See: https://www.virustotal.com/nl/url/cc9509ed8baef4e3e2f2e61b625821dccefb84c5c967fdb66e32c58812528511/analysis/
and 33 websites on this IP: http://wsowner.com/ip/217.160.67.86 (that is not exactly enhancing IP-security ;D)
65 suspicious files: All detected hidden references to same external web resource.
Details: Detected hidden iframe tag to ‘lfmonline dot de’
iFrame src = htxp://lfmonline.de/test/test.php detected malicious iFrame injection by Google etc.
See: http://killmalware.com/lfmonline.de/test/test.php blacklisted

polonus