# 
# this list of ponmocup malware redirection domains and infected web-servers is maintained by 
# email:   toms.security.stuff -at- gmail.com
# twitter: @c_APT_ure
# blog:    http://c-apt-ure.blogspot.com/
#
# for use with CIF see malware-feeds here:
# http://security-research.dyndns.org/pub/malware-feeds/
# 
date started: Sat Apr  8 00:00:01 PDT 2017
checking domain: beplants.be --> seems to be INFECTED: http://yasonia.vehicleexchangeprogram.com/delivery/lg.php --> DNS: yasonia.vehicleexchangeprogram.com (yasonia.vehicleexchangeprogram.com) / 31.210.96.157
checking domain: www.jacquestrifin.be --> seems to be INFECTED: http://golfforkids.assistlist.com/b/ss/comcastegegg4tvcom/1/H.20.3/s37075049322770 --> DNS: golfforkids.assistlist.com (golfforkids.assistlist.com) / 31.210.96.158
checking domain: upetterbeek.be --> seems to be INFECTED: http://seelback.tfgjustsayin.net/avatar/b8805389ee4391c3f8f9b91ce3cf11b9 --> DNS: seelback.tfgjustsayin.net (seelback.tfgjustsayin.net) / 31.210.96.157
checking domain: www.supportedholidaysantequera.co.uk --> seems to be INFECTED: http://shahree.azdiscus.com/url --> DNS: shahree.azdiscus.com (shahree.azdiscus.com) / 178.211.33.203
checking domain: abus-spirituel.org --> seems to be INFECTED: http://transforminator.juddnelsonstudio.com/router/ --> DNS: transforminator.juddnelsonstudio.com (transforminator.juddnelsonstudio.com) / failed: Name or service not known.
checking domain: www.dynasun.com --> seems to be INFECTED: http://thousandmilitary.com/cgi-bin/r.cgi --> DNS: thousandmilitary.com (thousandmilitary.com) / 185.53.178.7
checking domain: www.agliran.co.il --> seems to be INFECTED: http://mercysiste.vehicleservicediscount.com/pview --> DNS: mercysiste.vehicleservicediscount.com (mercysiste.vehicleservicediscount.com) / 31.210.96.157
checking domain: www.ccpa.org.tw --> seems to be INFECTED: http://sandercoe.gliscentrifugal.com/new2/www/delivery/lg.php --> DNS: sandercoe.gliscentrifugal.com (sandercoe.gliscentrifugal.com) / 185.53.178.10
checking domain: cioks.com --> seems to be INFECTED: http://rimei.integratedpipe.com/ads/www/delivery/ajs.php --> DNS: rimei.integratedpipe.com (rimei.integratedpipe.com) / failed: Name or service not known.
checking domain: www.aca-uccle.be --> seems to be INFECTED: http://omonkhegbele.wenerdhard.com/servlet/ajrotator/2000399/0/vj --> DNS: omonkhegbele.wenerdhard.com (omonkhegbele.wenerdhard.com) / 31.210.96.155
checking domain: www.upetterbeek.be --> seems to be INFECTED: http://seelback.tfgjustsayin.net/b --> DNS: seelback.tfgjustsayin.net (seelback.tfgjustsayin.net) / 31.210.96.157
checking domain: www.trikalasport.gr --> seems to be INFECTED: http://siene.webrunchhard.com/imgres --> DNS: siene.webrunchhard.com (siene.webrunchhard.com) / 31.210.96.155
checking domain: gezinsbondzarren.be --> seems to be INFECTED: http://kumher.savedalyfield.com/s --> DNS: kumher.savedalyfield.com (kumher.savedalyfield.com) / 5.39.99.52
checking domain: 1980622.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: afag.com.br --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: agirazul.com.br --> seems to be INFECTED: http://lewisentitled.com/cgi-bin/r.cgi --> DNS: lewisentitled.com (lewisentitled.com) / 98.124.243.30
checking domain: agroservis.rs --> seems to be INFECTED: http://voictoall.com/cgi-bin/r.cgi --> DNS: voictoall.com (voictoall.com) / 167.114.156.214
checking domain: apprendre-l-arabe.fr --> seems to be INFECTED: http://yasnid.vehicleservicediscount.com/new/www/delivery/lg.php --> DNS: yasnid.vehicleservicediscount.com (yasnid.vehicleservicediscount.com) / 31.210.96.157
checking domain: avionhome.com.tw --> seems to be INFECTED: http://intronetech.com/cgi-bin/r.cgi --> DNS: intronetech.com (intronetech.com) / 158.69.145.48
checking domain: avkolik.net --> seems to be INFECTED: http://shijothomas.softmn.com/tracker --> DNS: shijothomas.softmn.com (shijothomas.softmn.com) / 31.210.96.157
checking domain: blackcanyoncoffee.com --> seems to be INFECTED: http://mudras.jordandowney.net/s --> DNS: mudras.jordandowney.net (mudras.jordandowney.net) / failed: Name or service not known.
