Just because the main page is fine doesn't mean they all are and in this case that page has been hacked.
There is an iframe tag after the closing html tag a standards no, no and the url that it connects to is obfuscated, highly suspicious.
See image, I have broken the code down to make it easier to see as it is all on a single line.