home

www5l.incredimail.com

IncrediMail, Inc.

Domain Information

The domain www5l.incredimail.com registered by IncrediMail, Inc. was initially registered in October of 1999 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the nLayer Communications Internal/Backbone network.
Registrar:
GODADDY.COM, LLC

Server location:
New York, United States (US)

Create date:
Wednesday, October 27, 1999

Expires date:
Wednesday, January 2, 2019

Updated date:
Tuesday, November 11, 2014

ASN:
AS4436 AS-GTT-4436 - nLayer Communications, Inc.,US

Root domain:
incredimail.com

Whois:
4 incredimail.com records

Scanner detections:
Detections  (56% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Perion.L, PUP.Installer.Perion.T, PUP.Installer.Perion.H, PUP.Installer.Perion.S, PUP.Installer.Perion.O, PUP.Installer.BitCocktail.U, PUP.Perion.Installer.O, PUP.Installer.Perion.Q, PUP.Installer.Perion.W, PUP.IncrediMail.Installer.Installer.Meta (L), PUP.Perion.Bundler (M), PUP.Perion (M)
80.00%

Dr.Web
Tool.InstallToolbar.96, Adware.SweetIM.28, Trojan.DownLoader1.50195, Adware.IncrediMail.11, Win32.Sector.30, Adware.IncrediMail.36
53.33%

VIPRE Antivirus
Trojan.Win32.Generic, Sweetpacks/SweetIM
20.00%

Trend Micro House Call
TROJ_GEN.F47V0813, TROJ_GEN.F47V1229, TROJ_GEN.F47V1020, Suspicious_GEN.F47V0106, Suspicious_GEN.F47V0413
20.00%

ESET NOD32
Win32/Toolbar.Perion (variant), Win32/SweetIM, Win32/Toolbar.Perion.G potentially unwanted (variant)
16.67%

Baidu Antivirus
Adware.Win32.Agent, Adware.Win32.Perinet
13.33%

Kaspersky
not-a-virus:WebToolbar.Win32.Perinet
13.33%

McAfee
Artemis!127C4C5D6216, Artemis!9D1F9A726AE5, Artemis!C09AF9033508
10.00%

Malwarebytes
PUP.Optional.InstallBrain.A, PUP.Optional.Sweetpacks
10.00%

K7 AntiVirus
Unwanted-Program
10.00%

NANO AntiVirus
Trojan.Nsis.Downloader.dgzdwf, Trojan.Nsis.Toolbar.dflenu, Trojan.Win64.Generic.degcxu
10.00%

G Data
Win32.Application.Agent.AE676M, Win32.Application.Iminent
10.00%

Sophos
Generic PUA PC, Generic PUA JM
6.67%

Avira AntiVirus
Adware/Agent.3547440, Adware/Agent.4748456
6.67%

Qihoo 360 Security
Win32/Virus.WebToolbar.2ea
6.67%

The domain www5l.incredimail.com has been seen to resolve to the following 63 IP addresses.

23.219.88.166
a23-219-88-166.deploy.static.akamaitechnologies.com
August 25, 2016

23.50.225.11
a23-50-225-11.deploy.static.akamaitechnologies.com
August 23, 2016

23.219.88.175
a23-219-88-175.deploy.static.akamaitechnologies.com
August 23, 2016

104.96.221.114
a104-96-221-114.deploy.static.akamaitechnologies.com
July 24, 2016

104.96.221.146
a104-96-221-146.deploy.static.akamaitechnologies.com
July 20, 2016

104.96.221.83
a104-96-221-83.deploy.static.akamaitechnologies.com
July 20, 2016

104.96.220.154
a104-96-220-154.deploy.static.akamaitechnologies.com
July 1, 2016

104.96.220.146
a104-96-220-146.deploy.static.akamaitechnologies.com
July 1, 2016

23.3.13.186
a23-3-13-186.deploy.static.akamaitechnologies.com
May 21, 2016

104.96.220.128
a104-96-220-128.deploy.static.akamaitechnologies.com
May 18, 2016

104.96.220.129
a104-96-220-129.deploy.static.akamaitechnologies.com
May 15, 2016

104.96.220.184
a104-96-220-184.deploy.static.akamaitechnologies.com
May 15, 2016

198.47.116.28
April 11, 2016

198.47.116.68
April 11, 2016

23.62.6.208
a23-62-6-208.deploy.static.akamaitechnologies.com
February 25, 2016

184.28.17.169
a184-28-17-169.deploy.static.akamaitechnologies.com
February 22, 2016

