See now cleansed: http://killmalware.com/sitepromote.de/#
and http://toolbar.netcraft.com/site_report?url=http://www.sitepromote.de
Excessive server header info proliferation: Microsoft-IIS/5.0 mod_fcgid/2.3.6 mod_jk/1.2.37 PHP/5.3.21 with Suhosin-Patch DAV/2 Server at www.sitepromote.de Port 80 warnings: https://asafaweb.com/Scan?Url=www.sitepromote.de
Compromittal reported: https://nfsec.pl/security/5730 info credits: Patryk Krawaczyński
IP badness detected: https://www.virustotal.com/en-gb/ip-address/178.63.68.138/information/
Threat = Avast detects HTML:Phish-Q [Trj] → https://www.virustotal.com/en-gb/file/ea7aa5c9191f54352155a59fdc86a8f664424bf365d71604569fb346ecfbc6d4/analysis/

polonus