1phads.com

PROTECTSERVICE, LTD.

Domain Information

The domain 1phads.com registered by PROTECTSERVICE, LTD. was initially registered in February of 2013 through EVOPLUS LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Utrecht, Utrecht within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
EVOPLUS LTD

Server location:
Utrecht, Netherlands (NL)

Create date:
Tuesday, February 12, 2013

Expires date:
Sunday, February 12, 2017

Updated date:
Tuesday, January 12, 2016

ASN:
AS35415 WEBAZILLA Webazilla B.V.

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallX.Bundle, PUP.Installer.Amonetizeltd.EE, PUP.Installer.Amonetizeltd.O, PUP.Installer.Amonetizeltd.Z, PUP.Installer.Amonetizeltd.X, PUP.Installer.ShetefSolutionsConsulting1998.n, PUP.Installer.WARPINSTALL.G, PUP.Installer.Wilmaonline.c, PUP.Installer.Fileadventure.F, PUP.Adknowledge.INSTALLDOTEXE.Installer (M), PUP.Adknowledge.FileMonarch.Bundler (M), PUP.Adknowledge.FUSIONINSTALLER.Installer (M), PUP.Tuguu.PaymentsInteractive.Bundler (M), PUP.installCore.WorldSetup (M), PUP.Tuguu.Clovermedia.Bundler (M), PUP.Vittalia.VittaliaInternet.Bundler (M), PUP.Tuguu.Payments.Bundler (M), PUP.Solimba.Bechiro.Bundler (M), PUP.Adknowledge.FUSIONIN.Bundler (M), PUP.Adknowledge.FileMona.Bundler (M), PUP.Tuguu.Bundler, PUP.Vittalia.Bundler (M), PUP.Adknowledge.FileFalc.Bundler (M), PUP.Adknowledge.INSTALLD.Installer (M), PUP.installCore.WorldSet (M), PUP.Vittalia (M), PUP.Adknowledge (M), PUP.TIMP (M)
93.62%

Malwarebytes
PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize, PUP.Optional.Amonetize.A, PUP.Optional.OptimumInstaller.A, PUP.Optional.Ibryte
48.94%

VIPRE Antivirus
Amonetize, Trojan.Win32.Generic, Conduit, Optimum Installer, Threat.4798837, Threat.4150696
44.68%

McAfee
Artemis!4476FBE0C98B, Artemis!577A16D372DC, Artemis!DC79DBAB4F6C, Adware-Amonetize!01060DF48554, Adware-Amonetize!BE0E2E71EA9E, Adware-Amonetize!0DE7113F0DBA, Adware-Amonetize!DC035ED17CF1, Artemis!AC04B4FDAB43, PUP-FBM!1FB1A3C549EF, Artemis!D045C948D10E
42.55%

Dr.Web
Adware.Downware.1655, Adware.Downware.1528, Adware.Downware.1833, Adware.Downware.2250, Adware.Downware.1575, Adware.Downware.2467
42.55%

Avira AntiVirus
Adware/Amonetize.W.10, ADWARE/Adware.Gen2, Adware/iBryte.qoemnj, Adware/Amonetize.tzv, Adware/iBryte.bxka, Adware/iBryte.zline
42.55%

avast!
Win32:Dropper-gen [Drp], Win32:Amonetize-E [PUP], Win32:Adware-BJY [PUP], Win32:PUP-gen [PUP], Win32:Amonetize-AM [PUP], Win32:BmMedia-D [PUP]
40.43%

McAfee Web Gateway
Artemis!4476FBE0C98B, Artemis!577A16D372DC, Artemis!DC79DBAB4F6C, Adware-Amonetize!01060DF48554, Adware-Amonetize!BE0E2E71EA9E
40.43%

Sophos
Amonetize, Generic PUA GM, iBryte Optimum Installer, PUA.iBryte Optimum Installer, Mal/Inject-CEE, Generic PUA AF, Install Core Click run software
38.30%

Trend Micro House Call
TROJ_GEN.F47V1124, TROJ_GEN.F47V1219, TROJ_GEN.F47V1003, TROJ_GEN.F47V0925, TROJ_GEN.F47V0130, TROJ_GEN.F47V0227, TROJ_GEN.F47V0303
36.17%

AhnLab V3 Security
PUP/Win32.Amonetiz, PUP/Win32.Amonetize, PUP/Win32.IBryte, Trojan/Win32.Buzus
34.04%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.DownAgent.bk.(kcloud), Win32.Troj.Amonetize.c.(kcloud), Win32.Troj.Staser.y.(kcloud)
31.91%

ESET NOD32
Win32/Amonetize (variant), Win32/Amonetize.AA (variant), Win32/Amonetize.AD (variant), Win32/Amonetize.AG (variant), Win32/Amonetize.AI (variant)
29.79%

AVG
MalSign.Generic, Generic_r, Generic5, Skodna.Bundle, Adware Skodna.Generic.AWI, Adware Generic_r.TL, Adware AdPlugin.GV
29.79%

K7 Gateway Antivirus
Unwanted-Program , Trojan
27.66%

The domain 1phads.com has been seen to resolve to the following 4 IP addresses.

November 1, 2014

v-2-do15-d1101-204.webazilla.com
July 3, 2014

v-4-kp13-d967-147.webazilla.com
December 29, 2013

v-4-kp13-d938-146.webazilla.com
December 29, 2013

File downloads found at URLs served by 1phads.com.

 
Latest 30 of 93 download URLs

URL:
http://1phads.com/

Title:
“Google”

Description:
“Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.”

SSL certificate subject:
CN=1phads.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)15, OU=GT06581720

SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:
gws

Facebook:
Likes:  10,797,562
Shares:  10,326,040
Comments:  2,329,001

Statistics above are for the previous month of July 2017.