Where I stumbled upon it?
Results from scanning URL: -https://cl-policlinic1.ru/bitrix/templates/beauty_s1/js/jquery.selectric.min.js?v=1417697277
Number of sources found: 12
Number of sinks found: 4
&
Results from scanning URL: -https://cl-policlinic1.ru/bitrix/templates/beauty_s1/js/main.js
Number of sources found: 10
Number of sinks found: 2
TLS Certificate does not match:
https://sitecheck.sucuri.net/results/https/cl-policlinic1.ru-
https://www.shodan.io/host/92.53.96.27Probably scanned for a bitrix related exploit see -https://bitrix.info/ba.js
-> htXps://timeweb.com/bitrix/cache/js/s1/timeweb/template_e703768201804ac2b22357050ebda509/template_e703768201804ac2b22357050ebda509_v1.js,q1588177097244078.pagespeed.jm.VnIGRrGXcf.js (To my surprise DrWeb's scan gives it as clean).
See where the malicious template is being found -
https://sitecheck.sucuri.net/results/https/timeweb.com/ru/Trustscam generated scan results (so can these be trusted themselves?)->
{"url":"https:\/\/trustscam.com\/cl-policlinic1.ru","status":"ok"}
{"url":"https:\/\/trustscam.com\/timeweb.com","status":"ok"}
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)