Suspicious site: infection?

Solved
PouletVolant28 Posted messages 5 Registration date   Status Member Last intervention   -  
NICENIC_ Posted messages 1 Registration date   Status Member Last intervention   -

Hello everyone, (it's been years since I've asked questions here :D

Let me explain my potential problem that makes me fear an infection.

Context :
I am a notary (in France), and I specify this because we have been regularly targeted by computer viruses for about ten years, aimed at hijacking our email boxes to impersonate us, to spread viruses, retrieve clients' email addresses, steal files, modify bank account details sent by email (for those who still do this), or even empty our bank accounts.

I received a mail advertisement this Monday, "Notary Black Friday". Supposedly a commercial offer to enhance communication, only a video conference on November 26, 2025, at 1:00 PM for a duration of 45 minutes.
No company name, no SIREN, the ad is suspicious. The name of the company indicated on the envelope does not exist, and its address belongs to a domiciliation company...

I didn’t want to visit the link notaryblackfriday.com/now, but while trying to go on domaintools to check the Who Is, I accidentally validated and landed on the site (I closed the window immediately). This site is not indexed by Google (according to virustotal, the site refuses indexing by robots; only 1 antivirus on virustotal considers the site malicious). In short, the only way to access the site is to have the address on the coupon.

Not having a Linux PC to visit the site again,  could someone tell me what they think about the risk of contamination?
The address of the site is notaryblackfriday.com/now

I'm addressing you before contacting my IT provider.

Thank you in advance to all those who are willing to respond :)

6 answers

  1. brucine Posted messages 24916 Registration date   Status Member Last intervention   4 180
     

    Hello,

    Even if scripts are allowed for the connection, nothing happens except being offered the fabulous deal by clicking on "Join the Event".

    In other words, there is no malicious script that, upon connecting to the page, could attempt to download content to the device or extract data from it.

    On this last point, however, clearing the cookies of one's browser is still advisable.

    2
    1. PouletVolant28 Posted messages 5 Registration date   Status Member Last intervention   1
       

      Hello,

      Thank you very much for your response and the advice regarding cookies.

      The site encourages clicking on a link, and I think there's a risk of infection...

      If it's not too much trouble, could I get a screenshot? If necessary, I will forward it to the relevant department in my profession...

      I was advised to file a complaint within 72 hours in case something happens; I would like to avoid doing it for nothing against a company that just handled things poorly :D

      Thank you in advance, and have a nice day,

      0
      1. brucine Posted messages 24916 Registration date   Status Member Last intervention   4 180 > PouletVolant28 Posted messages 5 Registration date   Status Member Last intervention  
         

        Picked immediately, immediately Daucy; I deliberately "photographed" only the bottom of the page showing the clickable box, what is above is just nonsense.

        If you rush to all the more or less unhealthy ads you receive by email or postal mail, you won’t get far...

        At my place, the second kind goes straight to the trash and the first kind doesn't even make it past the mail server.

        1
      2. PouletVolant28 Posted messages 5 Registration date   Status Member Last intervention   1 > brucine Posted messages 24916 Registration date   Status Member Last intervention  
         

        Thank you very much. My goal is that, if it is risky, I can inform the competent professional services so that my colleagues do not get caught (well, given the short time frame, it's difficult). Conversely, if it is not, there's no need to cry wolf.

        0
      3. brucine Posted messages 24916 Registration date   Status Member Last intervention   4 180 > PouletVolant28 Posted messages 5 Registration date   Status Member Last intervention  
         

        It's not clear anyway.

        It is highly unlikely that it is directly malware; as for the rest, we don't know whether it is some sort of seminar or a "software" aimed, to summarize the jargon, at ensuring that actions are properly authenticated through their various signatures.

        In a regulated profession (I have previously practiced another), I assume you didn't wait for someone to reinvent the wheel to secure your IT network and your actions as much as possible, and I also assume that if the issue is sensitive, it is addressed in your various official professional communications or in the trade press without needing to wait for an obscure brochure in the mail.

