191/19191/home/dbx/logo_strip.png 21712 2017-02-09 04:46:14 eabe4073712f89e9110d90bd6b3db2c5
45. File appears in 41 kits
46. 19191/19191/home/dbx/mail_gmail.png 1528 2014-04-23 05:02:00 5d2f329d5813e9ad215d0117610a58c5
47. File appears in 1250 kits and under 3 different file names
48. 19191/19191/home/dbx/o365.png 922 2017-02-09 04:51:44 3146a88bf61e046ba106196d8945c04b
49. File appears in 81 kits
50. 19191/19191/home/dbx/universal_language_settings-21.png 199 2014-04-23 05:03:00 4a2d1168a691747daf4d22e0dc483958
51. File appears in 1421 kits and under 2 different file names
52. 19191/19191/home/dbx/x_8px.png 154 2014-04-25 21:12:30 4e3d78afc1958e6e12226cbf27f236bd
53. File appears in 1156 kits and under 2 different file names
54. 19191/19191/home/dbx/yahoo.png 2830 2014-04-23 05:02:00 fda2a0cac8b16568eed32edbc85b5db8
55. File appears in 1251 kits and under 3 different file names
56. 19191/19191/home/dispatch.php 4381 2017-02-09 06:43:48 c3f3568c1ff103c5fc072f1ae08cd1b7
57. File appears in 25 kits
58. 19191/19191/home/error.php 28856 2017-02-09 06:37:26 ad0447070811ab0e73ee23d34a218bd5
59. File appears in 24 kits
60. 19191/19191/home/geoplugin.class.php 4647 2014-04-25 16:14:28 c8ea1e960b48a620c00bc65d525a721c
61. File appears in 1264 kits and under 3 different file names
62. 19191/19191/home/index.php 26906 2017-02-09 06:44:40 213722dd498c28e43383d9e2831b77af
63. File appears in 24 kits
64. 19191/19191/home/mail.php 42 2018-04-02 03:54:16 82031ad0cd3a761f51189db3dbff2726
65. File appears in 2 kits
66. 19191/19191/home/SpryAssets/SpryValidationPassword.css 2426 2014-07-15 17:06:16 97faad16686bef5246d0953311bffdc8
67. File appears in 1131 kits
68. 19191/19191/home/SpryAssets/SpryValidationPassword.js 20828 2014-07-15 17:06:16 d6be38fb42c2e9618c9d5f2664078c19
69. File appears in 1124 kits
70. 19191/19191/home/SpryAssets/SpryValidationTextField.css 3122 2014-07-15 17:04:04 997fda9f352033c20b5fbb8fc361537c
71. File appears in 1136 kits
72. 19191/19191/home/verification.php 52879 2017-02-09 06:39:04 9bcb33fe7d332db4fb974f9f65018bdc
73. File appears in 25 kits
74. 19191/19191/Imp.php 544 2015-07-30 02:07:24 0d34eb886bc33fe42012ecbbb3fea567
75. File appears in 8 kits
76. 19191/19191/index.php 619 2015-03-24 16:44:44 dc1b67a93b1aed2fdc965128a0185acf
77. File appears in 81 kits
78.  
79. 3 Email addresses found:
80. 'doc@special.com (appears in 7 kits)
81. gp_support@geoplugin.com (appears in 1195 kits)
82. pagedoc2017@gmail.com (appears in 2 kits)
83.  
84.  
85.  
86. https://texasmalwareblog.blogspot.com @phish_total