WELLS FARGO phish running on 000webhostapp[.]com

1. Found: 2018-03-07 10:21:09.738000
2. URL: https://referential-bulkhea.000webhostapp.com/en_Wells%20_new.zip
3. File: referential-bulkhea.000webhostapp.com-foo-en_Wells%20_new.zip
4. Domain: 000webhostapp.com
5. Target: WELLS FARGO
6. Name Size Date MD5 en_Wells _new/en/.htaccess 1533 2015-04-20 20:52:16 758e36fa8a0601bf7e3412e6f412a8bd
7. File appears in 145 kits and under 2 different file names
8. en_Wells _new/en/MEEE/long/online-account/security/auth/.htaccess 1578 2018-02-06 18:16:04 6802f18ec58e3c56d1f20bbd006a4002
9. en_Wells _new/en/MEEE/long/online-account/security/auth/1/a1.php 278 2018-02-12 08:35:16 ca1229959b9cc8ef1072f07816889620
10. en_Wells _new/en/MEEE/long/online-account/security/auth/1/contact.html 7329 2018-02-12 10:49:56 916cc5625d747d3ae9c51ddf6bbd2007
11. en_Wells _new/en/MEEE/long/online-account/security/auth/1/crypt.php 17274 2015-04-20 20:52:16 6a06130a67e8c4eb808b1217bd8aae7d
12. File appears in 11 kits
13. en_Wells _new/en/MEEE/long/online-account/security/auth/1/Email.php 50 2018-02-24 16:09:50 0b3cd48b06716cc330780578e79f4363
14. en_Wells _new/en/MEEE/long/online-account/security/auth/1/hostname_check.php 521 2014-08-27 19:30:12 020f2c620eefe7e9bbd70664ebadeced
15. File appears in 67 kits and under 2 different file names
16. en_Wells _new/en/MEEE/long/online-account/security/auth/1/index.html 426149 2018-02-12 08:44:34 fbab02a9dd75f65ada8ad8fd8c059f04
17. en_Wells _new/en/MEEE/long/online-account/security/auth/1/l2.php 758 2018-02-12 08:40:34 0ba9d0aaa93a6124f8cda1c855bc05a0
18. en_Wells _new/en/MEEE/long/online-account/security/auth/1/Thanks.html 4491 2018-02-12 07:26:38 f92ad0a87ddb94a8a3779d034c5814e0
19. en_Wells _new/en/MEEE/long/online-account/security/auth/index.php 312 2018-02-12 08:45:46 3f088a382f447304822db22b9dcc1b9b
20.  
21. 2 Email addresses found:
22. don.admiral007@gmal.com
23. source@bourder.land
24.  
25.  
26.  
27. https://texasmalwareblog.blogspot.com @phish_total