# 
# this list of ponmocup malware redirection domains and infected web-servers is maintained by 
# email:   toms.security.stuff -at- gmail.com
# twitter: @c_APT_ure
# blog:    http://c-apt-ure.blogspot.com/
#
# for use with CIF see malware-feeds here:
# http://security-research.dyndns.org/pub/malware-feeds/
# 
date started: Sat Apr 27 00:00:01 PDT 2019
checking domain: www.jacquestrifin.be --> seems to be INFECTED: http://golfforkids.assistlist.com/pview --> DNS: golfforkids.assistlist.com (golfforkids.assistlist.com) / 18.211.9.206
checking domain: upetterbeek.be --> seems to be INFECTED: http://seelback.tfgjustsayin.net/snf/playdomapi.js.php --> DNS: seelback.tfgjustsayin.net (seelback.tfgjustsayin.net) / failed: Name or service not known.
checking domain: www.dynasun.com --> seems to be INFECTED: http://thousandmilitary.com/cgi-bin/r.cgi --> DNS: thousandmilitary.com (thousandmilitary.com) / failed: Name or service not known.
checking domain: www.agliran.co.il --> seems to be INFECTED: http://mercysiste.vehicleservicediscount.com/s --> DNS: mercysiste.vehicleservicediscount.com (mercysiste.vehicleservicediscount.com) / failed: Name or service not known.
checking domain: www.aca-uccle.be --> seems to be INFECTED: http://omonkhegbele.wenerdhard.com/t.gif --> DNS: omonkhegbele.wenerdhard.com (omonkhegbele.wenerdhard.com) / 31.210.96.155
checking domain: www.upetterbeek.be --> seems to be INFECTED: http://seelback.tfgjustsayin.net/avatar/b8805389ee4391c3f8f9b91ce3cf11b9 --> DNS: seelback.tfgjustsayin.net (seelback.tfgjustsayin.net) / failed: Name or service not known.
checking domain: www.destrangers.org --> seems to be INFECTED: http://bidin.golfnewslouisiana.com/pview --> DNS: bidin.golfnewslouisiana.com (bidin.golfnewslouisiana.com) / failed: Name or service not known.
checking domain: gezinsbondzarren.be --> seems to be INFECTED: http://kumher.savedalyfield.com/pview --> DNS: kumher.savedalyfield.com (kumher.savedalyfield.com) / 64.32.8.70
checking domain: 1980622.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: afag.com.br --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: agirazul.com.br --> seems to be INFECTED: http://lewisentitled.com/cgi-bin/r.cgi --> DNS: lewisentitled.com (lewisentitled.com) / 91.195.240.126
checking domain: agroservis.rs --> seems to be INFECTED: http://voictoall.com/cgi-bin/r.cgi --> DNS: voictoall.com (voictoall.com) / 64.32.8.69
checking domain: arlington.ph --> seems to be INFECTED: https://plt2t.com/ --> DNS: plt2t.com (plt2t.com) / 50.56.52.47
checking domain: avionhome.com.tw --> seems to be INFECTED: http://intronetech.com/cgi-bin/r.cgi --> DNS: intronetech.com (intronetech.com) / 198.58.118.167, 96.126.123.244, 45.33.23.183,  /
checking domain: blackcanyoncoffee.com --> seems to be INFECTED: http://mudras.jordandowney.net/c.gif --> DNS: mudras.jordandowney.net (mudras.jordandowney.net) / failed: Name or service not known.
checking domain: blog.autourdeminuit.com --> seems to be INFECTED: http://trackallnet.com/cgi-bin/r.cgi --> DNS: trackallnet.com (trackallnet.com) / 45.33.23.183, 96.126.123.244, 45.33.2.79,  /
checking domain: bluewingz.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 95.211.219.67
checking domain: cdcookingbook.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 91.195.240.126
checking domain: d-math1.com --> seems to be INFECTED: http://renolla.golfnewsnewyork.com/tracker --> DNS: renolla.golfnewsnewyork.com (renolla.golfnewsnewyork.com) / failed: Name or service not known.
