Hi Filter,
Yep, good observation, this is what google has to say about exist dot butterflyeffect dot gs and that was "De vorige keer dat verdachte inhoud op deze site werd aangetroffen (last time suspicious content was found), was op (was on) 2009-07-20. Malicious software includes 96 scripting exploit(s). This site was hosted on 1 network(s) including AS31103 (Keyweb AG).
The other one: ipot dot applepie dot gd forward slash privatezone Last time suspicious content was found on this site was on 2009-07-20
De vorige keer dat verdachte inhoud op deze site werd aangetroffen, was op 2009-07-20.
Malicious software includes 754 scripting exploit(s).
This site was hosted on 2 network(s) including AS41062 (PRO100), AS22576 (LAYER3).
Deze site heeft in de afgelopen 90 dagen schadelijke software gehost. Deze software heeft 361 domein(en) geïnfecteerd, waaronder xvediox.com/, flashost.com.br/, coralhillsresort.com/.
This site has been hosting malcode during the last 90 day period. This software has been infected 361 domains, e.g. : xvediox.com/, flashost.com.br/, coralhillsresort.com/.
Just delving a little into this and you see what we come up with. Easy answers won't do, confront them with this - what does the obfuscated code do on that web page?
polonus