184.28.17.200
a184-28-17-200.deploy.static.akamaitechnologies.com
February 22, 2016

23.220.148.49
a23-220-148-49.deploy.static.akamaitechnologies.com
February 21, 2016

23.220.148.65
a23-220-148-65.deploy.static.akamaitechnologies.com
February 21, 2016

23.0.160.96
a23-0-160-96.deploy.static.akamaitechnologies.com
February 17, 2016

23.0.160.97
a23-0-160-97.deploy.static.akamaitechnologies.com
February 17, 2016

184.25.157.73
a184-25-157-73.deploy.static.akamaitechnologies.com
February 11, 2016

184.25.157.75
a184-25-157-75.deploy.static.akamaitechnologies.com
February 11, 2016

168.143.242.249
February 3, 2016

168.143.242.226
February 3, 2016

173.205.24.186
January 5, 2016

173.205.24.176
January 5, 2016

209.133.80.25
January 5, 2016

209.133.80.49
January 5, 2016

23.62.63.144
a23-62-63-144.deploy.static.akamaitechnologies.com
January 4, 2016

 
Showing 30 of 63 IP Addresses

File downloads found at URLs served by www5l.incredimail.com.

0 / 68
http://www5l.incredimail.com/im/imsetup/201301300001/beta/installer/.../IncrediMailSetup_it.exe  (96f0c468907375c25347fc7b37173128)

2 / 68      (PUP)
http://www5l.incredimail.com/im/setup/201004060100/test/.../incredimail_install.exe  (9b0436948331136cec29f43d665c7916)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201301021139/default/installer/.../IncrediMailSetup.exe  (ab9c17427561c4bf05cf5a42079a8432)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201301300001/beta/installer/.../IncrediMailSetup.exe  (c7603d7f995a314b31814f4f2b200c40)

0 / 68
http://www5l.incredimail.com/im/imsetup/201212251139/default/installer/.../IncrediMailSetup_es.exe  (4e510ac9ac3e044ac66cca85ce9d4913)

4 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201309110001/test/tgout/installer//.../IncrediMailSetup_it.exe  (f63255535eedba2b2c74148b5c087339)

0 / 68
http://www5l.incredimail.com/im/imsetup/201111140101/default/installer/.../IncrediMailSetup.exe  (85f4fd0b12ac051b7a8a83c8c66f6055)

0 / 68
http://www5l.incredimail.com/im/imsetup/201110030101/test/tg3/installer//.../IncrediMailSetup_de.exe  (c03b3dff0ecc174df79f98a0854a0065)

0 / 68
http://www5l.incredimail.com/im/imsetup/201301300001/beta/installer/.../IncrediMailSetup_pt.exe  (8bc8344f72531f54c6c28bf8dd2252c4)

0 / 68
http://www5l.incredimail.com/im/setup/2009072001/default/.../IncrediMailSetup_fr.exe  (incredimail_incredimail_5.8.6_build_4332_francais_10318.exe)

13 / 68    (PUP)
http://www5l.incredimail.com/incredibar/skywalker/update_tail/Unified/.../SkywalkerSetup.exe  (a386a16356c1bf1ace3ee788219798ec)

15 / 68    (PUP)
http://www5l.incredimail.com/incredibar/SwTailUpgrade/.../WSSetup.exe  (c09af90335088e71571ce054b8dfb714)

1 / 68      (PUP)
http://www5l.incredimail.com/incredibar/skywalker/update_tail/Unified/.../SkywalkerSetup.exe  (30e644be66727f3e7662fcf236a67321)

0 / 68
http://www5l.incredimail.com/im/imsetup/201012290001/test/installer//.../IncrediMailSetup.exe  (3d2f9b1e62bcfb511dc0d5720bbefb3b)

