GOOGLE phish running on zechbur[.]com

1. Found: 2018-01-05 04:15:08.993000
2. URL: http://zechbur.com/administrator/gdoc-secure.zip
3. File: zechbur.com-administrator-gdoc-secure.zip
4. Domain: zechbur.com
5. Target: GOOGLE
6. Name Size Date MD5 gdoc-secure/gtex/.DS_Store 15364 2015-01-29 11:54:14 dd17cfdc9564a376c448f91c20af5615
7. File appears in 38 kits
8. gdoc-secure/gtex/favicon.ico 1197 2014-08-12 17:35:24 46f7a1d52b8a46d23ee9c64b24adb4f0
9. File appears in 1055 kits and under 5 different file names
10. gdoc-secure/gtex/geoplugin.class.php 4647 2014-04-26 04:44:28 c8ea1e960b48a620c00bc65d525a721c
11. File appears in 1075 kits and under 3 different file names
12. gdoc-secure/gtex/Google_docs_files/.DS_Store 6148 2015-01-29 10:59:50 8a2e7336adc240b8b8a1869c90f670af
13. File appears in 40 kits
14. gdoc-secure/gtex/Google_docs_files/_notes/dwsync.xml 2133 2014-04-24 12:02:08 368e28b664e21e90732382469113dde0
15. File appears in 831 kits and under 2 different file names
16. gdoc-secure/gtex/Google_docs_files/aol.png 1183 2014-04-23 17:32:00 1db15cc5ad50540b10cde2d733efd2a4
17. File appears in 1133 kits and under 3 different file names
18. gdoc-secure/gtex/Google_docs_files/avatar_2x.png 2195 2014-04-23 17:33:00 17540f255f86c00bde81020fcc165989
19. File appears in 874 kits and under 2 different file names
20. gdoc-secure/gtex/Google_docs_files/button.gif 161 2015-02-24 11:35:58 ad55095ce1514fd1a9651fc332546587
21. File appears in 42 kits
22. gdoc-secure/gtex/Google_docs_files/checkmark.png 239 2014-04-26 09:31:50 8b596881d19d5906d926839a9c23e80c
23. File appears in 1198 kits and under 2 different file names
24. gdoc-secure/gtex/Google_docs_files/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff 21956 2014-04-23 17:33:00 3eb14f3838ada50e10f062a895c3b9cf
25. File appears in 1071 kits and under 2 different file names
26. gdoc-secure/gtex/Google_docs_files/docs-icon.png 52997 2014-04-23 17:32:00 83ad8d0b5df7150110564b46fc0b3911
27. File appears in 1041 kits and under 2 different file names
28. gdoc-secure/gtex/Google_docs_files/DXI1ORHCpsQm3Vp6mXoaTXhCUOGz7vYGh680lGh-uXM.woff 22656 2014-04-23 17:33:00 7c5d9f078bea8c1fc0b21a764b832138
29. File appears in 1071 kits and under 2 different file names
30. gdoc-secure/gtex/Google_docs_files/email.png 2921 2014-04-23 17:32:00 f093ed003976ef8aa9d299051c06f26b
31. File appears in 1138 kits and under 2 different file names
32. gdoc-secure/gtex/Google_docs_files/favicon.ico 1197 2014-08-12 17:28:08 46f7a1d52b8a46d23ee9c64b24adb4f0
33. File appears in 1055 kits and under 5 different file names
34. gdoc-secure/gtex/Google_docs_files/flag.gif 145 2015-02-24 11:37:50 87fa0238aebe7eb60d2d6dca57731d2c
35. File appears in 42 kits
36. gdoc-secure/gtex/Google_docs_files/Google Docs.png 232013 2014-04-23 17:32:00 4ab62a33783d09ef8b8c17a13ec6b0ef
37. File appears in 849 kits and under 2 different file names
38. gdoc-secure/gtex/Google_docs_files/google.png 9005 2014-08-18 03:56:12 b136662d529f0d1dd780056d7a6ff186
39. File appears in 1150 kits and under 5 different file names
