Suspicious website - probably hosting malware

This website have only one page (the homepage) and is using the logo of Coin Telegraph (probably without permission).

It advertises and hosts suspicious .exe files. I tested them with VirusTotal and some of the antivirus programs detect trojans.

Links on the header and on the footer are not working (except the link to CoinTelegraph). Also the "subscribe" feature is fake.

Screenshot of the

Screenshot of the original Coin Telegraph:

According to signatures the files are signed by AGM 1980 Limited:

Links to VirusTotal reports:

Archive of the website:

Looks like it's hosted by Digital Ocean:

valentin@computer:~$ ping -c 1
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=55 time=69.4 ms

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 69.480/69.480/69.480/0.000 ms
valentin@computer:~$ whois | grep abuse
% Abuse contact for ' -' is ''

The domain name registrar is

valentin@computer:~$ whois | grep abuse
   Registrar Abuse Contact Email:

I reported it also to CoinTelegraph because of possible trademark infringement.

This website is advertised on Facebook:

I just sent a report to Comodo.


  1. I am regular reader, how are you everybody?
    This article posted at this site is genuinely nice.


Post a Comment

[removed ads]

Popular posts from this blog