checking domain: duikeninzutphen.nl --> seems to be INFECTED: http://trialworld.net/cgi-bin/r.cgi --> DNS: trialworld.net (trialworld.net) / 103.224.182.241
checking domain: eniaktesting.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 91.195.240.126
checking domain: equestrianinfluence.com --> seems to be INFECTED: http://capitalinformer.com/cgi-bin/r.cgi --> DNS: capitalinformer.com (capitalinformer.com) / 173.239.23.228
checking domain: espn-la.com --> seems to be INFECTED: http://guillaran.newcarsat.com/new2/www/delivery/lg.php --> DNS: guillaran.newcarsat.com (guillaran.newcarsat.com) / failed: Name or service not known.
checking domain: exclusivesms.com --> seems to be INFECTED: http://ifteiha.lions-mark.com/b/ss/ahmhondacomprod/0/FAS-1.3/s04833861524239 --> DNS: ifteiha.lions-mark.com (ifteiha.lions-mark.com) / 204.11.56.48
checking domain: ezkahuda.cz --> seems to be INFECTED: http://costslaid.com/cgi-bin/r.cgi --> DNS: costslaid.com (costslaid.com) / 185.53.179.6
checking domain: famedomain.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 95.211.219.67
checking domain: forum.auto.am --> seems to be INFECTED: http://witchwyd.bestsilvercufflinks.com/delivery/lg.php --> DNS: witchwyd.bestsilvercufflinks.com (witchwyd.bestsilvercufflinks.com) / 31.210.96.156
checking domain: harlawacademy.org --> seems to be INFECTED: http://teethalong.org/cgi-bin/r.cgi --> DNS: teethalong.org (teethalong.org) / 93.115.28.104
checking domain: janeece.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 185.53.179.7
checking domain: karavelle.com.br --> seems to be INFECTED: http://britts.oharvest.net/delivery/lg.php --> DNS: britts.oharvest.net (britts.oharvest.net) / 31.210.96.156
checking domain: kw-dl.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: leandromauricio.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: mile2000.com --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / failed: Name or service not known.
checking domain: myexfuzeoffice.com --> seems to be INFECTED: http://batilekaleka.laallstars.com/url --> DNS: batilekaleka.laallstars.com (batilekaleka.laallstars.com) / 178.211.33.205
checking domain: ncpo.cc --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: northbatonrougejournal.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 91.195.240.126
checking domain: perca.pl --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: php2.twinner.com.tw --> seems to be INFECTED: http://39777.flatblastard.com/url --> DNS: 39777.flatblastard.com (39777.flatblastard.com) / 91.207.4.51
checking domain: pileus.fr --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 91.195.240.126
checking domain: pmmilrec.com --> seems to be INFECTED: http://elinah.midnightastronomy.com/s --> DNS: elinah.midnightastronomy.com (elinah.midnightastronomy.com) / 31.210.96.155
checking domain: pntc.ac.th --> seems to be INFECTED: http://twowayserf.com/cgi-bin/r.cgi --> DNS: twowayserf.com (twowayserf.com) / 46.166.182.54
checking domain: police.moraga.ca.us --> seems to be INFECTED: http://clubshop.boeckman.net/f.gif --> DNS: clubshop.boeckman.net (clubshop.boeckman.net) / 31.210.96.158
checking domain: radiogurbeti.com --> seems to be INFECTED: http://sonagara.slyforkfarm.com/b --> DNS: sonagara.slyforkfarm.com (sonagara.slyforkfarm.com) / failed: Name or service not known.
checking domain: reimagery.com --> seems to be INFECTED: http://stiepcic.z-sat.com/spc.php --> DNS: stiepcic.z-sat.com (stiepcic.z-sat.com) / 31.210.96.158
checking domain: rose.kuro-tejina.com --> seems to be INFECTED: http://intronetech.com/cgi-bin/r.cgi --> DNS: intronetech.com (intronetech.com) / 45.79.19.196, 96.126.123.244, 45.33.23.183,  /
checking domain: sseo.elk.pl --> seems to be INFECTED: http://gensapa.valentinesalesevent.com/api/getCount2.php --> DNS: gensapa.valentinesalesevent.com (gensapa.valentinesalesevent.com) / failed: Name or service not known.
checking domain: stillcatholic.com --> seems to be INFECTED: http://zahasky.greatserviceforless.com/bbc/bbc/s --> DNS: zahasky.greatserviceforless.com (zahasky.greatserviceforless.com) / failed: Name or service not known.
