home

ads.yahoo.com

Yahoo! Inc.

Domain Information

The domain ads.yahoo.com registered by Yahoo! Inc. was initially registered in January of 1995 through MARKMONITOR INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Omaha, Nebraska within the United States which resides on the Yahoo! Inc. network.
Registrar:
MARKMONITOR INC.

Server location:
Nebraska, United States (US)

Create date:
Wednesday, January 18, 1995

Expires date:
Thursday, January 19, 2023

Updated date:
Thursday, June 26, 2014

ASN:
AS36646 YAHOO-NE1 - Yahoo,US

Root domain:
yahoo.com

Whois:
1 yahoo.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Tuguu.Bundler (M)
100.00%

McAfee
PUP-FBM!A041FA631138
50.00%

Malwarebytes
PUP.Optional.Amonetize
50.00%

NANO AntiVirus
Riskware.Win32.Downware.czlsvh
50.00%

Trend Micro House Call
TROJ_GEN.R0C1H06F614
50.00%

avast!
Win32:Amonetize-BJ [PUP]
50.00%

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
50.00%

Rising Antivirus
PE:Malware.Adware!6.198D
50.00%

Sophos
Amonetize
50.00%

VIPRE Antivirus
Amonetize
50.00%

Avira AntiVirus
ADWARE/Adware.Gen2
50.00%

AhnLab V3 Security
PUP/Win32.Amonetiz
50.00%

ESET NOD32
Win32/Amonetize.AS (variant)
50.00%

Baidu Antivirus
Adware.Win32.Amonetize
50.00%

Fortinet FortiGate
Riskware/Amonetize
50.00%

The domain ads.yahoo.com has been seen to resolve to the following 4 IP addresses.

98.138.49.44
mpr1.ngd.vip.ne1.yahoo.com
May 27, 2016

98.138.49.84
mpr2.ngd.vip.ne1.yahoo.com
May 27, 2016

98.139.225.42
mpr1.ngd.vip.bf1.yahoo.com
July 7, 2014

98.139.225.43
mpr2.ngd.vip.bf1.yahoo.com
July 7, 2014

File downloads found at URLs served by ads.yahoo.com.

1 / 68      (Adware)
http://ads.yahoo.com/clk?3,eJytjd0KgjAcxV9IZDrnhNHFX51h5ECYQd05teWyD1Ss3j4jqhfox7k5h8M5DmZug6kiJVJ7vA8QUczxXOohhCtfWYgx5gTYJT6lJLAKNF2W7SqUeVRVJx3Ci8h3FXwIEeSXn9PAgdjXMn.72vYT-Avz8uHzkwLoWXEAVB6h5mn4rcUbI6S-76T21rK4b2UxZjLpsofTCsPnjN-EAbQ9JZ1YFp74HSwsywy9bYa6b6emt8.N-AScOlTd,  (player_setup.exe)

17 / 68    (PUP)
https://ads.yahoo.com/clk?3,eJydjlFvgjAQxz-Nb4RIK9im2UOZQNhQ42zWlZcFWFGwajO6CX761UiWPe-XS-5.v-Qu50FS1LiUGM-msoJSlpB4s2AO5rUfFIEzJYQAHwMMAUKBs-reUPL5veUbehp8EdIbC5l90L-IsSMabmgS1zpvL3ezr7bP9.R4alJE.0.YDi.dmFNK7f3dAtHUy93qMP51I4n6NROX1TVsM.56EDwySxar5eA1gimV8acmZ2m.5taxqM93v5sPjrM3RncTSCcgtqW1W5eukaroz251PlrVyq.-3cijVoWRdv4BZvRiRA==,  (flashplayersetup__2583_i803449511_il4.exe)

The following 168 files have been seen to comunicate with ads.yahoo.com in live environments.

TCP » 98.139.225.43:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 98.139.225.43:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 98.139.225.43:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 98.139.225.43:80
NexGuard.exe (NexCafé by Nextar)

TCP » 98.138.49.44:80
client.exe

TCP » 98.139.225.43:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 98.138.49.44:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 98.139.225.43:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 98.138.49.44:80
NexGuard.exe (NexCafé by Nextar)

TCP » 98.138.49.44:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 98.138.49.44:443
browser.exe (speed browser by Smart Applications)

TCP » 98.138.49.44:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 98.139.225.43:443
browser.exe (speed browser by Smart Applications)

TCP » 98.138.49.44:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 98.139.225.43:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 98.139.225.43:443
wikithemes.exe

TCP » 98.138.49.44:443
browser.exe (Browser)

TCP » 98.138.49.44:443
browser.exe (speed browser by Smart Applications)

TCP » 98.138.49.44:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 98.138.49.44:443
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 309 files

URL:
http://ads.yahoo.com/

Title:
“Home - Yahoo Advertising”

SSL certificate subject:
CN=ad.yieldmanager.com, OU=Information Technology, O=Yahoo Inc., L=Sunnyvale, S=California, C=US

SSL certificate issuer:
CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Web server:
ATS

Facebook:
Likes:  7
Shares:  12
Comments:  1

Twitter:
Shares:  94

Statistics are for the previous month.

adnetwork.net

adorika.com

adserverplus.com

avazu.net

bannerconnect.net

reduxmedia.com

xertivemedia.com

xtendmedia.com

yieldmanager.com

z5x.net

globaltakeoff.net

reachjunction.com

tblamnetwork.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.