The detection is or was with redirection to this Luxembourg tracker: http://urlquery.net/report.php?id=3382870
due to a broad php attack…nx domain → http://dns.kify.com/dns.php NXDOMAIN, id: 27526
See also: http://jsunpack.jeek.org/?report=18299d4b952ec0cf55293ef44a4e95d3904eab79
(Open above link with script blocker active and in a VM/sandbox, for advanced users only)
polonus