https://www.virustotal.com/en/url/acca818aab0df3fafbbda897ec5af866e6bba822dbc4735074b851266bffbaaa/analysis/1454860251/
Quttera flags: -assets.neo.registeredsite.com/libs/cssparser/0.9.0/cssparser.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘at center , , ) }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}’]] of length 100 which may point to obfuscation or shellcode.
Mozilla Public License code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fassets.neo.registeredsite.com%2Flibs%2Fcssparser%2F0.9.0%2Fcssparser.js
Outdated server software here: Apache/2.2.22 Red Hat Enterprise Web Server = http://toolbar.netcraft.com/site_report?url=http://users.neo.registeredsite.com
But here for the main site we have a website risk status of 10 red out of 10: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.talenteacademy.com
The IP badness history from Jacksonville: https://www.virustotal.com/en/ip-address/206.188.192.133/information/
Avast detects HTML:Iframe-BSP [Trj] and HTML:Phish-Q [Trj] from that IP address.
polonus