1phads.com

PROTECTSERVICE, LTD.

Domain Information

The domain 1phads.com registered by PROTECTSERVICE, LTD. was initially registered in February of 2013 through EVOPLUS LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Utrecht, Utrecht within Netherlands which resides on the RIPE Network Coordination Centre network.
Remove Malware from 1phads.com - Powered by Reason Core Security
Registrar:
EVOPLUS LTD

Server location:
Utrecht, Netherlands (NL)

Create date:
Tuesday, February 12, 2013

Expires date:
Sunday, February 12, 2017

Updated date:
Tuesday, January 12, 2016

ASN:
AS35415 WEBAZILLA Webazilla B.V.

Scanner detections:
Detections  (97% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Amonetizeltd.EE, PUP.Installer.Amonetizeltd.O, PUP.Installer.Amonetizeltd.a, PUP.Installer.Amonetizeltd.Z, PUP.Installer.ShetefSolutionsConsulting1998.n, PUP.Installer.Amonetizeltd.F, PUP.Installer.BechiroSL.O, Threat.Win.Reputation.IMP, PUP.Installer.WARPINSTALL.G, PUP.Installer.BechiroSL.F, PUP.Installer.PaymentsInteractiveSL.F, PUP.Installer.INSTALLDOTEXE.G, PUP.Installer.BuildInput.F, PUP.Installer.Wilmaonline.c, PUP.Installer.Fileadventure.F, PUP.Adknowledge.INSTALLDOTEXE.Installer (M), PUP.Adknowledge.FileMonarch.Bundler (M), PUP.Adknowledge.FUSIONINSTALLER.Installer (M), PUP.Tuguu.PaymentsInteractive.Bundler (M)
94.87%

Malwarebytes
PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize, PUP.Optional.Amonetize.A, PUP.Optional.InstallCore, PUP.Optional.OptimumInstaller.A
89.74%

VIPRE Antivirus
Amonetize, Trojan.Win32.Generic, DownloadMR, Optimum Installer, Threat.4783262, Trojan.Win32.Clicker, Threat.4150696, Threat.4798837
87.18%

Dr.Web
Win32.Sector.21, Adware.Downware.1655, Adware.Downware.1643, Adware.Downware.1528, Adware.Downware.1833, Adware.Downware.2467, Adware.Downware.5488
79.49%

Avira AntiVirus
W32/Sality.AT, ADWARE/Adware.Gen2, Adware/Amonetize.W.10, Adware/iBryte.bxka, APPL/Firseria.A.16, APPL/DomaIQ.Gen, ADWARE/Adware.Gen7
76.92%

Sophos
Amonetize, iBryte Optimum Installer, Solimba Installer, DomainIQ pay-per install, Generic PUA DD, Mal/Generic-S, PUA.iBryte Optimum Installer
76.92%

ESET NOD32
Win32/Amonetize (variant), Win32/Amonetize.AA (variant), Win32/Amonetize.AD (variant), Win32/Amonetize.AG (variant), Win32/Amonetize.AJ (variant)
69.23%

McAfee
Artemis!4476FBE0C98B, Artemis!577A16D372DC, Artemis!0809F462F8DF, Artemis!A5C375118695, Artemis!466A950A6E7B, Artemis!DC79DBAB4F6C, Adware-Amonetize!2F5C2A2569FF, Adware-Amonetize!01060DF48554, Adware-Amonetize!BE0E2E71EA9E, Adware-Amonetize!0DE7113F0DBA, Artemis!AC04B4FDAB43, Artemis!5C6BD2794FED, PUP-FBM, PUP-FBM!1FB1A3C549EF
66.67%

avast!
Win32:Dropper-gen [Drp], Win32:Amonetize-E [PUP], Win32:Adware-BJY [PUP], Win32:Amonetize-AM [PUP], Win32:Amonetize-AK [PUP]
66.67%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.DomaIQ, PUP/Win32.IBryte, PUP/Win32.FirseriaInstaller, PUP/Win32.Amonetize, Trojan/Win32.Buzus
66.67%

McAfee Web Gateway
Artemis!4476FBE0C98B, Artemis!577A16D372DC, Artemis!0809F462F8DF, Artemis!A5C375118695, Artemis!466A950A6E7B, Artemis!DC79DBAB4F6C
61.54%

Trend Micro House Call
TROJ_GEN.F47V1124, TROJ_GEN.F47V1219, TROJ_GEN.F47V1108, TROJ_GEN.F47V1028, TROJ_GEN.F47V1003, TROJ_GEN.F47V1118, TROJ_GEN.F47V0925
56.41%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Riskware
53.85%

K7 AntiVirus
Unwanted-Program , Trojan , Riskware
53.85%

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:Downloader.Win32.Agent, not-a-virus:AdWare.Win32.Lollipop, not-a-virus:AdWare.Win32.Amonetize
53.85%

The domain 1phads.com has been seen to resolve to the following 4 IP addresses.

November 1, 2014

v-2-do15-d1101-204.webazilla.com
July 3, 2014

v-4-kp13-d967-147.webazilla.com
December 29, 2013

v-4-kp13-d938-146.webazilla.com
December 29, 2013

File downloads found at URLs served by 1phads.com.

 
Latest 30 of 62 download URLs

URL:
http://1phads.com/

Title:
“Google”

Description:
“Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.”

SSL certificate subject:
CN=1phads.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)15, OU=GT06581720

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
gws

Facebook:
Likes:  4,108,962
Shares:  9,839,340
Comments:  2,208,201

Statistics above are for the previous month of November 2016.

Remove Malware from 1phads.com - Powered by Reason Core Security