40. gdoc-secure/gtex/Google_docs_files/googledocs.jpg 14918 2014-04-23 17:33:00 8ff2f663acec81a399f6eaa002d1eb53
41. File appears in 841 kits
42. gdoc-secure/gtex/Google_docs_files/jquery.ddslick.min.js 7156 2014-04-23 17:33:00 f0dc534351e239e07d258adcde7a63cd
43. File appears in 1073 kits and under 2 different file names
44. gdoc-secure/gtex/Google_docs_files/jquery.min.js 94843 2014-04-23 17:33:00 a13f7f208ba534681deadb1ec7a2e54a
45. File appears in 1017 kits and under 2 different file names
46. gdoc-secure/gtex/Google_docs_files/live_hotmail.png 517 2014-04-23 17:32:00 8dccdb0f930ec8ff6c62dd13474fa9f4
47. File appears in 1132 kits and under 3 different file names
48. gdoc-secure/gtex/Google_docs_files/logo_2x.png 9005 2014-04-23 17:32:00 b136662d529f0d1dd780056d7a6ff186
49. File appears in 1150 kits and under 5 different file names
50. gdoc-secure/gtex/Google_docs_files/logo_strip.png 26647 2014-08-12 18:06:50 a6dd956e0a1b11991ac93335bbf4b4cc
51. File appears in 1013 kits and under 2 different file names
52. gdoc-secure/gtex/Google_docs_files/logo_strip_2x.png 11156 2014-04-23 17:33:00 384a868cf5a995d033c4ac6e30c60355
53. File appears in 1177 kits and under 5 different file names
54. gdoc-secure/gtex/Google_docs_files/mail_gmail.png 1528 2014-04-23 17:32:00 5d2f329d5813e9ad215d0117610a58c5
55. File appears in 1132 kits and under 3 different file names
56. gdoc-secure/gtex/Google_docs_files/Thumbs.db 80896 2014-09-04 09:49:12 33c9311b8a554cff717e041a8e42c6e3
57. File appears in 663 kits
58. gdoc-secure/gtex/Google_docs_files/universal_language_settings-21.png 199 2014-04-23 17:33:00 4a2d1168a691747daf4d22e0dc483958
59. File appears in 1280 kits and under 2 different file names
60. gdoc-secure/gtex/Google_docs_files/x_8px.png 154 2014-04-26 09:42:30 4e3d78afc1958e6e12226cbf27f236bd
61. File appears in 1047 kits and under 2 different file names
62. gdoc-secure/gtex/Google_docs_files/yahoo.png 2830 2014-04-23 17:32:00 fda2a0cac8b16568eed32edbc85b5db8
63. File appears in 1133 kits and under 3 different file names
64. gdoc-secure/gtex/index.php 37739 2016-02-28 20:15:08 f8c2b45525dd6ac4b756dd60d663d5eb
65. File appears in 4 kits
66. gdoc-secure/gtex/SpryAssets/SpryValidationPassword.css 2426 2014-07-16 05:36:16 97faad16686bef5246d0953311bffdc8
67. File appears in 1020 kits
68. gdoc-secure/gtex/SpryAssets/SpryValidationPassword.js 20828 2014-07-16 05:36:16 d6be38fb42c2e9618c9d5f2664078c19
69. File appears in 1017 kits
70. gdoc-secure/gtex/SpryAssets/SpryValidationTextField.css 3122 2014-07-16 05:34:04 997fda9f352033c20b5fbb8fc361537c
71. File appears in 1025 kits
72. gdoc-secure/gtex/SpryAssets/SpryValidationTextField.js 77624 2014-07-16 05:34:04 7947cb5a92373e747f786adfe1d49356
73. File appears in 1019 kits
74. gdoc-secure/gtex/verification.php 52961 2016-02-28 20:14:54 33afdc30a76032c85ff9deb844b4ac0e
75. File appears in 4 kits
76.  
77. 2 Email addresses found:
78. gp_support@geoplugin.com (appears in 1052 kits)
79. genesiswire16@gmail.com (appears in 3 kits)
80.  
81.  
82.  
83. https://texasmalwareblog.blogspot.com @phish_total