# 
# this list of ponmocup malware redirection domains and infected web-servers is maintained by 
# email:   toms.security.stuff -at- gmail.com
# twitter: @c_APT_ure
# blog:    http://c-apt-ure.blogspot.com/
#
# for use with CIF see malware-feeds here:
# http://security-research.dyndns.org/pub/malware-feeds/
# 
date started: Tue 20 Dec 2022 12:00:02 AM PST
checking domain: upetterbeek.be --> seems to be INFECTED: http://seelback.tfgjustsayin.net/delivery/lg.php --> DNS: seelback.tfgjustsayin.net (seelback.tfgjustsayin.net) / failed: Name or service not known.
checking domain: www.aca-uccle.be --> seems to be INFECTED: http://omonkhegbele.wenerdhard.com/servlet/ajrotator/2000399/0/vj --> DNS: omonkhegbele.wenerdhard.com (omonkhegbele.wenerdhard.com) / failed: No address associated with hostname.
checking domain: www.upetterbeek.be --> seems to be INFECTED: http://seelback.tfgjustsayin.net/s --> DNS: seelback.tfgjustsayin.net (seelback.tfgjustsayin.net) / failed: Name or service not known.
checking domain: 1980622.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / failed: Connection timed out.
checking domain: afag.com.br --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 156.230.252.190
checking domain: agroservis.rs --> seems to be INFECTED: http://voictoall.com/cgi-bin/r.cgi --> DNS: voictoall.com (voictoall.com) / 107.158.11.16
checking domain: avicennaglobal.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 172.67.70.191, 104.26.6.37, 104.26.7.37,  /
checking domain: bcrwd.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 172.67.70.191, 104.26.6.37, 104.26.7.37,  /
checking domain: blackcanyoncoffee.com --> seems to be INFECTED: http://mudras.jordandowney.net/s --> DNS: mudras.jordandowney.net (mudras.jordandowney.net) / failed: Name or service not known.
checking domain: blog.autourdeminuit.com --> seems to be INFECTED: http://trackallnet.com/cgi-bin/r.cgi --> DNS: trackallnet.com (trackallnet.com) / failed: Name or service not known.
checking domain: bluewingz.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 35.205.61.67
checking domain: cdcookingbook.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / failed: Name or service not known.
checking domain: desifucker.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 172.67.70.191, 104.26.6.37, 104.26.7.37,  /
checking domain: d-math1.com --> seems to be INFECTED: http://renolla.golfnewsnewyork.com/t.gif --> DNS: renolla.golfnewsnewyork.com (renolla.golfnewsnewyork.com) / failed: Name or service not known.
checking domain: eniaktesting.com --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / failed: Name or service not known.
checking domain: famedomain.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 35.205.61.67
checking domain: harlawacademy.org --> seems to be INFECTED: http://teethalong.org/cgi-bin/r.cgi --> DNS: teethalong.org (teethalong.org) / failed: Name or service not known.
checking domain: hdstreamangas.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 104.26.7.37, 104.26.6.37, 172.67.70.191,  /
checking domain: janeece.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 104.247.81.52
checking domain: kw-dl.com --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / failed: Connection timed out.
checking domain: laserme.de --> seems to be INFECTED: https://www.domainkompetenz.de/domain/index.php --> DNS: www.domainkompetenz.de (www.domainkompetenz.de) / 94.130.190.96
checking domain: ncpo.cc --> seems to be INFECTED: http://travelmeant.net/cgi-bin/r.cgi --> DNS: travelmeant.net (travelmeant.net) / 156.230.252.190
checking domain: nitpl.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 104.26.7.37, 104.26.6.37, 172.67.70.191,  /
checking domain: optipaint.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 104.26.6.37, 172.67.70.191, 104.26.7.37,  /
checking domain: perca.pl --> seems to be INFECTED: http://trafficsources.org/cgi-bin/r.cgi --> DNS: trafficsources.org (trafficsources.org) / failed: Connection timed out.
checking domain: phuongdanhvonghe.edu.vn --> seems to be INFECTED: http://everybodynames.org/cgi-bin/r.cgi --> DNS: everybodynames.org (everybodynames.org) / failed: Name or service not known.
checking domain: pileus.fr --> seems to be INFECTED: http://severalcamp.com/cgi-bin/r.cgi --> DNS: severalcamp.com (severalcamp.com) / failed: Name or service not known.
checking domain: pmmilrec.com --> seems to be INFECTED: http://elinah.midnightastronomy.com/t.gif --> DNS: elinah.midnightastronomy.com (elinah.midnightastronomy.com) / failed: Name or service not known.
checking domain: police.moraga.ca.us --> seems to be INFECTED: http://jesusonlynet.org/cgi-bin/r.cgi --> DNS: jesusonlynet.org (jesusonlynet.org) / 52.128.23.153
checking domain: rollingonline.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 104.26.7.37, 104.26.6.37, 172.67.70.191,  /
checking domain: stillcatholic.com --> seems to be INFECTED: http://zahasky.greatserviceforless.com/plugins/easyXDM/cors/ --> DNS: zahasky.greatserviceforless.com (zahasky.greatserviceforless.com) / failed: Name or service not known.