checking domain: blog.autourdeminuit.com --> seems to be INFECTED: http://trackallnet.com/cgi-bin/r.cgi --> DNS: trackallnet.com (trackallnet.com) / 158.69.143.80
checking domain: blogfilcamsvarese.it --> seems to be INFECTED: http://loolu.carolinadreamrealestate.net/url --> DNS: loolu.carolinadreamrealestate.net (loolu.carolinadreamrealestate.net) / 178.211.33.205
checking domain: bluewingz.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 208.73.210.200, 208.73.211.178, 208.73.210.214,  /
checking domain: boisdolivier.biz --> seems to be INFECTED: http://herocopter.com/cgi-bin/r.cgi --> DNS: herocopter.com (herocopter.com) / 185.53.179.6
checking domain: businessbythespirit.com --> seems to be INFECTED: http://everybodynames.org/cgi-bin/r.cgi --> DNS: everybodynames.org (everybodynames.org) / 103.224.182.241
checking domain: cbm.esp.br --> seems to be INFECTED: http://nalaras.farremuebles.com/b/ss/hphqglobal,hpcsecglobal,hphqna,hphqnahpshopping,hpcsecamsushhos/1/H.24.3/s81763155704102 --> DNS: nalaras.farremuebles.com (nalaras.farremuebles.com) / 81.92.219.62
checking domain: cdcookingbook.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 103.224.182.210
checking domain: demo.crg-sa.com --> seems to be INFECTED: http://sslabssys.com/cgi-bin/r.cgi --> DNS: sslabssys.com (sslabssys.com) / 109.201.135.34
checking domain: dialolinks.de --> seems to be INFECTED: http://hartrup.kemperfitness.com/__utm.gif --> DNS: hartrup.kemperfitness.com (hartrup.kemperfitness.com) / 208.73.211.14
checking domain: diningcity.net --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 185.53.178.8
checking domain: d-math1.com --> seems to be INFECTED: http://renolla.golfnewsnewyork.com/delivery/lg.php --> DNS: renolla.golfnewsnewyork.com (renolla.golfnewsnewyork.com) / 51.254.28.162
checking domain: duikeninzutphen.nl --> seems to be INFECTED: http://trialworld.net/cgi-bin/r.cgi --> DNS: trialworld.net (trialworld.net) / 103.224.182.241
checking domain: eniaktesting.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 103.224.182.210
checking domain: equestrianinfluence.com --> seems to be INFECTED: http://capitalinformer.com/cgi-bin/r.cgi --> DNS: capitalinformer.com (capitalinformer.com) / 72.52.4.122
checking domain: exclusivesms.com --> seems to be INFECTED: http://ifteiha.lions-mark.com/b/ss/aa-airasia-id-prd,aa-airasia-global/1/H.24.1/s6814266121822 --> DNS: ifteiha.lions-mark.com (ifteiha.lions-mark.com) / 31.210.96.158
checking domain: ezkahuda.cz --> seems to be INFECTED: http://costslaid.com/cgi-bin/r.cgi --> DNS: costslaid.com (costslaid.com) / 185.53.178.9
checking domain: famedomain.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 208.73.210.200, 208.73.211.178, 208.73.210.214,  /
checking domain: forum.auto.am --> seems to be INFECTED: http://witchwyd.bestsilvercufflinks.com/t.gif --> DNS: witchwyd.bestsilvercufflinks.com (witchwyd.bestsilvercufflinks.com) / 31.210.96.156
checking domain: harlawacademy.org --> seems to be INFECTED: http://teethalong.org/cgi-bin/r.cgi --> DNS: teethalong.org (teethalong.org) / 158.69.143.113
checking domain: hungryviki.com --> seems to be INFECTED: http://intronetech.com/cgi-bin/r.cgi --> DNS: intronetech.com (intronetech.com) / 158.69.145.48
checking domain: images.wiltec.info --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: infobunda.com --> seems to be INFECTED: http://53034.clickbanksite.org/url --> DNS: 53034.clickbanksite.org (53034.clickbanksite.org) / 208.73.211.70
checking domain: intermundos.org --> seems to be INFECTED: http://poumtas.effectsllc.com/new2/www/delivery/lg.php --> DNS: poumtas.effectsllc.com (poumtas.effectsllc.com) / 31.210.96.158
checking domain: janeece.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 72.52.4.120
checking domain: jornalsodesporto.com --> seems to be INFECTED: http://yononz.totalslipsolutions.net/url --> DNS: yononz.totalslipsolutions.net (yononz.totalslipsolutions.net) / 178.211.33.205
checking domain: jornalvakio.com --> seems to be INFECTED: http://capitalinformer.com/cgi-bin/r.cgi --> DNS: capitalinformer.com (capitalinformer.com) / 72.52.4.122
checking domain: jwegener.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 72.52.4.120
checking domain: karavelle.com.br --> seems to be INFECTED: http://britts.oharvest.net/delivery/lg.php --> DNS: britts.oharvest.net (britts.oharvest.net) / 31.210.96.156
checking domain: kw-dl.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: leandromauricio.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: legno-olivo.biz --> seems to be INFECTED: http://trialworld.net/cgi-bin/r.cgi --> DNS: trialworld.net (trialworld.net) / 103.224.182.241
checking domain: lesmanguiers.com --> seems to be INFECTED: http://jernighan.sullivan-county.com/b/ss/ahmhondacomprod/0/FAS-1.3/s05176928364671 --> DNS: jernighan.sullivan-county.com (jernighan.sullivan-county.com) / failed: Name or service not known.
