I believe it is a script tag inserted before the the opening body tag (see image), which may be the problem as it is trying to execute a remote script.

The domain name doesn’t look to kosher as I can’t get any information for it (image2).

So it could be that the site could have been hacked.