The website that has this flagged many times: https://urlquery.net/report/530dfcef-f2a4-4bfd-a98f-8af0eb16569d
See the problematic code flagged as 1 → /js/lib/ccard.js → https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=safety.btcgroup.ru%2Fkamuflyazh%2Fkostumy%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Read about it here: http://labs.sucuri.net/?note=2016-06-30
and https://www.foregenix.com/blog/credit-card-hijack-magento-javascript-alert
Only one to detect? https://www.virustotal.com/nl/url/2c209f13687d8a692fe5f9c19b3814e1f8050cea6843be30af17fe81f20f4851/analysis/1510414423/
Flagged: https://sitecheck.sucuri.net/results/safety.btcgroup.ru
F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=safety.btcgroup.ru
ISSUE DETECTED DEFINITION INFECTED URL Website Malware MW:JS:GEN2?malware.magento_shoplift.002.02 htxp://safety.btcgroup.ru/js/lib/ccard.js ( View Payload ) Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?malware.magento_shoplift.002.02 ////if((new RegExp('onepage|onestepcheckout|firecheckout|///////onestepquickcheckout|simplecheckout|checkout'))////.test(window.location)) /////{
Also a PHISH → identity threat on: -Location: hxtp://safety.btcgroup.ru/js/2017.htm
Detection fully missed here:
https://quttera.com/detailed_report/safety.btcgroup.ru
polonus (volunteer website security analyst and website error-hunter)