Why you should establish whether a webshop is safe to buy from?

See: https://www.magereport.com/scan/?s=https://www.justshopclub.com/
Found to be a high risk site.
XSS-DOM issues: Results from scanning URL: -http://www.justshopclub.com
Number of sources found: 10
Number of sinks found: 134
&
Results from scanning URL: -https://www.justshopclub.com/js/scriptaculous/dragdrop.js
Number of sources found: 9
Number of sinks found: 7
&
Results from scanning URL: -https://www.justshopclub.com/js/scriptaculous/controls.js
Number of sources found: 10
Number of sinks found: 14

With oudated CMS software and PHP, but not detected as a credit card stealer injection.
Re: https://sitecheck.sucuri.net/results/www.justshopclub.com
ApplicationMagento
Version1.x/1.9.1.0-1.9.1.1/1.9.2.0 based on skin/adminhtml/default/default/boxes.css

Given as suspicious here: https://quttera.com/detailed_report/www.justshopclub.com
And they are detectong the right injection script there: /js/mage/translate.js
Severity: Suspicious
Reason: Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Detected malicious crypto miner
Offset: 1582
Threat dump: see code → -https://pastebin.com/HKdNCnNi (minus - for researchers).
Threat dump MD5: 1BFF2133212650EDF60B95F281EF59E1
File size[byte]: 7138
File type: ASCII
Page/File MD5: EE7CB69CBD572798563007EB4ACF4324
Scan duration[sec]: 0.021

So insecurity by design: https://webhint.io/scanner/5b020057-3822-45e7-940f-183c08dc997f
and 145 security issues: https://webhint.io/scanner/5b020057-3822-45e7-940f-183c08dc997f#category-security

Also see the vuln. at the Russian hoster: https://www.shodan.io/host/31.192.111.83
Detected by Fortinet’s: https://fortiguard.com/webfilter?q=justshopclub.com

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)