Iframes are inline frames used to embed code from another document, local or remote. Just as all other HTML markers it can be use for malicious purposes.
Malicious iframes are usually hidden by changing their position off-screen or setting its style to hidden. They most commom malicious code in those iframes are spam content or drive-by malware.
Any website running vulnerable software or hosted on a server with compromised credentials
Inspect your website for any unwanted iframes and remove them.
<iframe src="https://kb.sucuri.net" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>