JB007

Level 19
Verified
Hello,
It will be Christmas soon, so I'm going to buy a few bottles of Champagne ;) and one of the site I want to visit was blocked by Netcraft and Kaspersky. I checked iit with VT but it was not detected by other Antivirus:unsure:
And SUCURI says that this site is clean...
1.PNG
2.PNG
3.PNG
4.PNG
 
Last edited:

plat1098

Level 13
Verified
Indeed, Norton SafeWeb detected it in Edge.old browser. (y) However, I want Champagne. So, I bypassed Norton, which then offered Isolation Mode if I signed into my Norton acct. (don't got one). So I skipped that, thinking the site would load. Instead, got this:

champmarket.PNG

Check out the URL on that page, where I'd originally typed: xxx.champmarket.com Great reminder about phishing and skimming, guys! :love: Hopefully, this is the closest any of us will ever come. 🙏
 

upnorth

Level 38
Verified
Trusted
Content Creator
Perfect example where a small guide like this might come in handy.
I did the basic check for you @JB007 and to start with, very nice site (y) just not sure they deliver to Sweden. :giggle:

The site/domain itself. This been around since 2010 and I can't see anything shady with the registrar etc.

What I'm personal not too fond off, is their use of a CMS platform. In this case Magento but, I can't say for sure if they at least run the latest version as that's crucial.

For more information on " Magecart " attacks, MTs news forum/section is a great start.
One can also send the url/link to several AV vendors to try get a better answer but, as the malicious scripts comes and goes and it's impossible to predict exactly when and when even obfuscated as for example legit Google scripts, I would rather suggest/advise a few things first that works much better.
  1. If you must buy from this site, make an order if possible through there phone number that's clearly shown on all pages in the top right corner.
  2. If you still want to buy online, try use in first hand a so called pre-paid debit card or, enable security settings on your banks site if available.
  3. Shop the bottle/s physical from a local store as then you also don't need to worry about any late delivery.
Good luck @JB007 and hope you can enjoy your champagne soon. 🥂
 
Last edited:

SeriousHoax

Level 18
Verified
Malware Tester
It seems the site itself could be safe but it loads a third party script which is the culprit here. But that domain is down so it's not able to load the script anyway.
sc.png
I don't know whether the site has been compromised or they deliberately added this but it's better not to purchase anything from here just to stay safe.
Another example of the usefulness of script blocking extensions like: uMatrix, NoScript, ScriptSafe, uBlock Origin in medium/hard mode, etc.
VT report of the third party script site: VirusTotal
 

fabiobr

Level 1
It seems the site itself could be safe but it loads a third party script which is the culprit here. But that domain is down so it's not able to load the script anyway.
View attachment 230920
I don't know whether the site has been compromised or they deliberately added this but it's better not to purchase anything from here just to stay safe.
Another example of the usefulness of script blocking extensions like: uMatrix, NoScript, ScriptSafe, uBlock Origin in medium/hard mode, etc.
VT report of the third party script site: VirusTotal
Norton-Blocked2.png

Norton blocked Virus Total here hahahahaha
 

notabot

Level 15
It seems the site itself could be safe but it loads a third party script which is the culprit here. But that domain is down so it's not able to load the script anyway.
View attachment 230920
I don't know whether the site has been compromised or they deliberately added this but it's better not to purchase anything from here just to stay safe.
Another example of the usefulness of script blocking extensions like: uMatrix, NoScript, ScriptSafe, uBlock Origin in medium/hard mode, etc.
VT report of the third party script site: VirusTotal
The problem is when the page doesn't display correctly or doesn't work properly, in which case you need to enable more scripts and then the user has little clue of whether to enable or not the malicious script, unless they try scripts one by one, starting from same domain, only cautiously expanding to 3rd domains etc -- but this approach is a quite a slow one.
 

notabot

Level 15
For card skimmers, my solution is simple, only use a card that you can enable & disable ad hoc.
This can either be a virtual card, many banks offer this service these days. Something like Revolut also does the trick.

Enable the card, buy what you want ( provided it's not a subscription ) and after the transaction is cleared disable the card. It's 100% skimmer proof.