» 1phads.com
Overview
Analysis
IPs Addresses (4)
Downloads (93)
Website Detail
Statistics

1phads.com

PROTECTSERVICE, LTD.

Domain Information

The domain 1phads.com registered by PROTECTSERVICE, LTD. was initially registered in February of 2013 through EVOPLUS LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Utrecht, Utrecht within Netherlands which resides on the RIPE Network Coordination Centre network.

Registrant:

PROTECTSERVICE, LTD.

Registrar:

EVOPLUS LTD

Server location:

Utrecht, Netherlands (NL)

Create date:

Tuesday, February 12, 2013

Expires date:

Sunday, February 12, 2017

Updated date:

Tuesday, January 12, 2016

ASN:

AS35415 WEBAZILLA Webazilla B.V.

Whois:

5 1phads.com records

Scanner detections:

Detections (98% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.InstallX.Bundle, PUP.Installer.Amonetizeltd.EE, PUP.Installer.Amonetizeltd.O, PUP.Installer.Amonetizeltd.Z, PUP.Installer.Amonetizeltd.X, PUP.Installer.ShetefSolutionsConsulting1998.n, PUP.Installer.WARPINSTALL.G, PUP.Installer.Wilmaonline.c, PUP.Installer.Fileadventure.F, PUP.Adknowledge.INSTALLDOTEXE.Installer (M), PUP.Adknowledge.FileMonarch.Bundler (M), PUP.Adknowledge.FUSIONINSTALLER.Installer (M), PUP.Tuguu.PaymentsInteractive.Bundler (M), PUP.installCore.WorldSetup (M), PUP.Tuguu.Clovermedia.Bundler (M), PUP.Vittalia.VittaliaInternet.Bundler (M), PUP.Tuguu.Payments.Bundler (M), PUP.Solimba.Bechiro.Bundler (M), PUP.Adknowledge.FUSIONIN.Bundler (M), PUP.Adknowledge.FileMona.Bundler (M), PUP.Tuguu.Bundler, PUP.Vittalia.Bundler (M), PUP.Adknowledge.FileFalc.Bundler (M), PUP.Adknowledge.INSTALLD.Installer (M), PUP.installCore.WorldSet (M), PUP.Vittalia (M), PUP.Adknowledge (M), PUP.TIMP (M)

93.62%

Malwarebytes

PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize, PUP.Optional.Amonetize.A, PUP.Optional.OptimumInstaller.A, PUP.Optional.Ibryte

48.94%

VIPRE Antivirus

Amonetize, Trojan.Win32.Generic, Conduit, Optimum Installer, Threat.4798837, Threat.4150696

44.68%

McAfee

Artemis!4476FBE0C98B, Artemis!577A16D372DC, Artemis!DC79DBAB4F6C, Adware-Amonetize!01060DF48554, Adware-Amonetize!BE0E2E71EA9E, Adware-Amonetize!0DE7113F0DBA, Adware-Amonetize!DC035ED17CF1, Artemis!AC04B4FDAB43, PUP-FBM!1FB1A3C549EF, Artemis!D045C948D10E

42.55%

Dr.Web

Adware.Downware.1655, Adware.Downware.1528, Adware.Downware.1833, Adware.Downware.2250, Adware.Downware.1575, Adware.Downware.2467

42.55%

Avira AntiVirus

Adware/Amonetize.W.10, ADWARE/Adware.Gen2, Adware/iBryte.qoemnj, Adware/Amonetize.tzv, Adware/iBryte.bxka, Adware/iBryte.zline

42.55%

avast!

Win32:Dropper-gen [Drp], Win32:Amonetize-E [PUP], Win32:Adware-BJY [PUP], Win32:PUP-gen [PUP], Win32:Amonetize-AM [PUP], Win32:BmMedia-D [PUP]

40.43%

Sophos

Amonetize, Generic PUA GM, iBryte Optimum Installer, PUA.iBryte Optimum Installer, Mal/Inject-CEE, Generic PUA AF, Install Core Click run software

38.30%

Trend Micro House Call

TROJ_GEN.F47V1124, TROJ_GEN.F47V1219, TROJ_GEN.F47V1003, TROJ_GEN.F47V0925, TROJ_GEN.F47V0130, TROJ_GEN.F47V0227, TROJ_GEN.F47V0303

