User got Fake AV Trojan infection after following Google link.
hxxp://www.google.com/url?sa=T&source=web&ct=res&cd=4&ved=0CCEQFjAD&url=http://clean-tissue.com/gj/?p=532770&ei=iW-iS9bIMpDMNfXTjPoI
hxxp://188.124.3.232/~view/a/go.php?p=532770
hxxp://clean-tissue.com/gj/?p=532770
hxxp://www1.sps4-pcsys.in/?uid=318&pid=3&ttl=b1449678362
hxxp://www1.ungin-zonetobe-safe.in/?p=p52dcWtlcF/Cj8bYbnOCdVik12qYVp/Zatrau4FdlJ/JnsWYe3lwWqyopHbDXpiaamZkbGVullPVpJHaotahlFeob1zZytell3FfmqGgnXaHo83LqG1TnaJ1lWGWXmeZW5aUkWJuY1zXxsl2WKiscWlmbnGaYJqcYWRTqKVqoV6UZmifYJmak2VdlZmitrY=
hxxp://www1.ungin-zonetobe-safe.in/Images/loading.gif
hxxp://www1.ungin-zonetobe-safe.in/service.php?p=p52dcWtlcF/Cj8bYbnOCdVik12qYVp/Zatrau4FdlJ/JnsWYe3lwWqyopHbDXpiaamZkbGVullPVpJHaotahlFeob1zZytell3FfmqGgnXaHo83LqG1TnaJ1lWGWXmeZW5aUkWJuY1zXxsl2WKiscWlmbnGaYJqcYWRTqKVqoV6UZmifYJmak2VdlZmitrY=
hxxp://www1.ungin-zonetobe-safe.in/Layouts/Landings/CentralLandings/6/images/list/all_hor.gif
hxxp://www1.ungin-zonetobe-safe.in/Layouts/Landings/CentralLandings/6/images/list/all_vert.gif
hxxp://www1.do-fast-safety-scan.in/build6_318.php?cmd=sendFile&counter=1&p=p52dcWtlcF/Cj8bYbnOCdVik12qYVp/Zatrau4FdlJ/JnsWYe3lwWqyopHbDXpiaamZkbGVullPVpJHaotahlFeob1zZytell3FfmqGgnXaHo83LqG1TnaJ1lWGWXmeZW5aUkWJuY1zXxsl2WKiscWlmbnGaYJqcYWRTqKVqoV6UZmifYJmak2VdlZmitrY=
hxxp://www1.ungin-zonetobe-safe.in/build6_318.php?cmd=getFile&counter=1&p=p52dcWtlcF/Cj8bYbnOCdVik12qYVp/Zatrau4FdlJ/JnsWYe3lwWqyopHbDXpiaamZkbGVullPVpJHaotahlFeob1zZytell3FfmqGgnXaHo83LqG1TnaJ1lWGWXmeZW5aUkWJuY1zXxsl2WKiscWlmbnGaYJqcYWRTqKVqoV6UZmifYJmak2VdlZmitrY=
hxxp://www1.ungin-zonetobe-safe.in/build6_318.php?cmd=getFile&counter=2&p=p52dcWtlcF/Cj8bYbnOCdVik12qYVp/Zatrau4FdlJ/JnsWYe3lwWqyopHbDXpiaamZkbGVullPVpJHaotahlFeob1zZytell3FfmqGgnXaHo83LqG1TnaJ1lWGWXmeZW5aUkWJuY1zXxsl2WKiscWlmbnGaYJqcYWRTqKVqoV6UZmifYJmak2VdlZmitrY=
hxxp://www1.pajon-it-formysafe.in/build6_318.php?cmd=sendFile&counter=2&p=p52dcWtlcF/Cj8bYbnOCdVik12qYVp/Zatrau4FdlJ/JnsWYe3lwWqyopHbDXpiaamZkbGVullPVpJHaotahlFeob1zZytell3FfmqGgnXaHo83LqG1TnaJ1lWGWXmeZW5aUkWJuY1zXxsl2WKiscWlmbnGaYJqcYWRTqKVqoV6UZmifYJmak2VdlZmitrY=
This traffic was seen after infection.
hxxp://protectedsystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&ttl=21148944b35&pid=
hxxp://protectedsystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&ttl=21148944b35&pid=
hxxp://protectedsystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&ttl=21148944b35&pid=&getsize=1
hxxp://protectedsystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&ttl=21148944b35&pid=
hxxp://protectedsystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&ttl=21148944b35&pid=&getsize=1
hxxp://securesystem.in/index.php?controller=hash
hxxp://securesystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&pid=
hxxp://securesystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&pid=&getsize=1
hxxp://securesystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&pid=&getsize=1
hxxp://protectedsystem.in/index.php?controller=hash
hxxp://protectedsystem.in/index.php?controller=microinstaller&abbr=CUA&setupType=xp&pid=
Topic: New Fake AV Trojan sites. (Read 4517 times)