A true PHISH and javascript malware & obfuscated redirection?

See: https://www.virustotal.com/pl/url/4b9bc1c212fd0d2e7be49734a50bc117508604a5faff6a3550863cb1bb282c8f/analysis/1496421051/
HTML/Iframe.B trojan detected on IP: https://www.scumware.org/report/5.57.226.202.html
https://www.elhacker.net/whois.html?domain=5.57.226.202 & https://malwr.com/analysis/ZmE0OGU4MDVkNTc2NGMxYmEzYjA3MWE3ZDBjNWU3ZWI/

On that PHISH: http://soporte.miarroba.es/1417336/12164332-abuse-phishing-site-on-webcindario-com-5-57-226-202/

1 malicious file detected: https://quttera.com/detailed_report/calzados32.webcindario.com : Detected encoded JavaScript code commonly used to hide malicious behaviour. Details: http://sucuri.net/malware/malware-entry-mwjs2368?malware.generic_jsobfuscator.1.4

Blacklisted: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=calzados32.webcindario.com

Look here for info on the PHISH and the colleting of passwords: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=calzados32.webcindario.com&ref_sel=GSP2&ua_sel=ff&fs=1

The supicious code obfuscation see inside line 17.

Also see: https://urlscan.io/result/09defe97-753a-4d8c-a742-f97f42ccd18c#summary

Do not visit the site because of smut links: var urlredirect=“htxp://www.mobilesexlife.mobi/?sl=33904-a24ef&data1=Track1&data2=Track2”; decoded from: http://ddecode.com/hexdecoder/?results=53ff8ecdec2bf0bd44e2e01221aa1022

Certainly a destination we wanna block, won’t we, folks,

polonus (volunteer website security analyst and website error-hunter)