See casus: http://killmalware.com/hamiltonstreetsale.com/
What site is being abused: -http://www.mhireferralprogram.com/wp-includes/
→ -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mhireferralprogram.com%2Fwp-includes%2F
→ http://toolbar.netcraft.com/site_report?url=http://www.mhireferralprogram.com
IP mentioned with PHISH sites domains. High trust rating website being abused?
As main site has no content: http://toolbar.netcraft.com/site_report?url=http://mhireferralprogram.com
Website has one dead link: DEADLINK##/wp-includes/wlwmanifest.xml/
Add this to your theme’s functions.php:
remove_action('wp_head', 'wlwmanifest_link');
because it can be abused just for above mentioned defacements.
polonus