See:
Flagged: https://www.virustotal.com/nl/url/e386a61f68bd69f47e3c4c8bc634d0e4f93806e4cdd61f70e677fca80c9210a2/analysis/1457705236/
Vulnerable code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fassets.jimstatic.com%2Fweb.js.ced5f219fd7b162c1ae5.js
Neither Sucuri nor Quttera flag it, nor anything here: http://zulu.zscaler.com/submission/show/f45ceef48cc7a940da50a7241f4f959f-1457705576
polonus