checking domain: stw-eu.com --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / failed: Name or service not known.
checking domain: syrena.gminanekla.pl --> seems to be INFECTED: http://apartliberal.com/cgi-bin/r.cgi --> DNS: apartliberal.com (apartliberal.com) / 103.224.182.241
checking domain: watchourvideo.net --> seems to be INFECTED: http://formedtouch.com/cgi-bin/r.cgi --> DNS: formedtouch.com (formedtouch.com) / 103.224.182.241
checking domain: wbu.wroc.pl --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: wodzirejka.com.pl --> seems to be INFECTED: http://formedtouch.com/cgi-bin/r.cgi --> DNS: formedtouch.com (formedtouch.com) / 103.224.182.241
checking domain: workpanel.de --> seems to be INFECTED: http://creighton.wenerdhard.com/st --> DNS: creighton.wenerdhard.com (creighton.wenerdhard.com) / 31.210.96.155
checking domain: www.actiogen.com --> seems to be INFECTED: http://teethalong.org/cgi-bin/r.cgi --> DNS: teethalong.org (teethalong.org) / 93.115.28.104
checking domain: www.alhassanain.com --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 103.224.182.245
checking domain: www.alnimrexpo.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / 91.195.240.126
checking domain: www.apmc.com.hk --> seems to be INFECTED: http://capitalinformer.com/cgi-bin/r.cgi --> DNS: capitalinformer.com (capitalinformer.com) / 173.239.23.228
checking domain: www.arlington.ph --> seems to be INFECTED: https://plt2t.com/ --> DNS: plt2t.com (plt2t.com) / 50.56.52.47
checking domain: www.bharatinfoline.com --> seems to be INFECTED: http://lesbon.ksupridewrestling.com/b/ss/wmg,wmgatl,wmgd2cparamore,wmgparamoreall/1/H.20.3/s76891938059694 --> DNS: lesbon.ksupridewrestling.com (lesbon.ksupridewrestling.com) / failed: Name or service not known.
checking domain: www.bodasexclusivas.com --> seems to be INFECTED: http://compass.automotiveeventregistration.com/servlet/ajrotator/2000245/0/vj --> DNS: compass.automotiveeventregistration.com (compass.automotiveeventregistration.com) / 72.21.92.51
checking domain: www.choice.md --> seems to be INFECTED: http://rangihaeata.hurricanesandylegaladvice.com/new/www/delivery/ajs.php --> DNS: rangihaeata.hurricanesandylegaladvice.com (rangihaeata.hurricanesandylegaladvice.com) / failed: Name or service not known.
checking domain: www.comune.santa-maria-capua-vetere.ce.it --> seems to be INFECTED: http://gesneriaceae.telecomillinois.com/__utm.gif --> DNS: gesneriaceae.telecomillinois.com (gesneriaceae.telecomillinois.com) / failed: Name or service not known.
checking domain: www.creatingyourfreedom.com --> seems to be INFECTED: /redirect.php --> DNS: www.afternic.com (www.afternic.com) / 23.75.202.77, 2600:1406:d000:1b9::364d, 2600:1406:d000:18a::364d
checking domain: www.creativ-art1.com --> seems to be INFECTED: http://vermillon.serenehomeandlandscapes.com/__utm.gif --> DNS: vermillon.serenehomeandlandscapes.com (vermillon.serenehomeandlandscapes.com) / failed: Name or service not known.
checking domain: www.depednaga.com.ph --> seems to be INFECTED: https://plt2t.com/ --> DNS: plt2t.com (plt2t.com) / 50.56.52.47
checking domain: www.doctorhelp.de --> seems to be INFECTED: http://switchett.virtualsofts.com/pview --> DNS: switchett.virtualsofts.com (switchett.virtualsofts.com) / 173.239.5.6, 213.247.47.190, 173.239.8.164
checking domain: www.dreamboxturk.com --> seems to be INFECTED: http://baylet.autoeventregistration.com/b --> DNS: baylet.autoeventregistration.com (baylet.autoeventregistration.com) / failed: Name or service not known.
checking domain: www.dulceselsombreron.com --> seems to be INFECTED: http://thousandmilitary.com/cgi-bin/r.cgi --> DNS: thousandmilitary.com (thousandmilitary.com) / failed: Name or service not known.
