You know you're doing something right when they ramp up their efforts.
I've been seeing these attacks for quite some time now, and they're getting ever more persistent, with the attacks more than doubling within the past few days. The exploit attempts show in the server log as;
Previously these attacks were aimed more toward the hpHosts server. Now however, they're aimed at all of the servers on the network, guess I'm annoying the right people???.
The above CAST string is Hex encoded, and decodes to;
This then loads;
s96.cnzz.com is using FastFlux and loads;