For code flagged by Zscaler, see: http://jsfiddle.net/6VhTp/ & http://jsfiddle.net/E4Aqm/ & http://jsfiddle.net/58PLY/
Could there be a selfreplicating malware there?
Webutation alerts, but file scan does not deliver: https://www.virustotal.com/nl/file/3475ba5a2d78462f3c86b86caa5c5f8ab407496963f979732767ae816940d21c/analysis/1398091825/
Anyway as I described site certainly has vulnerabilities - themes are always at risk, the kernel CMS is often patched and updated.
Read about Core.js issues here:
http://social.technet.microsoft.com/Forums/sharepoint/en-US/78797bbe-a931-4200-9b67-e462565d4052/vulnerability-issues-related-to-corejs?forum=sharepointadminlegacy
Flexslider also knows recent issues: https://drupal.org/project/issues/flexslider

All these issues and vulnerabilities aren’t at once solved by renaming the CMS software, I would like it would ;D and I would be a code sorcerer :o

polonus