98.138.49.43

mpr2.ngd.vip.ne1.yahoo.com

IP Address Information

The Internet Service Provider (ISP) that owns the network address of 98.138.49.43 is Yahoo! Inc. and located in California within the United States. The IP Address resolves to the DNS record of mpr2.ngd.vip.ne1.yahoo.com. Currently there are 3 domain names that utilize this address. While the physical location of the server hosting the address is located in Nebraska, Yahoo! Inc. is registered in Sunnyvale, California. The primary domain hosted by this IP is ad.yieldmanager.com along with 2 other domains which are known adware distribution web sites.
Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.TUGUUSL.X, PUP.Installer.Amonetizeltd.d, PUP.Installer.FullSpectrumInteractive.Y, PUP.Optional.VisualSoftwareSystems.N, DownloadManager.AirSoftware.F, PUP.Adknowledge.OptimumInstaller.Installer (M), PUP.Jottix.JottixinternationalmediaGM2007.Installer (M), PUP.Jottix.Jottixin.Installer (M)
100.00%

Dr.Web
Adware.W3i.29, Adware.Downware.1528, Adware.DownloadAdmin.1, Adware.W3i.31, Adware.Downware.1167, Adware.Downware.1326, Adware.Downware.1108
75.00%

VIPRE Antivirus
DomaIQ, Amonetize, DownloadAdmin, InstallIQ Installer, Threat.4782985, AirInstaller, Optimum Installer
70.00%

Avira AntiVirus
APPL/DomaIQ.Gen, ADWARE/Adware.Gen2, Adware/DownloadAdmin.AA.21, Adware/AirInst.2556, ADWARE/Adware.Gen7, APPL/Solimba.Gen
70.00%

Sophos
Generic PUA CF, Amonetize, Download Admin, DomainIQ pay-per install, AirInstaller, iBryte Optimum Installer
65.00%

Malwarebytes
PUP.FakeFlash.Domaiq, PUP.Optional.Amonetize.A, PUP.Optional.FullSpectrumAdmin, Adware.DomaIQ, MSIL.Solimba, PUP.Optional.Ibryte
60.00%

K7 AntiVirus
Trojan , Unwanted-Program , Adware, Adware
60.00%

avast!
NSIS:DomaIQ-C [PUP], Win32:Amonetize-I [PUP], Win32:DomaIQ-AI [PUP], Win32:DomaIQ-M [PUP], PUP-gen [PUP], Win32:Installer-J [PUP]
60.00%

ESET NOD32
Win32/DomaIQ, Win32/Amonetize (variant), Win32/DownloadAdmin, Win32/InstallIQ (variant), Win32/DownWare
60.00%

Comodo Security
Application.Win32.DomaIQ.~qk, UnclassifiedMalware, Application.Win32.DomaIQ.~A, Application.Win32.Downloader.Agent.WA, Application.Win32.AirAdInstaller.A
55.00%

The following domains resolved to the IP address 98.138.49.43.

File URLs download from 98.138.49.43.

 
Latest 30 of 338 download URLs

The following 12 files have been seen to comunicate with this IP address in live environments.

TCP port 80

TCP port 80

TCP port 80

TCP port 443

The geographical location of this IP address.

Country:
United States (US)

Region:
Nebraska

City:
Omaha

Coordinates:
41.2586, -95.9378

The ARIN network assigned organization for IP address 98.138.49.43.

Org name:
Yahoo! Inc.

Org identifier:
YHOO

Org country:
United States (US)

Org region:
California

Org city:
Sunnyvale

Org address:
701 First Ave

ARIN WHOIS:
NetRange: 98.136.0.0 - 98.139.255.255
CIDR: 98.136.0.0/14
OriginAS:
NetName: A-YAHOO-US9
NetHandle: NET-98-136-0-0-1
Parent: NET-98-0-0-0-0
NetType: Direct Allocation
RegDate: 2007-12-07
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-98-136-0-0-1


OrgName: Yahoo! Inc.
OrgId: YHOO
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
RegDate: 2000-10-23
Updated: 2013-04-02
Ref: http://whois.arin.net/rest/org/YHOO

OrgAbuseHandle: NETWO5978-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: abuse@yahoo-inc.com
OrgAbuseRef: http://whois.arin.net/rest/poc/NETWO5978-ARIN

OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: thash@yahoo-inc.com
OrgTechRef: http://whois.arin.net/rest/poc/NA258-ARIN

RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: network-abuse@cc.yahoo-inc.com
RAbuseRef: http://whois.arin.net/rest/poc/NETWO857-ARIN

RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: thash@yahoo-inc.com
RTechRef: http://whois.arin.net/rest/poc/NA258-ARIN


Autonomous System Assignment
ASNumber:
36646

ASName:
YAHOO-NE1 - Yahoo,US

ASHandle:
AS36646

Remove Malware from 98.138.49.43 - Powered by Reason Core Security