checking domain: www.ejmii.com --> seems to be INFECTED: http://mahaphontrakoon.vehicleservicediscount.com/fpc.pl --> DNS: mahaphontrakoon.vehicleservicediscount.com (mahaphontrakoon.vehicleservicediscount.com) / failed: Name or service not known.
checking domain: www.elsiedesigns.com --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 185.53.178.9
checking domain: www.enimex.gr --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / 103.224.182.249
checking domain: www.farmasanmodababy.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 69.162.80.53
checking domain: www.fatherlinh.com --> seems to be INFECTED: http://germanattention.org/cgi-bin/r.cgi --> DNS: germanattention.org (germanattention.org) / 35.186.238.101
checking domain: www.freesure.com.tr --> seems to be INFECTED: http://earlyanswered.com/cgi-bin/r.cgi --> DNS: earlyanswered.com (earlyanswered.com) / 204.11.56.48
checking domain: www.freilandschwein.info --> seems to be INFECTED: http://earlyanswered.com/cgi-bin/r.cgi --> DNS: earlyanswered.com (earlyanswered.com) / 204.11.56.48
checking domain: www.geoffwhite.ws --> seems to be INFECTED: http://trackallnet.com/cgi-bin/r.cgi --> DNS: trackallnet.com (trackallnet.com) / 96.126.123.244, 45.33.23.183, 45.33.2.79,  /
checking domain: www.highsport.se --> seems to be INFECTED: http://udomchum.telecommichigan.com/t.gif --> DNS: udomchum.telecommichigan.com (udomchum.telecommichigan.com) / failed: Name or service not known.
checking domain: www.hostal3soles.com --> seems to be INFECTED: http://besidesdream.com/cgi-bin/r.cgi --> DNS: besidesdream.com (besidesdream.com) / 176.53.112.20
checking domain: www.hostpix.de --> seems to be INFECTED: http://xlau.kalkanturqouise.com/dcsis0ifv10000gg3ag82u4rf_7b1e/dcs.gif --> DNS: xlau.kalkanturqouise.com (xlau.kalkanturqouise.com) / failed: Name or service not known.
checking domain: www.ijerd.com --> seems to be INFECTED: http://verzeroli.outbreakm3dia.com/api/getCount2.php --> DNS: verzeroli.outbreakm3dia.com (verzeroli.outbreakm3dia.com) / 162.222.213.198
checking domain: www.jalba.gr --> seems to be INFECTED: http://watchingsquare.com/cgi-bin/r.cgi --> DNS: watchingsquare.com (watchingsquare.com) / 199.59.242.151
checking domain: www.jtcomms.com --> seems to be INFECTED: http://solichana.telecommichigan.com/fpc.pl --> DNS: solichana.telecommichigan.com (solichana.telecommichigan.com) / failed: Name or service not known.
checking domain: www.karavelle.com.br --> seems to be INFECTED: http://britts.oharvest.net/delivery/lg.php --> DNS: britts.oharvest.net (britts.oharvest.net) / 31.210.96.156
checking domain: www.larcheedmonton.org --> seems to be INFECTED: http://capitalinformer.com/cgi-bin/r.cgi --> DNS: capitalinformer.com (capitalinformer.com) / 173.239.23.228
checking domain: www.lipika.com --> seems to be INFECTED: http://malamut.revolverindy.com/pview --> DNS: malamut.revolverindy.com (malamut.revolverindy.com) / failed: Name or service not known.
checking domain: www.log-in-verlag.de --> seems to be INFECTED: http://wcameron.powerplaycreative.com/pview --> DNS: wcameron.powerplaycreative.com (wcameron.powerplaycreative.com) / failed: Name or service not known.
checking domain: www.mazus-art.com --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 185.53.178.9
checking domain: www.msm.mc --> seems to be INFECTED: http://poserio.thecaregrouppc.net/delivery/lg.php --> DNS: poserio.thecaregrouppc.net (poserio.thecaregrouppc.net) / 185.53.178.6
checking domain: www.mywoom.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 185.53.179.7
checking domain: www.neonconcursos.com.br --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / failed: Name or service not known.
