PHISHING & malware detected?

Re: https://www.virustotal.com/#/url/fa0e9ee33d2c1ecf963e51337c172920898112df60c704892a15c12c3804a29e/details
nothing detected? Consider: https://urlquery.net/report/97a444bc-79b8-499a-90f6-2c25eb8032de
Redirecting: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=atat.ro&ref_sel=GSP2&ua_sel=ff&fs=1

iFrame:

Retirable jQuery library: http://retire.insecurity.today/#!/scan/b4a17f65dd1f009acb3c503d69999d5f92e1afdf0a8b5494847e918f1ab171f6

Results from scanning URL: hxtp://rianimanhusodo12.blogspot.com
Number of sources found: 22
Number of sinks found: 484

Results from scanning URL: //translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Number of sources found: 43
Number of sinks found: 8

Results from scanning URL: hxtps://www.blogger.com/static/v1/widgets/3577707566-widgets.js
Number of sources found: 93

Results from scanning URL: htxps://apis.google.com/js/plusone.js
Number of sources found: 43
Number of sinks found: 8
Number of sinks found: 44

F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=rianimanhusodo12.blogspot.com
and https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=atat.ro&ref_sel=GSP2&ua_sel=ff&fs=1

polonus (volunteer website security analyst and website error-hunter)

This code has not been checked for sinks and sources and code errors either:
Funny as it is appearing on innumerable sites.

Like “f.gsrc=P(“iframes/:source:””; k=D(f);l.src=“”;l[“data-postorigin”]=; k.action=l;k.method=“POST”

htxps://apis.google.com/js/plusone.js

errors:

-apis.google.com/js/plusone.js
info: [decodingLevel=0] found JavaScript
info: [setAttribute src] URL=apis.google dot com//scs/apps-static//js/k=-oz.gapi.US._Utt7ckmbKE.O/m=unsupported/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNjdXKe6a7uYkOLJSFg8M1oyoGbpw/cb=gapi.0
info: [element] URL=apis.google dot com/js/undefined
info: [decodingLevel=0] found JavaScript
error: undefined variable gapi
error: undefined function gapi.0

This is a bug trying to get property of non-object, while error from calling asynchronously (pol - info credits go to Stack Overflow’s rajesh ujade. (pol)

polonus

But there are more errors when we skim over all of the source code with an unpacker of sorts:
To start with

maxruntime exceeded 10 seconds (incomplete) 0 bytes
wXw.blogger.com/static/v1/jsbin/771816573-ieretrofit.js benign
[nothing detected] (script) -www.blogger.com/static/v1/jsbin/771816573-ieretrofit.js
status: (referer=-rianimanhusodo12.blogspot.com/)saved 37495 bytes c8521d21fbbe5e7d8510bea5153807c259cb4a9b
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes

maxruntime exceeded points at some problems:
[javascript variable] URL=-www.w3.org/1999/xhtml
info: [img] -ad.zanox.com/ppv/?23061514C440230008
info: [decodingLevel=0] found JavaScript
error: line:5: SyntaxError: missing } in XML expression:
error: line:5: c))));a&&(window.jstiming.pt=a)}catch(k){}})();}).call(this);
error: line:5: …^
(profile hidden embedded code - is it secure from hacking?

[iframe] -atat.ro/about.html info: [decodingLevel=0] found JavaScript error: line:5: SyntaxError: missing } in XML expression: error: line:5: c))));a&&(window.jstiming.pt=a)}catch(k){}})();}).call(this); error: line:5: ..............................................^ file: fea13d4ed8c97ef23c0ecd2a22751ac9b17718cb: 57824 bytes
eferer=-rianimanhusodo12.blogspot.com/)saved 1716 bytes fdac5b2f68116c7613fc71a0f0d6da2e42043185 info: [decodingLevel=0] found JavaScript error: undefined variable document.body.parentNode error: line:1: SyntaxError: missing ; before statement: error: line:1: var document.body.parentNode = 1; error: line:1: ....^ info: [element] URL=-translate.google.com/a/undefined
wrong manipulation of elements - (pol).
wXw.blogger.com/static/v1/widgets/3577707566-widgets.js info: [decodingLevel=0] found JavaScript error: undefined variable gapi * see earlier posting error: undefined function gapi.load error: line:3: SyntaxError: missing = in XML attribute: error: line:3: error: line:3: ..............^

Additionaly CMS Word Press - Directory Indexing Enabled on upload link from -duniabaca.com/
where link to htxp://n.ads1-adnow.com/ is being blocked by my uBlock Origin extension following the EasyList subscription.

polonus (volunteer website security analyst and website error-hunter)