I noticed something in our weekly Event Viewer check on our web server.

There is an event viewer warning for an attempt to go to:

hxxp://www.ourwebsitename.com/products/ b]):f===v?c.css(e,d):this.css(d,typeof f===

I wonder if the part in bold is an attempted Cross-Site Scripting attempt.  Has anyone else run across it?

The part up to and including products/ IS part of the site.  Just the b] forward is the bad part.

- I see that it's the last part of jquery-1.4.min.js

To check, I downloaded jquery-1.4.min.js from jquery.com and compared that last line.  It's ALMOST the same.  

In NopCommerce"
b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});z.jQuery=z.$=c})(window);

From jquery.com:
b]):f===v?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});z.jQuery=z.$=c})(window);

That's the only difference I could find.  Not sure why it would be showing up - someone tryint to specifically call it?

thanks

David

I saw the same kind of requests as well.  I blocked the ip ranges that these were coming from.  Looks like they were isolated to a specific group of individuals since I haven't seen them since.