Advice Request A site only detected by Kaspersky and Netcraft

Please provide comments and solutions that are helpful to the author of this topic.

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
Hello,
It will be Christmas soon, so I'm going to buy a few bottles of Champagne ;) and one of the site I want to visit was blocked by Netcraft and Kaspersky. I checked iit with VT but it was not detected by other Antivirus:unsure:
And SUCURI says that this site is clean...
1.PNG
2.PNG
3.PNG
4.PNG
 
Last edited:

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Indeed, Norton SafeWeb detected it in Edge.old browser. (y) However, I want Champagne. So, I bypassed Norton, which then offered Isolation Mode if I signed into my Norton acct. (don't got one). So I skipped that, thinking the site would load. Instead, got this:

champmarket.PNG

Check out the URL on that page, where I'd originally typed: xxx.champmarket.com Great reminder about phishing and skimming, guys! :love: Hopefully, this is the closest any of us will ever come. 🙏
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
Perfect example where a small guide like this might come in handy.
I did the basic check for you @JB007 and to start with, very nice site (y) just not sure they deliver to Sweden. :giggle:

The site/domain itself. This been around since 2010 and I can't see anything shady with the registrar etc.

What I'm personal not too fond off, is their use of a CMS platform. In this case Magento but, I can't say for sure if they at least run the latest version as that's crucial.

For more information on " Magecart " attacks, MTs news forum/section is a great start.
One can also send the url/link to several AV vendors to try get a better answer but, as the malicious scripts comes and goes and it's impossible to predict exactly when and when even obfuscated as for example legit Google scripts, I would rather suggest/advise a few things first that works much better.
  1. If you must buy from this site, make an order if possible through there phone number that's clearly shown on all pages in the top right corner.
  2. If you still want to buy online, try use in first hand a so called pre-paid debit card or, enable security settings on your banks site if available.
  3. Shop the bottle/s physical from a local store as then you also don't need to worry about any late delivery.
Good luck @JB007 and hope you can enjoy your champagne soon. 🥂
 
Last edited:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
It seems the site itself could be safe but it loads a third party script which is the culprit here. But that domain is down so it's not able to load the script anyway.
sc.png
I don't know whether the site has been compromised or they deliberately added this but it's better not to purchase anything from here just to stay safe.
Another example of the usefulness of script blocking extensions like: uMatrix, NoScript, ScriptSafe, uBlock Origin in medium/hard mode, etc.
VT report of the third party script site: VirusTotal
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
It seems the site itself could be safe but it loads a third party script which is the culprit here. But that domain is down so it's not able to load the script anyway.
View attachment 230920
I don't know whether the site has been compromised or they deliberately added this but it's better not to purchase anything from here just to stay safe.
Another example of the usefulness of script blocking extensions like: uMatrix, NoScript, ScriptSafe, uBlock Origin in medium/hard mode, etc.
VT report of the third party script site: VirusTotal
Norton-Blocked2.png

Norton blocked Virus Total here hahahahaha
 

notabot

Level 15
Verified
Oct 31, 2018
703
It seems the site itself could be safe but it loads a third party script which is the culprit here. But that domain is down so it's not able to load the script anyway.
View attachment 230920
I don't know whether the site has been compromised or they deliberately added this but it's better not to purchase anything from here just to stay safe.
Another example of the usefulness of script blocking extensions like: uMatrix, NoScript, ScriptSafe, uBlock Origin in medium/hard mode, etc.
VT report of the third party script site: VirusTotal

The problem is when the page doesn't display correctly or doesn't work properly, in which case you need to enable more scripts and then the user has little clue of whether to enable or not the malicious script, unless they try scripts one by one, starting from same domain, only cautiously expanding to 3rd domains etc -- but this approach is a quite a slow one.
 

notabot

Level 15
Verified
Oct 31, 2018
703
For card skimmers, my solution is simple, only use a card that you can enable & disable ad hoc.
This can either be a virtual card, many banks offer this service these days. Something like Revolut also does the trick.

Enable the card, buy what you want ( provided it's not a subscription ) and after the transaction is cleared disable the card. It's 100% skimmer proof.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top