checking domain: levantdistribution.com --> seems to be INFECTED: http://herocopter.com/cgi-bin/r.cgi --> DNS: herocopter.com (herocopter.com) / 185.53.179.6
checking domain: matzlpage.de --> seems to be INFECTED: http://forhed.dealerholidayevent.com/__utm.gif --> DNS: forhed.dealerholidayevent.com (forhed.dealerholidayevent.com) / 31.210.96.157
checking domain: meteomaastricht.nl --> seems to be INFECTED: http://59462.p-balls.com/url --> DNS: 59462.p-balls.com (59462.p-balls.com) / 103.224.212.249
checking domain: metrotecegypt.info --> seems to be INFECTED: http://hobart.softmn.com/www/delivery/ajs.php --> DNS: hobart.softmn.com (hobart.softmn.com) / 31.210.96.157
checking domain: mile2000.com --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / 91.195.241.72
checking domain: mvrccc.com.au --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 72.52.4.120
checking domain: myexfuzeoffice.com --> seems to be INFECTED: http://batilekaleka.laallstars.com/url --> DNS: batilekaleka.laallstars.com (batilekaleka.laallstars.com) / 178.211.33.205
checking domain: myyogasource.com --> seems to be INFECTED: http://ushean.8jutawan.com/pview --> DNS: ushean.8jutawan.com (ushean.8jutawan.com) / 31.210.96.156
checking domain: nancyhudsonassociates.com --> seems to be INFECTED: http://trialworld.net/cgi-bin/r.cgi --> DNS: trialworld.net (trialworld.net) / 103.224.182.241
checking domain: ncpo.cc --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: nitpl.com --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / 185.53.179.6
checking domain: northbatonrougejournal.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 103.224.182.210
checking domain: ofarroupilha.com.br --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / 91.195.241.72
checking domain: perca.pl --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: php2.twinner.com.tw --> seems to be INFECTED: http://60306.flatblastard.com/url --> DNS: 60306.flatblastard.com (60306.flatblastard.com) / 91.207.4.51
checking domain: phuongdanhvonghe.edu.vn --> seems to be INFECTED: http://everybodynames.org/cgi-bin/r.cgi --> DNS: everybodynames.org (everybodynames.org) / 103.224.182.241
checking domain: piccolistudio.com.br --> seems to be INFECTED: http://handsexual.com/cgi-bin/r.cgi --> DNS: handsexual.com (handsexual.com) / 141.8.225.77
checking domain: playgroundpups.com --> seems to be INFECTED: http://usva.automotiveeventregistration.com/__utm.gif --> DNS: usva.automotiveeventregistration.com (usva.automotiveeventregistration.com) / 31.210.96.157
checking domain: pmmilrec.com --> seems to be INFECTED: http://elinah.midnightastronomy.com/imghover --> DNS: elinah.midnightastronomy.com (elinah.midnightastronomy.com) / 31.210.96.155
checking domain: pntc.ac.th --> seems to be INFECTED: http://twowayserf.com/cgi-bin/r.cgi --> DNS: twowayserf.com (twowayserf.com) / 199.59.242.150
checking domain: police.moraga.ca.us --> seems to be INFECTED: http://clubshop.boeckman.net/delivery/lg.php --> DNS: clubshop.boeckman.net (clubshop.boeckman.net) / 31.210.96.158
checking domain: porntamil.com --> seems to be INFECTED: http://germanattention.org/cgi-bin/r.cgi --> DNS: germanattention.org (germanattention.org) / 69.64.146.192
checking domain: quantica.cl --> seems to be INFECTED: http://gamecomes.org/cgi-bin/r.cgi --> DNS: gamecomes.org (gamecomes.org) / 185.53.178.9
checking domain: radiogurbeti.com --> seems to be INFECTED: http://sonagara.slyforkfarm.com/pingjs/ --> DNS: sonagara.slyforkfarm.com (sonagara.slyforkfarm.com) / 141.8.224.93
checking domain: reimagery.com --> seems to be INFECTED: http://stiepcic.z-sat.com/api/getCount2.php --> DNS: stiepcic.z-sat.com (stiepcic.z-sat.com) / 31.210.96.158
checking domain: rose.kuro-tejina.com --> seems to be INFECTED: http://intronetech.com/cgi-bin/r.cgi --> DNS: intronetech.com (intronetech.com) / 158.69.145.48
checking domain: saobacdau.com.vn --> seems to be INFECTED: http://underbuild.net/cgi-bin/r.cgi --> DNS: underbuild.net (underbuild.net) / 199.115.115.116
checking domain: saranf.net --> seems to be INFECTED: http://hombrado.yourspartanmovers.com/p --> DNS: hombrado.yourspartanmovers.com (hombrado.yourspartanmovers.com) / 141.8.224.183