36.17%

AhnLab V3 Security

PUP/Win32.Amonetiz, PUP/Win32.Amonetize, PUP/Win32.IBryte, Trojan/Win32.Buzus

34.04%

ESET NOD32

Win32/Amonetize (variant), Win32/Amonetize.AA (variant), Win32/Amonetize.AD (variant), Win32/Amonetize.AG (variant), Win32/Amonetize.AI (variant)

29.79%

AVG

MalSign.Generic, Generic_r, Generic5, Skodna.Bundle, Adware Skodna.Generic.AWI, Adware Generic_r.TL, Adware AdPlugin.GV

29.79%

K7 AntiVirus

Unwanted-Program , Trojan , Adware

27.66%

Comodo Security

ApplicUnwnt, TrojWare.Win32.IBryte.S, Application.Win32.IBryte.WX, Application.Win32.Ibryte.NW, Application.Win32.iBryte.R

25.53%

Agnitum Outpost

PUA.Amonetize, PUA.Downloader, Riskware.Agent, PUA.Agent, PUA.InstallCore

25.53%

The domain 1phads.com has been seen to resolve to the following 4 IP addresses.

88.85.82.145

November 1, 2014

78.140.145.204

v-2-do15-d1101-204.webazilla.com

July 3, 2014

78.140.173.147

v-4-kp13-d967-147.webazilla.com

December 29, 2013

78.140.173.146

v-4-kp13-d938-146.webazilla.com

December 29, 2013

File downloads found at URLs served by 1phads.com.

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=120458__zoneid=31158__OXLCA=1__cb=0b5d665829__oadest=http://.../?id=p191&sub=ar&name=File.Download&nor=1&subid=${SUBID} (file.download_54dye.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68769__zoneid=8633__OXLCA=1__cb=b9c3735c99__oadest=http://downloadju.com/direct/.../update.exe (9b8052273b7e83f8523a50f38b06afa6)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68769__zoneid=5338__OXLCA=1__cb=99a3e8409d__oadest=http://downloadju.com/direct/.../update.exe (65801dee512561a08c0da1de4d49e371)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68804__zoneid=5720__OXLCA=1__cb=680e85b559__oadest=http://utorrent.descargar.es/.../down.php?p=UK-1phads&transaction_id=${SUBID} (utorrent_installer_ag1phads_ck1825313379.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68769__zoneid=8633__OXLCA=1__cb=43f85cc363__oadest=http://downloadju.com/direct/.../update.exe (ee523d4d12673ebbb61627e93e7b0bf8)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68827__zoneid=10795__OXLCA=1__cb=839c80b71e__oadest=http://utorrent.descargar.es/.../down.php?p=BR-1phads (installer_utorrent_english.exe)

1 / 68 (inconclusive)

http://1phads.com/ck.php?oaparams=2__bannerid=120458__zoneid=15972__OXLCA=1__cb=c6a00104f0__oadest=http://.../?id=p191&sub=ar&name=File.Download&nor=1&subid=${SUBID} (file.download_64lp6.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68782__zoneid=5338__OXLCA=1__cb=0d76f75926__oadest=http://ttb.getsoftdll.com/download/request/.../SYNImp91?PubID=5338&subid=${SUBID} (optimizer_pro.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68769__zoneid=8633__OXLCA=1__cb=f2e6636c90__oadest=http://downloadju.com/direct/.../update.exe (d54e96d8cb86b7cde0dbef6af84710c3)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=120458__zoneid=5720__OXLCA=1__cb=d5d80257af__oadest=http://.../?id=p191&sub=ar&name=File.Download&nor=1&subid=${SUBID} (downloadsetup.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68834__zoneid=5338__OXLCA=1__cb=8d316a2a3c__oadest=http://utorrent.descargar.es/.../down.php?p=ZA-1phads&transaction_id=${SUBID} (utorrent_installer_ag1phads_ck1951982531.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68764__zoneid=8633__OXLCA=1__cb=e9f6187000__oadest=http://ttb.mediaplayerinstaller.com/download/request/.../hcVOmSwp?subid=${SUBID} (setup.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=120458__zoneid=31158__OXLCA=1__cb=ca5f6f932d__oadest=http://.../?id=p191&sub=ar&name=File.Download&nor=1&subid=${SUBID} (downloadsetup.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68766__zoneid=8633__OXLCA=1__cb=59941e33ee__oadest=http://.../aff_c?offer_id=44&aff_id=1016&url_id=58&&aff_sub=${SUBID} (setup.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68769__zoneid=5720__OXLCA=1__cb=c5e61a1249__oadest=http://downloadju.com/direct/.../update.exe (069a9fa31c4516c0a3dbae270866dd00)

