You're welcome.
Yes, the proof is in the content of the .jpg that I captured and examined and (even if not totally malicious, but I can't see that), as far as I'm concerned there really is no legitimate reason to put iframe and script tags embedded into a jpg file. This no doubt is the feeling of the 21 scanners.
So the co-author needs to remove that code if placed there by him or other author, if not then the site has been hacked and the iframe and script tags inserted into the .jpg/s.