See: http://urlquery.net/report.php?id=1496786425544
and http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.worldromancescam.org%2Fres%2Fjquery.js%3F13-1-3-11
IP held threats, like Locky: https://ransomwaretracker.abuse.ch/ip/37.59.236.156/
Has 6 instances of
Threat Name: W32.Ramnit!html aka avast’s HTML:Dropper-R [Trj] could be found as not curable as one becomes infected.

Two given as potentially suspicious: style/style.css?13-1-3-11
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details:

Too low entropy detected in string [[‘data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR4nGNiOAMAANUAz5n+TlUAAA’]] of length 114 which may point to obfuscation or shellcode.

and

style/style.css?13-1-3-11
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details:

Too low entropy detected in string [[‘data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR4nGNiOAMAANUAz5n+TlUAAA’]] of length 114 which may point to obfuscation or shellcode.

polonus

Norton (also blocked by F-Secure)
https://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.worldromancescam.org%2F

HTML scan
https://virustotal.com/en/file/89911f092b3338fdb19d408108fe2824f366396a26c0a5269413723ca25e0e4c/analysis/1496840307/

IP history https://virustotal.com/en/ip-address/37.59.236.156/information/
Latest file is a month old, so could be cleaned ?