Order was never shipped after I paid for it now they canceled order but no refund after 4 months

Antivirus Positives:
Virus. Vbs. Qexvmc. 1065
Virus. Vbs. Qexvmc. 1070

Proof of Concept:
https://www.virustotal.com/gui/file/c1f8c2bd8dd936e*******dc8121c39ca53cf212c5a6b07de9b73b5ff6d04adfb7
https://www.virustotal.com/gui/file/2c855b2cad18b*******f*******e9da1e4f*******cf643a*******b9f*******a89

Security Report Summary:
https://securityheaders.com/?q=www.danburymint.com&followRedirects=on

Attackers Methods:
*Social Engineering
*Clicktracking through Google Analytics
*Clickjacking Scripts
*Racketeering Activities [Counterfeit Goods, Identity Theft, Credit Card Fraud, Confidence Tricks]
*Javascript Trojans

Material Facts:
*Absence of Strict-Transport-Security Headers
*Absence of Content-Security-Policy
*Absence of X-Content-Type-Options
*Absence of Referrer-Policy
*Absence of Feature-Policy

Source Code Archive:
https://urlscan.io/dom/*******a0e-78ca-4912-9668-b647acc9e2f6/

Additional Information:
Server
This Server header seems to advertise the software being run on the server but you can remove or change this value.

X-AspNetMvc-Version
X-AspNetMvc-Version details further information about your ASP.NET MVC version and should be removed.

X-AspNet-Version
X-AspNet-Version details specific information about your ASP.NET version and should be removed.

Set-Cookie
The 'secure' flag is not set on this cookie. There is no Cookie Prefix on this cookie. This is not a SameSite Cookie.

X-Frame-Options
X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.