5 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201207311605/default/.../incredimail_install.exe  (34a3d284b64c2959a19c6160722c73d2)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201205301150/default/installer//.../IncrediMailSetup_es.exe  (e5f41025c13775ef6cdb9a61354d4d85)

1 / 68      (PUP)
http://www5l.incredimail.com/incredibar/IMPPSOM/setup/default/installer/.../sg.exe  (sg_6oypihu7yf_active.exe)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201309110001/default/installer//.../IncrediMailSetup_nl.exe  (2baaa42218deb7b3e29f088222942631)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201309110001/test/tgout/installer//.../IncrediMailSetup_nl.exe  (0fc0be76d4129396a9380ec0b33ca3ac)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201011010001/control/.../incredimail_install.exe  (e6bebd82a60989c4e4b685a3ba01a167)

0 / 68
http://www5l.incredimail.com/im/imsetup/201309110001/test/tgout/installer//.../IncrediMailSetup_pt.exe  (8addc1064fd6ffdb6fde599423d04f68)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201301300001/beta/installer/.../IncrediMailSetup_nl.exe  (2baaa42218deb7b3e29f088222942631)

0 / 68
http://www5l.incredimail.com/im/setup/2009032501/default/.../IncrediMailSetup_es.exe  (7e3a51b82a200380bac50108c5b13a3d)

0 / 68
http://www5l.incredimail.com/im/imsetup/201301300001/beta/installer/.../IncrediMailSetup_fr.exe  (14f854a6ab6475840eeffa026e55f699)

2 / 68      (PUP)
http://www5l.incredimail.com/incredibar/skywalker/update_tail/Unified/.../SkywalkerSetup.exe  (486614a08cfc0efa08da5896cce9f9a1)

7 / 68      (PUP)
http://www5l.incredimail.com/incredibar/skywalker/update_tail/Unified/.../SkywalkerSetup.exe  (d40c0d34f09e1d5a9903ebfb93970842)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201309110001/default/installer//.../IncrediMailSetup.exe  (incredimailsetup2.5.exe)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201212251139/default/installer/.../IncrediMailSetup_nl.exe  (2baaa42218deb7b3e29f088222942631)

1 / 68      (PUP)
http://www5l.incredimail.com/im/imsetup/201106090001/test/tgout/installer//.../IncrediMailSetup.exe  (incredimailsetup2.5.exe)

4 / 68      (PUP)
http://www5l.incredimail.com/incredibar/skywalker/update_tail/.../SkywalkerSetup.exe  (810f7999c1c57a20cdd615635091b41d)

 
Latest 30 of 206 download URLs

The following 420 files have been seen to comunicate with www5l.incredimail.com in live environments.

TCP » 208.111.128.6:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.128.7:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.128.7:80
k9pcp.exe (k9pcp by K9Tools)

TCP » 23.3.13.217:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.128.7:80
Patcher.exe (Audition Patcher by Axeso5.com)

TCP » 208.111.128.6:80
sysmon.exe (SysMon)

TCP » 208.111.128.6:80
pcsp.exe (PC Speedup Pro by pcspeeduppro.com)

TCP » 208.111.128.7:80
sysmon.exe (SysMon)

TCP » 208.111.128.6:80
asc.exe (Advance-System Care by advancedpctools.com)

TCP » 208.111.128.7:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 23.219.88.166:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.128.6:80
Patcher.exe (Audition Patcher by Axeso5.com)

TCP » 104.96.220.128:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.128.7:80
AdvancedSystemProtector.exe (ASP)

TCP » 23.3.13.217:80
browser.exe (Browser)

TCP » 104.96.220.129:443
kometa.exe (Kometa by Kometa Authors)

TCP » 23.50.225.11:80
browser.exe (Browser)

TCP » 104.96.220.128:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.128.7:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.50.225.11:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

 
Latest 20 of 530 files

URL:
http://www5l.incredimail.com/

Web server:
nginx/0.7.62

Facebook:
Likes:  1
Shares:  1

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.