Re: https://www.virustotal.com/#/url/ff9e4566d15f3e453801d74ace29a14f53984a700366a06c6edc20203e56d1af/detection
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.premiereacademyng.org%2F2&ref_sel=GSP2&ua_sel=ff&fs=1
Re: 2 vuln. : http://retire.insecurity.today/#!/scan/7d0a97856be206b62e6f836a82093c7cd36a4f7bab3d78d240c59a7f9ce62d13
jQuery ? Found ‘src’ attribute in script tag
Found related JS code
Web application version:
Joomla Version 3.8.0 found at: htxp://www.premiereacademyng.org/2//administrator/manifests/files/joomla.xml
Blacklisted: https://www.mcafee.com/threat-intelligence/site/default.aspx?url=premiereacademyng.org

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.premiereacademyng.org%2F2
F-Grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=www.premiereacademyng.org
and https://securityheaders.io/?followRedirects=on&hide=on&q=www.premiereacademyng.org

polonus

On that IP: bad host - https://www.projecthoneypot.org/ip_173.254.28.89
previously known as malicious: https://otx.alienvault.com/indicator/ip/173.254.28.89/
threat history → https://www.scumware.org/report/173.254.28.89
listed here: http://permalink.gmane.org/gmane.comp.security.phishings/75541
and here: https://github.com/firehol/blocklist-ipsets/blob/master/cta_cryptowall.ipset

polonus (volunteer website security analyst and website error-hunter)