PHISHING & malware detected?

[polonus]

Re: https://www.virustotal.com/#/url/fa0e9ee33d2c1ecf963e51337c172920898112df60c704892a15c12c3804a29e/details
nothing detected?  Consider: https://urlquery.net/report/97a444bc-79b8-499a-90f6-2c25eb8032de
Redirecting: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=atat.ro&ref_sel=GSP2&ua_sel=ff&fs=1

iFrame:

<iframe allowtransparency="true" class="blogger-iframe-colorize blogger-comment-from-post" frameborder="0" height="410px" id="comment-editor" name="comment-editor" src="" width="100%"></iframe>
<iframe src="//wXw-blogger-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.dwebresources.com/widgets/google_clock.xml&amp;container=blogger&amp;view=default&amp;lang=in&amp;country=ALL&amp;sanitize=0&amp;v=ddffff33ecfb00fa&amp;libs=core&amp;parent=-rianimanhusodo12.blogspot dot com/&amp;up_mode=1&amp;up_bg=%23000000&amp;up_color=%2300ff00&amp;up_font&amp;up_bold=1&amp;mid=2#up_mode=1&amp;up_color=%2300ff00&amp;up_bg=%23000000&amp;up_bold=1&amp;up_gmt=99&amp;up_font&amp;st=e%3DAFlCd0VyNGltBsYo%252FTvFEm7Dj2fPGb1x%252Bh4q7DL4loHVogzAOu6T%252BGXN%252BKxpZnNKuT8e0u%252F122ZsE%252F1JkF6Q%252BToIS1bR3ef6NOGIs0c3lk3pqcxPklGiQC05vjGpaeZbMYSe7UsXJ9dV%26c%3Dblogger&amp;rpctoken=-4013450799123922482" frameborder="0" style="width: 100%; display: block" height="70" id="sidebar-gadget2" name="sidebar-gadget2"></iframe>
<iframe allowtransparency="true" frameborder="0" height="180" name="poll-widget2565379311657321874" style="border:none; width:100%;"></iframe>
<iframe src="//wXw-blogger-opensocial.googleusercontent.com/gadgets/ifr?url=htxp://hosting.gmodules.com/ig/gadgets/file/111311123200664007084/calendar.xml&amp;container=blogger&amp;view=default&amp;lang=in&amp;country=ALL&amp;sanitize=0&amp;v=552f95ab62fcc7c4&amp;libs=core&amp;parent=rianimanhusodo12.blogspot dot com/&amp;mid=1#st=e%3DAFlCd0VsQJhYQVsRQQmzDgfCzly4Y5vuQq0zDZv3T%252BJFJ2YHIOPKu01zT0RhtJ55a7gNN254lFzaWoQ7EjbK%252B5EG3xxkXpCuXmEf%252B3t2APzSnzY5baIgyIlkZdLVHe5nbMa686KE38yb%26c%3Dblogger&amp;rpctoken=8180585756144943873" frameborder="0" style="width: 100%; display: block" height="220" id="sidebar-gadget1" name="sidebar-gadget1"></iframe>
<iframe src="//wwX-blogger-opensocial.googleusercontent.com/gadgets/ifr?url=htxp://hosting.gmodules.com/ig/gadgets/file/111950271397992844779/Islamic-Finderxml.xml&amp;container=blogger&amp;view=default&amp;lang=in&amp;country=ALL&amp;sanitize=0&amp;v=346e6f61b235da95&amp;libs=core&amp;parent=rianimanhusodo12.blogspot dot com/&amp;mid=3#st=e%3DAFlCd0Wr8OK3EpsMcnCp3%252F%252BqZSBc%252B2lPlW7z%252FiSb6%252F%252F8CSgj25bbr1hdmr5ey4SfZnHRDBLAMVx9pZ4Gqb93WOG0GqCC57Xa5e0IJKjuAc2K443w9hiUm7sOPNzVl2mmk2ZQ%252FkeI7ykv%26c%3Dblogger&amp;rpctoken=2154887863611505691" frameborder="0" style="width: 100%; display: block" height="180" id="sidebagadget3" name="sidebar-gadget3"></iframe>

