Despite the anti-spam code there: -https://www.google.com/js/bg/gvdU3NT3AU0zegJm0DbmQlXAq8itfISHkFqRImNke80.js
→ http://killmalware.com/versicherungvergleich-kostenlos.de/#
As all non-malicious defacements are missed, this one is also missed by VT: https://www.virustotal.com/nl/url/b602206861b23224fbb85e14ff829b10eaf06e29e0ce04372ab296af29fbab1b/analysis/1448231418/
Quttera flags it: index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Potentially Defaced
and so does Sucuri: Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
System Details:
Running on: nginx/1.2.1
Powered by: PHP/5.3.28
Outdated Web Server Nginx Found: nginx/1.2.1 Excedssive headers warning and Clickjacking warning.

polonus