See: http://killmalware.com/proimmigration.co.uk/
See Sucuri detect this: http://sitecheck.sucuri.net/results/proimmigration.co.uk/
The probably compromise described: https://github.com/harite/PHPDDOS/blob/master/index.php in Document (title),
action script like htxp://www.leejoo.nl/java/backgrounds/sesam_open_u.htm
and consider: htxp://juristr.com/blog/2014/09/hack-mimic-disabled-checkboxes/
Not available link: htxp://www.hollymellodic.com/file/img/266.png
Is this downloader detected by our avast av? See: https://www.virustotal.com/en/file/9071ecc86a27684a1c36451173d900dab88e9c4be2f621e725c3862310ca75fd/analysis/1342310478/
external link: htxp://nl.tinypic.com/view.php?pic=2zq5ut5&s=5
Malware on IP now dead: http://www.wgpremium.cn/clean-mx/viruses.php?review=212.1.215.54&sort=id%20DESC

polonus

Lots of scanners miss this defacement hack: https://app.webinspector.com/public/reports/27239997
and this one missed it: http://zulu.zscaler.com/submission/show/6260c1fe4cee53955a94d5848c4d8da8-1417369419
and this one: http://www.isithacked.com/check/http%3A%2F%2Fproimmigration.co.uk
The one that detected it via the spam check was Websicherheit security tool:
Suspicion of Spam/Defacement

";tb5_messages[1] = “[+]–=[hacked by -= [3xp1r3 cyber army] =-[+]”;tb5_rpttype = ‘infinite’;tb5_rptnbr = 20;tb5…
blocked for me is this Indonesion script upload: htxp://www.switchsystems.ie/quinn/upload/Script.txt
& htxp://sedefeczadeposu.com/index.html—

pol