Retirable jQuery library: http://retire.insecurity.today/#!/scan/b4a17f65dd1f009acb3c503d69999d5f92e1afdf0a8b5494847e918f1ab171f6

Results from scanning URL: hxtp://rianimanhusodo12.blogspot.com
Number of sources found: 22
Number of sinks found: 484

Results from scanning URL: //translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Number of sources found: 43
Number of sinks found: 8

Results from scanning URL: hxtps://www.blogger.com/static/v1/widgets/3577707566-widgets.js
Number of sources found: 93

Results from scanning URL: htxps://apis.google.com/js/plusone.js
Number of sources found: 43
Number of sinks found: 8
Number of sinks found: 44

F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=rianimanhusodo12.blogspot.com
and https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=atat.ro&ref_sel=GSP2&ua_sel=ff&fs=1

polonus (volunteer website security analyst and website error-hunter)

[polonus]

This code has not been checked for sinks and sources and code errors either:
Funny as it is appearing on innumerable sites.

Like "f.gsrc=P("iframes/:source:""; k=D(f);l.src="";l["data-postorigin"]=; k.action=l;k.method="POST"

htxps://apis.google.com/js/plusone.js

errors:

-apis.google.com/js/plusone.js
         info: [decodingLevel=0] found JavaScript
     info: [setAttribute src] URL=apis.google dot com/_/scs/apps-static/_/js/k=-oz.gapi.US._Utt7ckmbKE.O/m=unsupported/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNjdXKe6a7uYkOLJSFg8M1oyoGbpw/cb=gapi.0
     info: [element] URL=apis.google dot com/js/undefined

  info: [decodingLevel=0] found JavaScript
     error: undefined variable gapi
     error: undefined function gapi.0

This is a bug trying to get property of non-object, while error from calling asynchronously (pol - info credits go to Stack Overflow's rajesh ujade. (pol)

polonus

[polonus]

But there are more errors when we skim over all of the source code with an unpacker of sorts:
To start with

maxruntime exceeded 10 seconds (incomplete) 0 bytes
wXw.blogger.com/static/v1/jsbin/771816573-ieretrofit.js benign
[nothing detected] (script) -www.blogger.com/static/v1/jsbin/771816573-ieretrofit.js
     status: (referer=-rianimanhusodo12.blogspot.com/)saved 37495 bytes c8521d21fbbe5e7d8510bea5153807c259cb4a9b
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes

maxruntime exceeded points at some problems:

[javascript variable] URL=-www.w3.org/1999/xhtml
     info: [img] -ad.zanox.com/ppv/?23061514C440230008
     info: [decodingLevel=0] found JavaScript
     error: line:5: SyntaxError: missing } in XML expression:
          error: line:5: c))));a&&(window.jstiming.pt=a)}catch(k){}})();}).call(this);
          error: line:5: ..............................................^

(profile hidden embedded code - is it secure from hacking?

[iframe] -atat.ro/about.html
     info: [decodingLevel=0] found JavaScript
     error: line:5: SyntaxError: missing } in XML expression:
          error: line:5: c))));a&&(window.jstiming.pt=a)}catch(k){}})();}).call(this);
          error: line:5: ..............................................^
     file: fea13d4ed8c97ef23c0ecd2a22751ac9b17718cb: 57824 bytes

eferer=-rianimanhusodo12.blogspot.com/)saved 1716 bytes fdac5b2f68116c7613fc71a0f0d6da2e42043185
     info: [decodingLevel=0] found JavaScript
     error: undefined variable document.body.parentNode
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var document.body.parentNode = 1;
          error: line:1: ....^
     info: [element] URL=-translate.google.com/a/undefined

wrong manipulation of elements - (pol).

wXw.blogger.com/static/v1/widgets/3577707566-widgets.js
     info: [decodingLevel=0] found JavaScript
     error: undefined variable gapi  * see earlier posting
     error: undefined function gapi.load
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html>
          error: line:3: ..............^

Additionaly CMS Word Press - Directory Indexing Enabled  on upload link from -duniabaca.com/
where link to htxp://n.ads1-adnow.com/ is being blocked by my uBlock Origin extension following the EasyList subscription.

polonus (volunteer website security analyst and website error-hunter)