See: http://maldb.com/qm-basis.de/#
One flag: https://www.virustotal.com/nl/url/201bdcefeffa482703dd93c0eb8403056b9c3f2dc7ee8ad72f98ca2c6993f455/analysis/1389629550/
See: http://jsunpack.jeek.org/?report=e04606ab071fbc59d97b3758b973c946cd3559c1
Quttera gives as suspicious: /index.html
Severity: Suspicious
Reason: Detected hidden reference to external web resource. [What’s this?]
Details: Detected hidden iframe tag to ‘lfmonline.de’
Offset: 31540
Threat dump: http://jsunpack.jeek.org/?report=5dd31bf18954a7cd9b12f8acfd6e7028e65904c8
File size[byte]: 103944
File type: HTML
MD5: B36908064C2952A50F4E39CE997433C3
Scan duration[sec]: 1.008000
S0 iFrame Check comes up as:
Suspicious
Site has a general security risk as excessive headers warning and a clickjacking warning
CMS: microsoft word 10 - multiple vuln.: http://msisac.cisecurity.org/advisories/2013/2013-097.cfm
Zscaler is clear about the detection: http://zulu.zscaler.com/submission/show/90f2029a7e79506757ac22ed2cbebbb3-1389630235
Compare for other examples with same iFrame malcode: http://killmalware.com/technolens.org/ & http://urlquery.net/report.php?id=7108899
Has this SEO malware now been taken down? Google Safebrowsing is still blocking the redirect location: htxp://lfmonline.de/ etc.
polonus