5 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=71318__zoneid=5075__OXLCA=1__cb=b2a3c40282__oadest=http://.../?id=p191&sub=ar&name=Flash.Player&nor=1&subid=${SUBID} (pazerafreeaudioextractorsetup__6131_il1408515.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68764__zoneid=8633__OXLCA=1__cb=5a17277e92__oadest=http://ttb.getsoftdll.com/download/request/.../hcVOmSwp?subid=${SUBID} (setup.exe)

11 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=71318__zoneid=5648__OXLCA=1__cb=4136cfe3ec__oadest=http://.../?id=p191&sub=ar&name=Flash.Player&nor=1&subid=${SUBID} (skymonkam__2155_il341772.exe)

2 / 68 (PUP)

http://1phads.com/ck.php?oaparams=2__bannerid=68769__zoneid=8633__OXLCA=1__cb=e39324d63f__oadest=http://www.downloadju.com/direct/.../setup.exe (7z920.exe)

18 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68803__zoneid=5338__OXLCA=1__cb=7a8dee792f__oadest=http://utorrent.descargar.es/.../down.php?p=US-1phads (installer_utorrent_english.exe)

12 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68847__zoneid=5720__OXLCA=1__cb=95e7c425af__oadest=http://.../download.php?version=1.1.5.55&campid=2570&capp=FlashPlayer&prefix=Setup&ti1=${SUBID} (apk file__3306_il604572.exe)

1 / 68 (Malware)

http://1phads.com/ck.php?oaparams=2__bannerid=68809__zoneid=5075__OXLCA=1__cb=5020ec9fa8__oadest=http://utorrent.descargar.es/.../down.php?p=FR-1phads (installer_utorrent_french.exe)

21 / 68 (PUP)

http://1phads.com/ck.php?oaparams=2__bannerid=71318__zoneid=8633__OXLCA=1__cb=7a2754400e__oadest=http://.../?id=p191&sub=ar&name=Flash.Player&nor=1&subid=${SUBID} (herdprotect__2309_il720783.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68804__zoneid=5720__OXLCA=1__cb=718e925854__oadest=http://utorrent.descargar.es/.../down.php?p=UK-1phads&transaction_id=${SUBID} (utorrent_installer_ag1phads_ck1595370820.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68782__zoneid=5720__OXLCA=1__cb=823e3955fc__oadest=http://ttb.getsoftdll.com/download/request/.../SYNImp91?PubID=5720&subid=${SUBID} (optimizer_pro.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68819__zoneid=5338__OXLCA=1__cb=ab23000baa__oadest=http://utorrent.descargar.es/.../down.php?p=SE-1phads (installer_utorrent_english.exe)

1 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68764__zoneid=15972__OXLCA=1__cb=fee77beaf0__oadest=http://ttb.getsoftdll.com/download/request/.../hcVOmSwp?subid=${SUBID} (setup.exe)

17 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68847__zoneid=5140__OXLCA=1__cb=a3a513e4b3__oadest=http://.../download.php?version=1.1.5.55&campid=2570&capp=FlashPlayer&prefix=Setup&ti1=${SUBID} (flashplayer__2570_i97582594_il17.exe)

38 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68769__zoneid=8633__OXLCA=1__cb=1bcb90f094__oadest=http://downloadju.com/direct/.../update.exe (277b8288a3491525dd07e156e5833852)

12 / 68 (Adware)

http://1phads.com/ck.php?oaparams=2__bannerid=68846__zoneid=8155__OXLCA=1__cb=8c0d46fb4a__oadest=http://.../download.php?version=1.1.5.55&campid=2570&capp=FlashPlayer&prefix=AudioCodec&ti1=${SUBID} (apk file__3306_il604572.exe)

Latest 30 of 93 download URLs

URL:

http://1phads.com/

Title:

“Google”

Description:

“Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.”

SSL certificate subject:

CN=1phads.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)15, OU=GT06581720

SSL certificate issuer:

CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Web server:

gws

Facebook:

Likes: 10,797,562

Shares: 10,326,040

Comments: 2,329,001

Statistics above are for the previous month of March 2024.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.