checking domain: sports-rehab-and-education.co.uk --> seems to be INFECTED: http://herocopter.com/cgi-bin/r.cgi --> DNS: herocopter.com (herocopter.com) / 185.53.179.6
checking domain: sseo.elk.pl --> seems to be INFECTED: http://gensapa.valentinesalesevent.com/imghover --> DNS: gensapa.valentinesalesevent.com (gensapa.valentinesalesevent.com) / 31.210.96.156
checking domain: stillcatholic.com --> seems to be INFECTED: http://zahasky.greatserviceforless.com/bbc/bbc/s --> DNS: zahasky.greatserviceforless.com (zahasky.greatserviceforless.com) / 31.210.96.157
checking domain: stw-eu.com --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / 185.53.179.6
checking domain: syrena.gminanekla.pl --> seems to be INFECTED: http://apartliberal.com/cgi-bin/r.cgi --> DNS: apartliberal.com (apartliberal.com) / 103.224.182.241
checking domain: theflightattendantlife.com --> seems to be INFECTED: http://skagger.automotiveservicesavings.com/s --> DNS: skagger.automotiveservicesavings.com (skagger.automotiveservicesavings.com) / 31.210.96.157
checking domain: upunder.com --> seems to be INFECTED: http://everybodynames.org/cgi-bin/r.cgi --> DNS: everybodynames.org (everybodynames.org) / 103.224.182.241
checking domain: watchourvideo.net --> seems to be INFECTED: http://formedtouch.com/cgi-bin/r.cgi --> DNS: formedtouch.com (formedtouch.com) / 103.224.182.241
checking domain: wbu.wroc.pl --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: weterynarz-zawiercie.pl --> seems to be INFECTED: http://lewisentitled.com/cgi-bin/r.cgi --> DNS: lewisentitled.com (lewisentitled.com) / 98.124.243.30
checking domain: windomallergy.com --> seems to be INFECTED: http://trialworld.net/cgi-bin/r.cgi --> DNS: trialworld.net (trialworld.net) / 103.224.182.241
checking domain: wirdumonline.nl --> seems to be INFECTED: http://luckyhosting.org/cgi-bin/r.cgi --> DNS: luckyhosting.org (luckyhosting.org) / failed: Name or service not known.
checking domain: wodzirejka.com.pl --> seems to be INFECTED: http://formedtouch.com/cgi-bin/r.cgi --> DNS: formedtouch.com (formedtouch.com) / 103.224.182.241
checking domain: workandlifebalance.eu --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / 91.195.241.72
checking domain: workpanel.de --> seems to be INFECTED: http://creighton.wenerdhard.com/delivery/ajs.php --> DNS: creighton.wenerdhard.com (creighton.wenerdhard.com) / 31.210.96.155
checking domain: www.actiogen.com --> seems to be INFECTED: http://teethalong.org/cgi-bin/r.cgi --> DNS: teethalong.org (teethalong.org) / 158.69.143.113
checking domain: www.addbeton.com --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / 91.195.241.72
checking domain: www.aguadarocha.com.br --> seems to be INFECTED: http://costslaid.com/cgi-bin/r.cgi --> DNS: costslaid.com (costslaid.com) / 185.53.178.9
checking domain: www.alhassanain.com --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: www.alnimrexpo.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 103.224.182.210
checking domain: www.apmc.com.hk --> seems to be INFECTED: http://capitalinformer.com/cgi-bin/r.cgi --> DNS: capitalinformer.com (capitalinformer.com) / 72.52.4.122
checking domain: www.aspi.ag --> seems to be INFECTED: http://umxamzah.mrsstyleseeker.com/fpc.pl --> DNS: umxamzah.mrsstyleseeker.com (umxamzah.mrsstyleseeker.com) / 31.210.96.157
checking domain: www.aztechprep.org --> seems to be INFECTED: http://mathanie.renzograciemexico.com/neo/darla/php/fc.php --> DNS: mathanie.renzograciemexico.com (mathanie.renzograciemexico.com) / 31.210.96.156
checking domain: www.baliindividuellreisen.com --> seems to be INFECTED: http://besidesdream.com/cgi-bin/r.cgi --> DNS: besidesdream.com (besidesdream.com) / 185.53.179.7
checking domain: www.bharatinfoline.com --> seems to be INFECTED: http://lesbon.ksupridewrestling.com/lg.php --> DNS: lesbon.ksupridewrestling.com (lesbon.ksupridewrestling.com) / 213.247.47.190
checking domain: www.bienenmilch.com --> seems to be INFECTED: http://jonestown.serenehomeandlandscapes.com/f.gif --> DNS: jonestown.serenehomeandlandscapes.com (jonestown.serenehomeandlandscapes.com) / failed: Name or service not known.