        If it were necessary to add another layer, a supposedly professional site that talks about Black Friday and has nothing—no contact information, no publisher, no registered name—deserves only one thing: the trash.

        1
  2. luckydu43 Posted messages 4497 Registration date   Status Member Last intervention   1 177
     

    Hello

    Speaking of a target like you, performing a check is the best thing to do. By visiting a page, code is loaded by the browser and certain vulnerabilities allow one to escape the environment controlled by the browser, its temporary files, to type elsewhere in the system. This is the greatest threat to fear. It's not said that it has succeeded or even occurred, especially if your system has serious protection.

    Clicking on the link from Whois and not your email did not confirm your email as valid: the link in the email is supposed to contain a unique identifier to associate it with the attacker's database; that’s what is commonly done.

    I suggest this reading (link), noting that security contributors on the forum can assist with a system check using tools like FRST.

    Noting that you already have a service provider, it is advisable to let them handle it.


    The MAMAA may not have oil but they have data!
    Do you feel my Big Data?
    Sacrifice a few freedoms for more security and you lose them ALL.
    ALL YOUR DATABASE ARE BELONG TO US

    2
    1. PouletVolant28 Posted messages 5 Registration date   Status Member Last intervention   1
       

      Hello,

      Thank you for your quick response. I want to clarify that it wasn't an email but a postal letter, on paper. I therefore copied the link by hand into the address bar of the browser (Edge), and accidentally pressed enter instead of searching on Google^^

      1
  3. Rems 69 Posted messages 378 Registration date   Status Security Contributor Last intervention   24
     

    Hello,

    I quickly checked the topic.

    Go to this website:

    VirusTotal - Home

    Click on the URL section. Type your link in the top bar, then click on "Search."

    Wait a moment, a result will appear. Copy and paste the link from the result into your next message.

    Thank you


    0
    1. luckydu43 Posted messages 4497 Registration date   Status Member Last intervention   1 177
       

      Hello

      He had already done it beforehand ;-) : "This site is not indexed by Google (according to virustotal, the site refuses indexing by bots; only 1 antivirus from virustotal considers the site malicious)"

      0
  4. NonoM45 Posted messages 1020 Registration date   Status Member Last intervention   5
     

    Hello everyone,

    I'm surprised there is a subject for discussion!

    It has to be a scam with that name "notaryblackfriday.com/now"
    "blackfriday" in a domain name... are you serious!?

    0
  5. Rems 69 Posted messages 378 Registration date   Status Security Contributor Last intervention   24
     

    The main idea is to determine whether the PC was affected by the "voluntary" opening of the link, typed by the user of the PC, or not!

    If there is no detection on Virus Total (even when I can't see its report), there are still a few things to do:

    In the default browser:

    - Check the permissions and if anything seems suspicious, remove them (Clear the temporary files, etc., why not, but that's not everything!)

    - Given the sensitivity of the data on the PC, I'm not going to ask for a report from FRST or other tools!

    So you need to change all your email passwords and the sites you visit on the internet with this PC (where you have accounts, for example)!

    - Other things:

    Next time, definitely don't type the address of something you receive by paper mail on your main PC containing sensitive data.

    Use a VPN, for example (like OPERA which has a free VPN), if you want to venture out like this!

    Especially keep an eye on your email inbox in case you receive emails with your own email address (don't trust the usernames that can be attached to an email). If that’s the case, change your passwords again!

    With those wise words and in the absence of a report to analyze, I wish you good luck :-)


    0
  6. NICENIC_ Posted messages 1 Registration date   Status Member Last intervention  
     

    Wow, seriously your story is a bit creepy…
    I didn’t even know that paper ads could hide this kind of thing. Just the name “Notary Black Friday” already sounds weird.

    If I received that, I think I would have had the same reaction as you: total distrust.
    And accidentally stumbling upon the website would have stressed me out too.

    I’m curious to see if anyone here has ever encountered this thing, because it really seems very strange…

    0