checking domain: stw-eu.com --> seems to be INFECTED: http://interestingchapter.net/cgi-bin/r.cgi --> DNS: interestingchapter.net (interestingchapter.net) / failed: Name or service not known.
checking domain: swchan.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 104.26.7.37, 104.26.6.37, 172.67.70.191,  /
checking domain: watchourvideo.net --> seems to be INFECTED: http://formedtouch.com/cgi-bin/r.cgi --> DNS: formedtouch.com (formedtouch.com) / failed: Name or service not known.
checking domain: webdesignfm.com --> seems to be INFECTED: https://www.hugedomains.com/domain_profile.cfm --> DNS: www.hugedomains.com (www.hugedomains.com) / 104.26.6.37, 172.67.70.191, 104.26.7.37,  /
checking domain: www.apmc.com.hk --> seems to be INFECTED: http://capitalinformer.com/cgi-bin/r.cgi --> DNS: capitalinformer.com (capitalinformer.com) / 54.158.222.14, 34.204.38.176, 184.72.219.245,  /
checking domain: www.bodasexclusivas.com --> seems to be INFECTED: http://compass.automotiveeventregistration.com/imgres --> DNS: compass.automotiveeventregistration.com (compass.automotiveeventregistration.com) / 72.21.92.51
checking domain: www.elsiedesigns.com --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 116.202.118.107
checking domain: www.farmasanmodababy.com --> seems to be INFECTED: http://metromanias.com/cgi-bin/r.cgi --> DNS: metromanias.com (metromanias.com) / 35.205.61.67
checking domain: www.geoffwhite.ws --> seems to be INFECTED: http://trackallnet.com/cgi-bin/r.cgi --> DNS: trackallnet.com (trackallnet.com) / failed: Name or service not known.
checking domain: www.highsport.se --> seems to be INFECTED: http://udomchum.telecommichigan.com/api/getCount2.php --> DNS: udomchum.telecommichigan.com (udomchum.telecommichigan.com) / failed: Name or service not known.
checking domain: www.hostal3soles.com --> seems to be INFECTED: http://besidesdream.com/cgi-bin/r.cgi --> DNS: besidesdream.com (besidesdream.com) / 160.121.167.99
checking domain: www.log-in-verlag.de --> seems to be INFECTED: http://wcameron.powerplaycreative.com/new/www/delivery/lg.php --> DNS: wcameron.powerplaycreative.com (wcameron.powerplaycreative.com) / failed: Name or service not known.
checking domain: www.loxsavvy.com.au --> seems to be INFECTED: http://trialworld.net/cgi-bin/r.cgi --> DNS: trialworld.net (trialworld.net) / 75.2.18.233
checking domain: www.mazus-art.com --> seems to be INFECTED: http://allintercom.net/cgi-bin/r.cgi --> DNS: allintercom.net (allintercom.net) / 116.202.118.107
checking domain: www.mywoom.com --> seems to be INFECTED: http://virtualmapping.org/cgi-bin/r.cgi --> DNS: virtualmapping.org (virtualmapping.org) / 104.247.81.52
checking domain: www.recrutam.ro --> seems to be INFECTED: http://dambalang.vehicleexchangeprogram.com/pview --> DNS: dambalang.vehicleexchangeprogram.com (dambalang.vehicleexchangeprogram.com) / failed: Name or service not known.
checking domain: www.rollershop.de --> seems to be INFECTED: http://yinpou.aredietsok.com/_xhr/ugccomments/ --> DNS: yinpou.aredietsok.com (yinpou.aredietsok.com) / failed: Name or service not known.
checking domain: www.sdfbd.org --> seems to be INFECTED: http://handsexual.com/cgi-bin/r.cgi --> DNS: handsexual.com (handsexual.com) / 154.222.70.199
checking domain: www.successinteaching.info --> seems to be INFECTED: http://protechere.com/cgi-bin/r.cgi --> DNS: protechere.com (protechere.com) / failed: Name or service not known.
checking domain: www.therapiehyperbare.com --> seems to be INFECTED: http://tagipur.mrsstyleseeker.com/st --> DNS: tagipur.mrsstyleseeker.com (tagipur.mrsstyleseeker.com) / 31.210.96.157
checking domain: www.timelessimagesmi.com --> seems to be INFECTED: http://abusalewm.exceltoner.com/gampad/ads --> DNS: abusalewm.exceltoner.com (abusalewm.exceltoner.com) / 31.210.96.158
checking domain: www.vitaminbude.de --> seems to be INFECTED: http://karepii.dealerholidayevent.com/_xhr/ugccomments/ --> DNS: karepii.dealerholidayevent.com (karepii.dealerholidayevent.com) / failed: Name or service not known.
checking domain: www.wonderwhistle.co.uk --> seems to be INFECTED: http://infernomag.com/cgi-bin/r.cgi --> DNS: infernomag.com (infernomag.com) / failed: Name or service not known.
checking domain: www.zoeblitzer-natursteine.de --> seems to be INFECTED: http://besidesdream.com/cgi-bin/r.cgi --> DNS: besidesdream.com (besidesdream.com) / 160.121.167.99
date finished: Tue 20 Dec 2022 12:28:46 AM PST