What is out here?

See: http://hosts-file.net/default.asp?s=81.169.145.152
Listed here: http://hosts-file.net/?s=81.169.145.152&view=history
Site flagged: https://www.virustotal.com/nl/url/ca23039c4a7841da30d280b1e017039bc71f3ba5d6bad6a48ddb385167ddbf79/analysis/1412684268/
http://quttera.com/detailed_report/www.finanz-froehlich.de has conditional redirect

pol

We see that site has RSS 2.0 vulnerable and this prototype of an attack vector cufon-yui.js
JS Pseudo-random infection …(exploit.JS.Agent is a feasable attack here).
See: http://jsunpack.jeek.org/?report=221c7423b2aaad1b540b77c7c410a33b66718a3e
For security analyzers only, open link with NoScript active and inside a VM.
SEO Spam exploitable = Object Oriented “box_skitter_large88” code.

The only actual malware there is iFrame related: Suspicious

/11sidebar/index.php’ (issue with a long history in firefox)
Exploitable with PHP/5.3.29 ?

HTTP Header Insecurities:

  1. X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.
  2. Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.
  3. Nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.
  4. We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.
  5. We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.
  6. Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!
  7. X-Powered-By was found in this site’s HTTP header, making it easier for attackers to know about potential vulnerabilities that may exist on your site!
  8. ermitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…

Not actually helping towards security - 1000 websites on one and the same IP: http://sameid.net/ip/81.169.145.152/
therefore IP-badness history: https://www.virustotal.com/nl/ip-address/81.169.145.152/information/

avast! will detect
Win32:Dropper-gen [Drp] & Win32:RmnDrp as coming from a domain on that particular IP.

polonus