Malware Domain List

Malware Related => Malicious Domains => Topic started by: blueguitarbob on January 04, 2014, 06:11:41 pm

Title: soundclou.com - dangerous exploit installer/typosquatter
Post by: blueguitarbob on January 04, 2014, 06:11:41 pm
The domain soundclou.com (soundcloud without the final "d") is serving malware, specifically a variant of the DomainIQ installer, disguised as a "soundcloud plugin." When a user accesses the site, it immediately redirects to http://soundcloud.audio-updates.com/1/, which attempts to install the exploit.

http://soundclou.com Exploits
http://soundcloud.audio-updates.com/1/ Exploits


I have a copy of the exploit file, if anyone wants it.

The domain is obviously preying on users who mistype the URL for soundcloud.com, for the purpose of installing an exploit on their system. I believe this is called typosquatting.

This domain has nothing to do with the company Soundcloud, and is registered in Panama. WHOIS is stealthed. I have alerted Soundcloud to the problem so they can also take action if they choose.

Title: Re: soundclou.com - dangerous exploit installer/typosquatter
Post by: emmyslim on January 08, 2016, 01:44:02 pm
hello thanks for your post please i want doc exploit spy and i also want need an exploits that i can use to convert my exe file to doc or pdf
Title: Re: soundclou.com - dangerous exploit installer/typosquatter
Post by: dlipman on January 09, 2016, 04:33:18 pm
You can upload it/them ( samples ) to http://www.uploadmalware.com (http://www.uploadmalware.com)  and mark the submission that it was based upon a request from MDL.

Obrigado.
Title: Re: soundclou.com - dangerous exploit installer/typosquatter
Post by: Malvertiser on January 29, 2016, 04:59:14 pm
Hmmm... This (hxxp://soundclou.com) redirected me to a Browlock.fakeTechSupport with the following message:

"Important security message. Please dial the number provided ASAP. You will be guided for the removal of the adware/spyware virus on your computer..."

Blah blah blah.
No exploit seems to be hosted on this site.

The other url posted here is currently offline.
Title: Re: soundclou.com - dangerous exploit installer/typosquatter
Post by: BenENichols on February 25, 2016, 07:57:56 am
Blacklist them anyway, its still a scam, a con, a phish attempt.