The suspicious file is a detected hidden iframe tag to ‘assetscdn.com’
which should not be malicious per se: http://evuln.com/tools/malware-scanner/assetscdn.com/
as it is helper module for connect-assets to upload your files to a CDN
Additionally I found a flag for your facebook plug-in, see:
https://www.virustotal.com/nl/url/ff2f13ab9a225f5001e50ffcfbc0868185c4aac481257e110d57c612460d751a/analysis/1368266198/
The potentially suspicious code: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details: Procedure: + has been called with a string containing hidden JavaScript code .
weitten in coffeescript
Suspected XSS Attack code
Blocked URL: -http://www.google.nl/search?output=search&sclient=psy-ab&q=[[varmatch%3Dregex.exec(tag)||[]%3Breturnmatch[2]||match[3]%3B}%3B}varSCRIPT_TAGS%3D%2F(<script[\s\S]*%3F>)([\s\S]*%3F)<\%2Fscript>%2Fig%2CSRC_REGEX%3DattrPattern('src')%2CSRC_ATTR%3DmatchAttr('src')%2CTYPE_ATTR%3DmatchAttr('type')%2CLANG_ATTR%3DmatchAttr&btnK=
Visit anyway plug-in to get string values but unable to properly scan site. Site returning error (40x): HTTP/1.1 404 Not Found
verdic t normal JQuery JS → http://jsunpack.jeek.org/?report=6dc9b7ddbabe0370e4c31d8941266cb9bc0a6d27
polonus