checking domain: www.oo5.com --> seems to be INFECTED: http://uglyugly.savedalyfield.com/__utm.gif --> DNS: uglyugly.savedalyfield.com (uglyugly.savedalyfield.com) / 207.244.67.215
checking domain: www.pfotenranch.de --> seems to be INFECTED: http://zaquitsha.vetsingreensboro.com/getSegment.php --> DNS: zaquitsha.vetsingreensboro.com (zaquitsha.vetsingreensboro.com) / 185.53.178.7
checking domain: www.radiogurbeti.com --> seems to be INFECTED: http://sonagara.slyforkfarm.com/pview --> DNS: sonagara.slyforkfarm.com (sonagara.slyforkfarm.com) / failed: Name or service not known.
checking domain: www.rgjassociation.info --> seems to be INFECTED: http://weedx.fubarpaintball.com/__utm.gif --> DNS: weedx.fubarpaintball.com (weedx.fubarpaintball.com) / failed: Name or service not known.
checking domain: www.rich.co.ke --> seems to be INFECTED: http://andritsos.newyorkjester.com/s --> DNS: andritsos.newyorkjester.com (andritsos.newyorkjester.com) / failed: Name or service not known.
checking domain: www.rollershop.de --> seems to be INFECTED: http://yinpou.aredietsok.com/st --> DNS: yinpou.aredietsok.com (yinpou.aredietsok.com) / failed: Name or service not known.
checking domain: www.santuariodalapa.pt --> seems to be INFECTED: http://tixon.theafternoonjoker.com/__utm.gif --> DNS: tixon.theafternoonjoker.com (tixon.theafternoonjoker.com) / 31.210.96.158
checking domain: www.sdfbd.org --> seems to be INFECTED: http://handsexual.com/cgi-bin/r.cgi --> DNS: handsexual.com (handsexual.com) / 45.56.79.23, 45.33.23.183, 198.58.118.167,  /
checking domain: www.sri.cmu.ac.th --> seems to be INFECTED: http://twansha.yourcakedecoratingclass.com/imghover --> DNS: twansha.yourcakedecoratingclass.com (twansha.yourcakedecoratingclass.com) / failed: Name or service not known.
checking domain: www.successinteaching.info --> seems to be INFECTED: http://protechere.com/cgi-bin/r.cgi --> DNS: protechere.com (protechere.com) / 154.210.229.81
checking domain: www.therapiehyperbare.com --> seems to be INFECTED: http://tagipur.mrsstyleseeker.com/redirect --> DNS: tagipur.mrsstyleseeker.com (tagipur.mrsstyleseeker.com) / 31.210.96.157
checking domain: www.timelessimagesmi.com --> seems to be INFECTED: http://abusalewm.exceltoner.com/__utm.gif --> DNS: abusalewm.exceltoner.com (abusalewm.exceltoner.com) / 31.210.96.158
checking domain: www.vfbhermsdorf.de --> seems to be INFECTED: http://hinouchi.greatserviceforless.com/__utm.gif --> DNS: hinouchi.greatserviceforless.com (hinouchi.greatserviceforless.com) / failed: Name or service not known.
checking domain: www.vidvanern.se --> seems to be INFECTED: http://usnai.restoremystuff.com/__utm.gif --> DNS: usnai.restoremystuff.com (usnai.restoremystuff.com) / 31.210.96.156
checking domain: www.vitaminbude.de --> seems to be INFECTED: http://karepii.dealerholidayevent.com/panel/openx/www/delivery/ajs.php --> DNS: karepii.dealerholidayevent.com (karepii.dealerholidayevent.com) / failed: Name or service not known.
checking domain: www.wallyontheweb.com --> seems to be INFECTED: http://ichinohe.casabodamia.com/b --> DNS: ichinohe.casabodamia.com (ichinohe.casabodamia.com) / failed: Name or service not known.
checking domain: www.wcgconline.net --> seems to be INFECTED: http://keniisha.realdealpsychic.com/f.gif --> DNS: keniisha.realdealpsychic.com (keniisha.realdealpsychic.com) / 31.210.96.155
checking domain: www.wonderwhistle.co.uk --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / failed: Name or service not known.
checking domain: www.zoeblitzer-natursteine.de --> seems to be INFECTED: http://besidesdream.com/cgi-bin/r.cgi --> DNS: besidesdream.com (besidesdream.com) / 176.53.112.20
date finished: Sat Apr 27 00:30:38 PDT 2019