avast!Web Shield detected JS:Iframe-AMQ[Trj] as url/|{gzip}. Where? See: http://urlquery.net/report.php?id=2270498
But is this on the same IP also being infested: Up(nil): unknown_html ARIN US abuse at mediatemple dot net 70.32.68.168 to 70.32.68.168 churchofrabbit dot com htxp://churchofrabbit.com/js/global.js/ → http://urlquery.net/report.php?id=2353088
Site is vulnerable to wlwmanifest.xml PHP malware…

polonus