MICROSOFT phish running on nimtzdesigngroup[.]com

1. Found: 2018-05-28 03:19:08.299000
2. URL: http://nimtzdesigngroup.com/outlook.zip
3. File: nimtzdesigngroup.com-foo-outlook.zip
4. Domain: nimtzdesigngroup.com
5. Target: MICROSOFT
6. Name Size Date MD5 outlook/blocker.php 2644 2017-10-10 08:09:48 5aa3f3f406ced12d0bc7742e77b01781
7. File appears in 274 kits and under 5 different file names
8. outlook/fresh/authenticate.php 4081 2018-05-25 17:04:24 892af3e96fe0d6368f2bc131568e8448
9.  
10. outlook/fresh/error.php 18429 2017-09-21 14:14:02 d9779b7472f313f36353938cd3664d6c
11.  
12. outlook/fresh/geoplugin.class.php 4647 2017-09-21 14:13:48 c8ea1e960b48a620c00bc65d525a721c
13. File appears in 1323 kits and under 3 different file names
14. outlook/fresh/index.php 13326 2017-09-21 14:13:40 05f80413b5927e606bbe6c1ea7186689
15.  
16. outlook/fresh/login.php 1296 2018-05-25 17:01:38 9aa5086f097a03e8acf2707b9eebe9ac
17.  
18. outlook/fresh/pass.php 18316 2017-09-21 14:13:24 54d9b9ab9208c927460e3f5cccd3fdf6
19.  
20. outlook/fresh/Sign in to your Microsoft account_files/AppCentipede_Microsoft.svg 7174 2017-09-21 14:15:52 aed5eb9ccea43f119a25b3b74c59c7e7
21. File appears in 108 kits
22. outlook/fresh/Sign in to your Microsoft account_files/Default1033.css 73727 2017-09-21 14:15:44 902952e2e05ab3451fb7438bb77059fb
23. File appears in 82 kits and under 2 different file names
24. outlook/fresh/Sign in to your Microsoft account_files/DefaultLoginStrings1033.js.txt 9898 2017-09-21 14:15:28 b507b90640721b4e47154d97609105bc
25. File appears in 78 kits and under 2 different file names
26. outlook/fresh/Sign in to your Microsoft account_files/DefaultLogin_Core.js.txt 126766 2017-09-21 14:15:34 a85dcfb7c3eda9c13ad3690c2dd27822
27. File appears in 77 kits and under 2 different file names
28. outlook/fresh/Sign in to your Microsoft account_files/logo.jpg 3602 2017-09-21 14:15:20 885531c6229490a82386b12b01cc5553
29. File appears in 63 kits
30. outlook/fresh/Sign in to your Microsoft account_files/Microsoft_Logotype_Gray.svg 5435 2017-09-21 14:15:12 5feaa482d83c2a69d012f9bff660d373
31. File appears in 108 kits
32. outlook/fresh/Sign in to your Microsoft account_files/prefetch.htm 3326 2017-09-21 14:15:06 68b1e3007431d49789c66d75b9f606c6
33. File appears in 63 kits
34. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot.css 159658 2017-09-21 14:17:24 30da6f6f4e2d60d8aacbe2ed1583ae7f
35. File appears in 63 kits
36. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot.js.txt 650764 2017-09-21 14:17:16 3fcf01abd2872c7fe233a3abaa50e122
37. File appears in 63 kits and under 2 different file names
38. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot_002.js.txt 646615 2017-09-21 14:17:08 9c766769f81c9884d74819f3dfe915be
39. File appears in 63 kits and under 2 different file names
40. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot_003.js.htm 650184 2017-09-21 14:16:58 4cfbdab231025e8b0ee7d08368516d5c
41. File appears in 63 kits and under 2 different file names
42. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/boot_004.js.txt 648527 2017-09-21 14:16:50 1b403af938697ddd9ed483405ff47cd4
43. File appears in 63 kits and under 2 different file names
44. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/sprite1.css 7304 2017-09-21 14:16:44 7c23768ca9a97f74fc7b0486747deeaf
45. File appears in 63 kits
46. outlook/fresh/Sign in to your Microsoft account_files/prefetch_data/sprite1.png 14983 2017-09-21 14:16:38 d502a13c4f154e9fe86802b1f0338466
47. File appears in 63 kits
48. outlook/index.php 618 2018-02-08 16:58:22 4e24c251dddcedfd3c19268d05ada356
49.  
50.  
51. 2 Email addresses found:
52. gp_support@geoplugin.com (appears in 1270 kits)
53. mavisbrianna170@yahoo.com
54.  
55.  
56.  
57. https://texasmalwareblog.blogspot.com @phish_total