See: http://killmalware.com/bizwords.ro/#

Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbizwords.ro%2Findex.php
&
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbizwords.ro%2Fstiri%2Fadvertising

See: https://oscarotero.com/embed/demo/index.php?url=http%3A%2F%2Fbizwords.ro%2Findex.php&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=

<META NAME="revisit-after" CONTENT="1">
<link href='-http://www.paper-machinery.com/flags/Indonesia.gif' rel='SHORTCUT ICON'/> 
<link rel="shortcut icon" href="-http://2.bp.blogspot.com/-qq48EdTpLT4/UBuiqupeeyI/AAAAAAAAAYg/eWV9Xh5NOB8/s1600/favicon.ico"/>

<link href='-http://fonts.googleapis.com/css?family=Averia+Sans+Libre' rel='stylesheet' type='text/css'>
<link href='-http://fonts.googleapis.com/css?family=Orbitron:700' rel='stylesheet' type='text/css'>
<meta name="Description" content="BAYUNOIS3">
<script language="JavaScript"> 
 
function tb5_makeArray(n){
 this.length = n;
 return this.length;
}
 
tb5_messages = new tb5_makeArray(7);
tb5_messages[0] = "Your sites";
tb5_messages[1] = "Has been Hacked";
tb5_messages[2] = "We Are Indonesian Hacker";
tb5_messages[3] = "Hacked By BAYUNOIS3";
tb5_messages[4] = "Security Down";
tb5_messages[5] = "You Can't Stop Us";
tb5_messages[6] = "Hacked By BAYUNOIS3";
tb5_rptType = 'infinite';

polonus

Update:

Likewise existing hack and defacement: http://killmalware.com/sepeter.com/
Re: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fsepeter.com&ref_sel=GSP2&ua_sel=ff&fs=1
Re: http://toolbar.netcraft.com/site_report?url=http://sepeter.com
TinEye search: https://tineye.com/search/153a81a65d87c220f00c473804670b80b73b86cb/?pluginver=chrome-1.1.5
GoDaddy abuse on http://apache2-heavy.paulding.dreamhost.com/
Consider: http://toolbar.netcraft.com/site_report?url=http://www.shabakema.com

polonus