The location line in the header above has redirected the request to: htxp://www.wallcg.com/union-films-filmography-milla-jovovich-167023/
See: http://evuln.com/tools/malware-scanner/www.wallcg.com/
and https://www.virustotal.com/nl/url/14da5c1b6dc6c40682381344a262bd91830d99ee21b077056960f764fcc329ef/analysis/1382448962/
and http://urlquery.net/report.php?id=7040041
eval packed from resources.infolinks.com/js/main.js, see: http://jsunpack.jeek.org/?report=495aa80b755a02f6bb01d0e24da00729c0d606a1
wXw.wallcg.com/wp-content/themes/agc/bot.js benign
[nothing detected] (script) wXw.wallcg.com/wp-content/themes/agc/bot.js
status: (referer=wXw.wallcg.com/union-films-filmography-milla-jovovich-167023)saved 98218 bytes b98f7f56b4d727bc6234088b1530db68d9567ec5
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
Found benign here: http://zulu.zscaler.com/submission/show/4f9ad0d546213bc284aacf8d2a189add-1382449587

Potentially unwanted spoofed content via this external link: http://www.mywot.com/en/scorecard/beta.ace.advertising.com?utm_source=addon&utm_content=popup-donuts
(a strange advertisement bug) beta dot ace.advertising dot com is listed in OpenDNS’s Block Tool -risk of identity theft or other fraud…
via var ACE3PopHost…
iFrame going here: http://jsunpack.jeek.org/?report=ff48f989a8ea8598ab4584844cb3ebd18cd9bf30 → https://www.virustotal.com/nl/ip-address/216.40.254.75/information/ - nothing here: http://urlquery.net/report.php?id=7040658

polonus