checking domain: www.bitcell.com.mx --> seems to be INFECTED: http://ushiar.vehicleservicediscount.com/hb/i/sg/adv/infinity/sg_prom_ysm_iframe_20110425.html --> DNS: ushiar.vehicleservicediscount.com (ushiar.vehicleservicediscount.com) / 31.210.96.157
checking domain: www.bluestar.us --> seems to be INFECTED: http://twowayserf.com/cgi-bin/r.cgi --> DNS: twowayserf.com (twowayserf.com) / 199.59.242.150
checking domain: www.bobthebugman.com --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / 185.53.179.6
checking domain: www.bodasexclusivas.com --> seems to be INFECTED: http://compass.automotiveeventregistration.com/__utm.gif --> DNS: compass.automotiveeventregistration.com (compass.automotiveeventregistration.com) / 31.210.96.157
checking domain: www.bralicias.com --> seems to be INFECTED: http://dutytraditional.net/cgi-bin/r.cgi --> DNS: dutytraditional.net (dutytraditional.net) / 185.53.178.8
checking domain: www.brianpatten.co.uk --> seems to be INFECTED: http://bjrneset.ahtcna.com/BurstingPipe/adServer.bs --> DNS: bjrneset.ahtcna.com (bjrneset.ahtcna.com) / 31.210.96.158
checking domain: www.calltoislam.com --> seems to be INFECTED: http://edmenson.admiralheatingoil.com/imghover --> DNS: edmenson.admiralheatingoil.com (edmenson.admiralheatingoil.com) / 208.73.211.70
checking domain: www.carlosmeschini.com.br --> seems to be INFECTED: http://fulpagar.tropicaltoner.com/tracker --> DNS: fulpagar.tropicaltoner.com (fulpagar.tropicaltoner.com) / 31.210.96.158
checking domain: www.carlosvuam.com --> seems to be INFECTED: http://lewisentitled.com/cgi-bin/r.cgi --> DNS: lewisentitled.com (lewisentitled.com) / 98.124.243.30
checking domain: www.chiangkongonline.com --> seems to be INFECTED: http://zoenna.newlogiq.com/s --> DNS: zoenna.newlogiq.com (zoenna.newlogiq.com) / 31.210.96.155
checking domain: www.ciren.net --> seems to be INFECTED: http://treescha.automotiveservicesavings.com/ps/ifr --> DNS: treescha.automotiveservicesavings.com (treescha.automotiveservicesavings.com) / 31.210.96.157
checking domain: www.comune.santa-maria-capua-vetere.ce.it --> seems to be INFECTED: http://gesneriaceae.telecomillinois.com/pview --> DNS: gesneriaceae.telecomillinois.com (gesneriaceae.telecomillinois.com) / 31.210.96.155
checking domain: www.creativ-art1.com --> seems to be INFECTED: http://vermillon.serenehomeandlandscapes.com/s --> DNS: vermillon.serenehomeandlandscapes.com (vermillon.serenehomeandlandscapes.com) / failed: Name or service not known.
checking domain: www.dallascustomfurniture.com --> seems to be INFECTED: http://bonusforall.net/cgi-bin/r.cgi --> DNS: bonusforall.net (bonusforall.net) / failed: Name or service not known.
checking domain: www.designerdogwear.com --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 185.53.178.8
checking domain: www.dimclay.com --> seems to be INFECTED: http://aujikar.golfnewsiowa.com/new/www/delivery/lg.php --> DNS: aujikar.golfnewsiowa.com (aujikar.golfnewsiowa.com) / 185.53.178.8
checking domain: www.doctorhelp.de --> seems to be INFECTED: http://switchett.virtualsofts.com/pview --> DNS: switchett.virtualsofts.com (switchett.virtualsofts.com) / 213.247.47.190
checking domain: www.dogtreatrecipes.com.au --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 103.224.182.210
checking domain: www.dreamboxturk.com --> seems to be INFECTED: http://baylet.autoeventregistration.com/b/ss/jobsdb-prd-id/1/H.23.6/s65809815473997 --> DNS: baylet.autoeventregistration.com (baylet.autoeventregistration.com) / 31.210.96.157
checking domain: www.dulceselsombreron.com --> seems to be INFECTED: http://thousandmilitary.com/cgi-bin/r.cgi --> DNS: thousandmilitary.com (thousandmilitary.com) / 185.53.178.7
checking domain: www.dwowvod.com --> seems to be INFECTED: http://herocopter.com/cgi-bin/r.cgi --> DNS: herocopter.com (herocopter.com) / 185.53.179.6
checking domain: www.ejmii.com --> seems to be INFECTED: http://mahaphontrakoon.vehicleservicediscount.com/b/ss/arcadiadp/1/H.24.2/s5280316137080 --> DNS: mahaphontrakoon.vehicleservicediscount.com (mahaphontrakoon.vehicleservicediscount.com) / 31.210.96.157
checking domain: www.elsiedesigns.com --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 185.53.178.8
checking domain: www.enimex.gr --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: www.extremebusa.com --> seems to be INFECTED: http://mehyaoui.newcarsat.com/ad/js/897/cursegaming/300x250/tier3_intl_atf --> DNS: mehyaoui.newcarsat.com (mehyaoui.newcarsat.com) / 31.210.96.157
checking domain: www.farmasanmodababy.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 208.73.210.200, 208.73.210.214, 208.73.211.178,  /
checking domain: www.fatherlinh.com --> seems to be INFECTED: http://germanattention.org/cgi-bin/r.cgi --> DNS: germanattention.org (germanattention.org) / 69.64.146.192
checking domain: www.freesure.com.tr --> seems to be INFECTED: http://earlyanswered.com/cgi-bin/r.cgi --> DNS: earlyanswered.com (earlyanswered.com) / 185.53.178.7
checking domain: www.freilandschwein.info --> seems to be INFECTED: http://earlyanswered.com/cgi-bin/r.cgi --> DNS: earlyanswered.com (earlyanswered.com) / 185.53.178.7
checking domain: www.gastronj.com --> seems to be INFECTED: http://stanclous.telecomchicago.com/dcs2omr9fpifwznrgv67zf9ub_7p8i/dcs.gif --> DNS: stanclous.telecomchicago.com (stanclous.telecomchicago.com) / 31.210.96.155
checking domain: www.geoffwhite.ws --> seems to be INFECTED: http://trackallnet.com/cgi-bin/r.cgi --> DNS: trackallnet.com (trackallnet.com) / 158.69.143.80
checking domain: www.greenfieldadvisorsltd.com --> seems to be INFECTED: http://moutsiouna.iretarpg.com/www/app_full_proxy.php --> DNS: moutsiouna.iretarpg.com (moutsiouna.iretarpg.com) / 185.53.179.8
checking domain: www.gswsftp01.com --> seems to be INFECTED: http://parallag.bmemkitchens.com/f.gif --> DNS: parallag.bmemkitchens.com (parallag.bmemkitchens.com) / failed: Name or service not known.
