Found on a hacked defaced site. Bad web rep:
https://www.mywot.com/en/scorecard/1phads.com?utm_source=addon&utm_content=popupConsider:
https://www.eff.org/https-everywhere/atlas/domains/1phads.com.htmlNetcraft website risk status 1 red out of 10:
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.1phads.comWebzilla abuse? Browser Surf Plus, should rather not be in your browser.
It should be blocked: -http://www.1phads.com redirects to
http://google.com-http://google.com redirects to -http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK
-http://www.1phads.com is present in the Dr.Web database of unwanted sites!
Checking: -http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK
Engine version: 7.0.15.8310
Total virus-finding records: 6460348
File size: 44.37 KB
File MD5: 3a330e1df886d1395bed3b50185e9fe9
-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK - archive JS-HTML
>-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK/JSTAG_1[1a4][8fe] - Ok
>-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK/JSTAG_2[4867][4098] - Ok
>-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK/JSTAG_3[897b][fd] - Ok
>-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK/JSTAG_4[a42a][1dd] - Ok
>-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK/JSTAG_5[a948][169] - Ok
>-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK/JSTAG_6[aaf5][669] - Ok
>-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK/JSEvent_7[82] - Ok
-http://www.google.ru/?gfe_rd=cr&ei=IH0EVs7iNozFYKOfoPAK - Ok
polonus (volunteer website security analyst and website error-hunter)
P.S. Consider -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.google.ru%2F%3Fgfe_rd%3Dcr%26ei%3DIH0EVs7iNozFYKOfoPAK%2FJSEvent_7%5B82%5D+(to analyze this reconstruct link by removing the initial - before the http link). css filter code.