See: https://www.virustotal.com/nl/url/7fafab779c4960f890d495971cdf6afbce7da5e27d6567237ca900cb1309ef6d/analysis/1442350313/
VW Archives has Up: unknown_html.
Nothing here: http://quttera.com/detailed_report/turtlehull.blogspot.com
and here: https://sitecheck.sucuri.net/results/turtlehull.blogspot.com
blog website has changed destination: -nanalittlekitchen.wordpress.com
From: http://toolbar.netcraft.com/site_report?url=http://turtlehull.blogspot.com
to: http://toolbar.netcraft.com/site_report?url=nanalittlekitchen.wordpress.com with same website risk status.

The following plugins were detected by reading the HTML source of the WordPress sites front page.

WordPress Theme
The theme has been found by examining the path /wp-content/themes/ theme name /

h4

ie-sitemode

Compromised sites will often be linked to malicious javascript in an attempt to attack users of your WordPress installation. Look over the listed javascript, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.

-https://s2.wp.com/_static/??-eJyNjtEOgjAMRX/IbYL4wIPxWyZU6Nw6XIcEv96ayIORqEmT5rbn3tZMg0Jq/NgCGyd1HSHNr6Ydb8w3QAXsks2gA9ICN5EyUH6yIZ7QgxoZku1kJkHnuMINkXMAZoFWtu8vId0Qpp+YgzzY5qISMN4/UnMPcs/0lfGWWqRusVmacy+aPbaQ/raBZVG60KVYjuFQVLt6X2zLunIPPMyC5w==
-//0.gravatar.com/js/gprofiles.js?ver=201538x
-https://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781g
-https://s0.wp.com/_static/??-eJyVizsOgzAMQC/U1KIwkAFxFghWcbBDVAfC8Rs26Nb1fSBH49aQMCTwChPu5DAeT68PuCjZTOTtTUHBrSIFGaYF9XyYRtBMEf+ZbuB3TDNKyebmLFUGZnUfxFC6XrqqednW1lVr/RePRkWD
//-stats.wp.com/w.js?48

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fturtlehull.blogspot.com%2F2014%2F10%2Fsugar-free-latte-syrup-collection.html
and on new site: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fs2.wp.com%2F_static%2F%3F%3F-eJyNjtEOgjAMRX%2FIbYL4wIPxWyZU6Nw6XIcEv96ayIORqEmT5rbn3tZMg0Jq%2FNgCGyd1HSHNr6Ydb8w3QAXsks2gA9ICN5EyUH6yIZ7QgxoZku1kJkHnuMINkXMAZoFWtu8vId0Qpp%2BYgzzY5qISMN4%2FUnMPcs%2F0lfGWWqRusVmacy%2BaPbaQ%2FraBZVG60KVYjuFQVLt6X2zLunIPPMyC5w%3D%3D
→ Entity: line 12: parser error : EntityRef: expecting ‘;’ [APP/controllers/frontend_controller.php,

polonus

Some baddies on that same IP: https://www.virustotal.com/nl/ip-address/192.0.78.12/information/
Don’t believe this only 1 malicious URL on that Autonomous System, a joke? → http://sitevet.com/db/asn/AS2635
and only one with badware? And Avast detects VBS:Dropper-DF [Trj] there.

polonus

Sharing the same server and also flagged for a similar issue is this website:
https://www.virustotal.com/nl/url/9db2746d1f3a5a116331baabff5673cb98f4e026024651abd4e973493bff66b7/analysis/1442352848/
Nothing given here: http://zulu.zscaler.com/submission/show/ea4274a91af561b3b277adf328e4155d-1442352941
Quttera is the one to flag this and whatr we have there? 2 malicious files detected:
2013/05/respect-authority.html#comment-form
Severity: Malicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to malicious blacklisted domain -www.leesburgfire.org
File size[byte]: 74316
File type: HTML
Page/File MD5: DE827830AFE24B431BF3ECD951D5EB66
Scan duration[sec]: 0.277000
&
2013/05/respect-authority.html
Severity: Malicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to malicious blacklisted domain -www.leesburgfire.org
File size[byte]: 74316
File type: HTML
Page/File MD5: DE827830AFE24B431BF3ECD951D5EB66
Scan duration[sec]: 0.233000

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftroop1138.blogspot.com
and http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.leesburgfire.org

Furthermore 4 suspicious files: Severity: Suspicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to suspicious blacklisted domain -www.idalee.org
See: https://webtrac.idalee.org/wbwsc/webtrac.wsc/wbsearch.html?wbsi=a8a747d8-2ac2-4e8e-e511-6941b303f4a1&xxmod=ar

A filter stopped this from loading: uBlock₀ has prevented the following page from loading:
-http://s21.sitemeter.com/js/counter.js?site=s52troop1138
Likes Google+ and PinIt are also normally blocked in my browser as replaced by Privacy Badger extension (note from me, pol).

See website risk status 7 red out of 10 here: http://toolbar.netcraft.com/site_report?url=http://troop1138.blogspot.com

polonus (volunteer website security analyst and website error-hunter)