checking domain: www.highsport.se --> seems to be INFECTED: http://udomchum.telecommichigan.com/t.gif --> DNS: udomchum.telecommichigan.com (udomchum.telecommichigan.com) / 31.210.96.155
checking domain: www.holidayinn-mulhouse.com --> seems to be INFECTED: http://hunton.valentinesalesevent.com/b --> DNS: hunton.valentinesalesevent.com (hunton.valentinesalesevent.com) / 31.210.96.156
checking domain: www.hostal3soles.com --> seems to be INFECTED: http://besidesdream.com/cgi-bin/r.cgi --> DNS: besidesdream.com (besidesdream.com) / 185.53.179.7
checking domain: www.hostpix.de --> seems to be INFECTED: http://xlau.kalkanturqouise.com/__utm.gif --> DNS: xlau.kalkanturqouise.com (xlau.kalkanturqouise.com) / failed: Connection timed out.
checking domain: www.hummel-print.biz --> seems to be INFECTED: http://41127.pballgames.com/url --> DNS: 41127.pballgames.com (41127.pballgames.com) / 141.8.224.169
checking domain: www.iagu.org --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 103.224.182.210
checking domain: www.ijerd.com --> seems to be INFECTED: http://verzeroli.outbreakm3dia.com/neo/darla/php/fc.php --> DNS: verzeroli.outbreakm3dia.com (verzeroli.outbreakm3dia.com) / 149.202.120.32
checking domain: www.jalba.gr --> seems to be INFECTED: http://watchingsquare.com/cgi-bin/r.cgi --> DNS: watchingsquare.com (watchingsquare.com) / 185.53.178.9
checking domain: www.jornalfarroupilha.com.br --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / 91.195.241.72
checking domain: www.jtcomms.com --> seems to be INFECTED: http://solichana.telecommichigan.com/www/delivery/lg.php --> DNS: solichana.telecommichigan.com (solichana.telecommichigan.com) / 31.210.96.155
checking domain: www.karavelle.com.br --> seems to be INFECTED: http://britts.oharvest.net/__utm.gif --> DNS: britts.oharvest.net (britts.oharvest.net) / 31.210.96.156
checking domain: www.klanglos-studio.de --> seems to be INFECTED: http://camplong.barbeveragesnv.com/delivery/lg.php --> DNS: camplong.barbeveragesnv.com (camplong.barbeveragesnv.com) / failed: Name or service not known.
checking domain: www.kyalasushi.com --> seems to be INFECTED: http://vesman.autoserviceevent.com/js_flat_1_0/ --> DNS: vesman.autoserviceevent.com (vesman.autoserviceevent.com) / 31.210.96.157
checking domain: www.lipika.com --> seems to be INFECTED: http://malamut.revolverindy.com/b/ss/aa-airasia-id-prd,aa-airasia-global/1/H.24.1/s64221313635220 --> DNS: malamut.revolverindy.com (malamut.revolverindy.com) / 172.99.89.230
checking domain: www.livre-etre-bien.com --> seems to be INFECTED: http://nedou.kidstryingtopayforcollege.com/b --> DNS: nedou.kidstryingtopayforcollege.com (nedou.kidstryingtopayforcollege.com) / 81.92.219.61
checking domain: www.log-in-verlag.de --> seems to be INFECTED: http://wcameron.powerplaycreative.com/__utm.gif --> DNS: wcameron.powerplaycreative.com (wcameron.powerplaycreative.com) / failed: Name or service not known.
checking domain: www.loxsavvy.com.au --> seems to be INFECTED: http://trialworld.net/cgi-bin/r.cgi --> DNS: trialworld.net (trialworld.net) / 103.224.182.241
checking domain: www.maquinaslitograficas.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 208.73.210.217, 208.73.211.178, 208.73.210.200,  /
checking domain: www.mazus-art.com --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 185.53.178.8
checking domain: www.microforme.com --> seems to be INFECTED: http://suryoko.hitodeki.com/api/getCount2.php --> DNS: suryoko.hitodeki.com (suryoko.hitodeki.com) / failed: Name or service not known.
checking domain: www.miniaturesupplier.com --> seems to be INFECTED: http://koumparou.mwhiteman.com/img/3.gif --> DNS: koumparou.mwhiteman.com (koumparou.mwhiteman.com) / failed: Name or service not known.
