See: http://killmalware.com/sphere-weddings.nl/# → http://toolbar.netcraft.com/site_report?url=http://sphere-weddings.nl
As a rule VT does not flag such website abuse: https://www.virustotal.com/en/url/de17c51d8683bf2dccc4c0f6b8333372e7882e60e9736e97dc04894b4a28ebfb/analysis/
Custom Errors: Fail and Two Warnings here: https://asafaweb.com/Scan?Url=sphere-weddings.nl
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Microsoft-IIS/7.5
|_http-title: IIS7 - http Microsoft IIS httpd 7.5
| http-methods: Potentially risky methods: TRACE

Quttera detects as malicious: index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Potentially Defaced
Offset: 8794

SRI scan detects: Stylesheets 3 issues
Tag Result

Missing SRI hash Missing SRI hash Missing SRI hash

On the hacked and defaced site there is IDs tracking insecurity, but only because website does not have https://

IP website insecurity: http://toolbar.netcraft.com/site_report?url=http://213.188.134.221
Also consider: https://oscarotero.com/embed/demo/index.php?url=http://213.188.134.221/
Nothing there as

</head>
<body>
<div id="container">
702 html
</div>
</body>
</html>

Another additional DNS risk - WARNING: Name servers software versions are exposed:
194.9.95.219: “Knot DNS 1.6.6”
2001:1528:151::12: “9.9.5-9+deb8u5-Debian”
2a02:250::317: “Knot DNS 1.6.6”
2a02:4a8:ac24:100::96:2: “unknown”
81.0.238.27: “9.9.5-9+deb8u5-Debian”
81.95.96.2: “unknown”
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.

polonus (volunteer website security analyst and website error-hunter)