checking domain: www.mitsuadvclub.net --> seems to be INFECTED: http://loardy.exquisiteclasscenter.com/url --> DNS: loardy.exquisiteclasscenter.com (loardy.exquisiteclasscenter.com) / 178.211.33.203
checking domain: www.monah.us --> seems to be INFECTED: http://kukuljac.basslakeshagclub.com/s --> DNS: kukuljac.basslakeshagclub.com (kukuljac.basslakeshagclub.com) / 31.210.96.158
checking domain: www.movingtransfer.com --> seems to be INFECTED: http://taiugac.vehicleservicediscount.com/imghover --> DNS: taiugac.vehicleservicediscount.com (taiugac.vehicleservicediscount.com) / 31.210.96.157
checking domain: www.mrlatinomagazine.com --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / 185.53.179.6
checking domain: www.msm.mc --> seems to be INFECTED: http://poserio.thecaregrouppc.net/t.gif --> DNS: poserio.thecaregrouppc.net (poserio.thecaregrouppc.net) / 185.53.178.6
checking domain: www.mywoom.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 72.52.4.120
checking domain: www.neonconcursos.com.br --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / 185.53.179.6
checking domain: www.newsflash.org --> seems to be INFECTED: http://srse.techsupportauction.com/js_flat_1_0/ --> DNS: srse.techsupportauction.com (srse.techsupportauction.com) / failed: Name or service not known.
checking domain: www.nicholas-williams.com --> seems to be INFECTED: http://mildworm.thecinema6.com/neo/darla/php/fc.php --> DNS: mildworm.thecinema6.com (mildworm.thecinema6.com) / 31.210.96.156
checking domain: www.nwd-ly.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 208.73.211.178, 208.73.210.200, 208.73.210.217,  /
checking domain: www.oo5.com --> seems to be INFECTED: http://uglyugly.savedalyfield.com/__utm.gif --> DNS: uglyugly.savedalyfield.com (uglyugly.savedalyfield.com) / 167.114.156.214
checking domain: www.pearlscorniche.com --> seems to be INFECTED: http://gamecomes.org/cgi-bin/r.cgi --> DNS: gamecomes.org (gamecomes.org) / 185.53.178.9
checking domain: www.pfotenranch.de --> seems to be INFECTED: http://zaquitsha.vetsingreensboro.com/getSegment.php --> DNS: zaquitsha.vetsingreensboro.com (zaquitsha.vetsingreensboro.com) / 185.53.178.6
checking domain: www.pino-travel.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 72.52.4.120
checking domain: www.praxpetroleum.com --> seems to be INFECTED: http://kumasegawa.themorningjoker.com/imp --> DNS: kumasegawa.themorningjoker.com (kumasegawa.themorningjoker.com) / 31.210.96.158
checking domain: www.quintadamainha.com --> seems to be INFECTED: http://limpiado.autoeventregistration.com/st --> DNS: limpiado.autoeventregistration.com (limpiado.autoeventregistration.com) / 31.210.96.157
checking domain: www.radiogurbeti.com --> seems to be INFECTED: http://sonagara.slyforkfarm.com/pingjs/ --> DNS: sonagara.slyforkfarm.com (sonagara.slyforkfarm.com) / 141.8.224.93
checking domain: www.rdm.hr --> seems to be INFECTED: http://53711.azdiscus.com/url --> DNS: 53711.azdiscus.com (53711.azdiscus.com) / 178.211.33.203
checking domain: www.recrutam.ro --> seems to be INFECTED: http://dambalang.vehicleexchangeprogram.com/imghover --> DNS: dambalang.vehicleexchangeprogram.com (dambalang.vehicleexchangeprogram.com) / 31.210.96.157
checking domain: www.resistantculture.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 72.52.4.120
checking domain: www.retrosheet.org --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: www.rgjassociation.info --> seems to be INFECTED: http://weedx.fubarpaintball.com/s --> DNS: weedx.fubarpaintball.com (weedx.fubarpaintball.com) / 31.210.96.156
checking domain: www.rich.co.ke --> seems to be INFECTED: http://andritsos.newyorkjester.com/b --> DNS: andritsos.newyorkjester.com (andritsos.newyorkjester.com) / 208.91.197.46
checking domain: www.rollershop.de --> seems to be INFECTED: http://yinpou.aredietsok.com/p --> DNS: yinpou.aredietsok.com (yinpou.aredietsok.com) / 31.210.96.158
checking domain: www.santuariodalapa.pt --> seems to be INFECTED: http://tixon.theafternoonjoker.com/api/getCount2.php --> DNS: tixon.theafternoonjoker.com (tixon.theafternoonjoker.com) / 31.210.96.158
checking domain: www.sculpture1940.com --> seems to be INFECTED: http://pizzaexperience.internet1495.com/s --> DNS: pizzaexperience.internet1495.com (pizzaexperience.internet1495.com) / 178.211.33.203
checking domain: www.sdfbd.org --> seems to be INFECTED: http://handsexual.com/cgi-bin/r.cgi --> DNS: handsexual.com (handsexual.com) / 141.8.225.77
checking domain: www.siacgroup.com --> seems to be INFECTED: http://kahili.techsupportauction.com/hit.xiti --> DNS: kahili.techsupportauction.com (kahili.techsupportauction.com) / failed: Name or service not known.
checking domain: www.signagewidgets.com --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: www.sri.cmu.ac.th --> seems to be INFECTED: http://twansha.yourcakedecoratingclass.com/imghover --> DNS: twansha.yourcakedecoratingclass.com (twansha.yourcakedecoratingclass.com) / failed: Name or service not known.
checking domain: www.successinteaching.info --> seems to be INFECTED: http://protechere.com/cgi-bin/r.cgi --> DNS: protechere.com (protechere.com) / 103.224.182.241
checking domain: www.televideoproductions.com --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / 185.53.179.6
checking domain: www.texcon.net --> seems to be INFECTED: http://gharavi.dealerholidayevent.com/s --> DNS: gharavi.dealerholidayevent.com (gharavi.dealerholidayevent.com) / 31.210.96.157
checking domain: www.therapiehyperbare.com --> seems to be INFECTED: http://tagipur.mrsstyleseeker.com/redirect --> DNS: tagipur.mrsstyleseeker.com (tagipur.mrsstyleseeker.com) / 31.210.96.157
checking domain: www.timelessimagesmi.com --> seems to be INFECTED: http://abusalewm.exceltoner.com/url --> DNS: abusalewm.exceltoner.com (abusalewm.exceltoner.com) / 31.210.96.158
checking domain: www.timfirth.com --> seems to be INFECTED: http://holdpoker.ancestorworshippublishing.com/imghover --> DNS: holdpoker.ancestorworshippublishing.com (holdpoker.ancestorworshippublishing.com) / 31.210.96.158
checking domain: www.tintasluxor.com.br --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 103.224.182.210
checking domain: www.tri-tex.net --> seems to be INFECTED: http://vicrant.newworldheroes.com/www/delivery/ajs.php --> DNS: vicrant.newworldheroes.com (vicrant.newworldheroes.com) / 31.210.96.158
checking domain: www.tunefreak.org --> seems to be INFECTED: http://wawabeh.williamsfp.com/getSegment.php --> DNS: wawabeh.williamsfp.com (wawabeh.williamsfp.com) / failed: Name or service not known.
checking domain: www.turbo-mixer.de --> seems to be INFECTED: http://schmakel.strongpsychic.com/imghover --> DNS: schmakel.strongpsychic.com (schmakel.strongpsychic.com) / 31.210.96.155
checking domain: www.ucamb.org --> seems to be INFECTED: http://smittendorf.2cuonline.com/t.gif --> DNS: smittendorf.2cuonline.com (smittendorf.2cuonline.com) / 31.210.96.155
checking domain: www.unitedmgtii.com --> seems to be INFECTED: http://petel.golfnewstennessee.com/t.gif --> DNS: petel.golfnewstennessee.com (petel.golfnewstennessee.com) / 45.33.9.234
checking domain: www.vfbhermsdorf.de --> seems to be INFECTED: http://hinouchi.greatserviceforless.com/_xhr/ugccomments/ --> DNS: hinouchi.greatserviceforless.com (hinouchi.greatserviceforless.com) / 31.210.96.157
checking domain: www.vidvanern.se --> seems to be INFECTED: http://usnai.restoremystuff.com/b/ss/wbexthrjobs,wbglobalext/1/G.9p2/s51947873073480 --> DNS: usnai.restoremystuff.com (usnai.restoremystuff.com) / 31.210.96.156
checking domain: www.vitaminbude.de --> seems to be INFECTED: http://karepii.dealerholidayevent.com/__utm.gif --> DNS: karepii.dealerholidayevent.com (karepii.dealerholidayevent.com) / 31.210.96.157
checking domain: www.wallyontheweb.com --> seems to be INFECTED: http://ichinohe.casabodamia.com/api/getCount2.php --> DNS: ichinohe.casabodamia.com (ichinohe.casabodamia.com) / 158.69.143.80
checking domain: www.wcgconline.net --> seems to be INFECTED: http://keniisha.realdealpsychic.com/pingjs/ --> DNS: keniisha.realdealpsychic.com (keniisha.realdealpsychic.com) / 31.210.96.155
checking domain: www.wmc.kylos.pl --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / 91.195.241.72
checking domain: www.wonderwhistle.co.uk --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / 91.195.241.72
checking domain: www.wordgod.com.tw --> seems to be INFECTED: http://sahmari.theafternoonjoker.com/_xhr/ugccomments/ --> DNS: sahmari.theafternoonjoker.com (sahmari.theafternoonjoker.com) / 31.210.96.158
checking domain: www.zoeblitzer-natursteine.de --> seems to be INFECTED: http://besidesdream.com/cgi-bin/r.cgi --> DNS: besidesdream.com (besidesdream.com) / 185.53.179.7
checking domain: zarov.com.br --> seems to be INFECTED: http://upanesh.kemperfitness.com/openx/www/delivery/spc.php --> DNS: upanesh.kemperfitness.com (upanesh.kemperfitness.com) / 208.73.211.14
date finished: Sat Apr  8 00:40:57 PDT 2017