A PHISH with security issues...

Re: https://urlquery.net/report/2615ee1c-d89c-441d-8580-dc9b77e5a867
Given as alerted by Google Safebrowsing: http://isithacked.com/check/www.potbnb.com
and here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.potbnb.com&ref_sel=GSP2&ua_sel=ff&fs=1

Also consider 8 third party embeds and 7 third party tracking : https://privacyscore.org/site/109734/
See: https://urlscan.io/domain/www.potbnb.com
F-grade status and recommemded changes: https://observatory.mozilla.org/analyze/www.potbnb.com
26 security issues: https://sonarwhal.com/scanner/b3d2dedd-da81-4c8c-9bd1-29a8327a7990
1 vuln. library detected: https://retire.insecurity.today/#!/scan/0e6033e5a3d65463dcb0d2d3864a92af8b746befb2864fde18d8decf749f7aa0
errors found

status: (referer=-www.potbnb.com/js/jquery.js)saved 6973 bytes 9f788f5342cb5bf6b757708af6592600217672e2
info: [script] -www.potbnb.com/js/js/jquery.js
info: [script] -www.potbnb.com/js/js/jquery.fittext.js
info: [script] -www.potbnb.com/js/js/scroll-startstop.events.jquery.js
info: [script] -www.google.com/recaptcha/api.js
info: [script] -www.potbnb.com/odf/js/odf.js
info: [img] -www.efty.com/market/uploads/domain/5c13cf5f7661974c394cf08df7640ec4.png
info: [img] -www.potbnb.com/js/img/themes/mokum/tick.png
info: [img] -www.potbnb.com/js/img/themes/north/name.png
info: [img] -www.potbnb.com/js/img/themes/north/emailicon.png
info: [img] -www.potbnb.com/js/img/themes/north/phone.png
info: [img] -www.potbnb.com/js/img/themes/north/offer.png
info: [img] -www.potbnb.com/js/img/themes/north/message.png
info: [decodingLevel=0] found JavaScript
error: undefined variable m
info: [element] URL=-www.google-analytics.com/analytics.js
info: [1] no JavaScript
file: 9f788f5342cb5bf6b757708af6592600217672e2: 6973 bytes
file: cc034b8ef7e51f6116d02c8aef2cc9fc89715a9a: 105 bytes
[
&

-www.potbnb.com/js/jquery.js status: (referer=XXX q=puppies)saved 83507 bytes 251ebab358d533b15ff2f89a68fbef9e16b92f3f info: [decodingLevel=0] found JavaScript error: undefined variable JSON error: undefined function o.createDocumentFragment error: undefined variable o info: [element] URL=-www.potbnb.com/js/undefined info: [1] no JavaScript file: 251ebab358d533b15ff2f89a68fbef9e16b92f3f: 83507 bytes file: 897a9c86f5d8b511cf6403f2385a916e12b10110: 74 bytes

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.potbnb.com

error checked:

-www.potbnb.com/odf/js/odf.js
status: (referer=XXX/web?q=puppies)saved 21881 bytes 0fbfedf5cd2f556a5bcf0eaa342749d55cab5553
info: [img] -www.potbnb.com/odf/js/
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
file: 0fbfedf5cd2f556a5bcf0eaa342749d55cab5553: 21881 bytes
Re: (opening up bootstrap code as well → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.potbnb.com%2Fodf%2Fjs%2Fodf.js
Sources and sinks for: Results from scanning URL: //wXw.google.com/recaptcha/api.js?ver=7.8.5&onload=ccfRecaptchaOnload&render=explicit
Number of sources found: 19
Number of sinks found: 1

polonus (volunteer website security analyst and website error-hunter)

Where one would expect this code to protect against phishing: -https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Re: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fmaxcdn.bootstrapcdn.com%2Ffont-awesome%2F4.5.0%2Fcss%2Ffont-awesome.min.css

related from this code going to: hxtp://vs1.pbworks.com/shared/statics/packed-v65464171.js
Number of sources found: 193
Number of sinks found: 98

Error there for strict-transport-security: 2 errors

But the websites main PHISHING’s vulnerability resides in this script: wXw.potbnb.com/odf/js/odf.js
as we can come to conclude from what has been discussed and revealed here:
https://premium.wpmudev.org/forums/topic/google-blocking-my-site-as-phishing

When trying to open up in http://odfviewer.nsspot.net/ I get an error for wXw.potbnb.com/odf/js/odf.js
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.potbnb.com%2Fodf%2Fjs%2Fodf.js&ref_sel=GSP2&ua_sel=ff&fs=1
error in odf.js code

found JavaScript
error: line:3: SyntaxError: invalid label:
error: line:3: 1: /*
error: line:3: ^
Read: https://stackoverflow.com/users/3426235/user3426235 (info credits go out to user:3426235 there). Re: https://stackoverflow.com/questions/23189833/view-odf-file-on-a-website

Allthough not helping much to mitigate towards the odf.js vulnerability, we have to mention these security hick-ups
because we have a non-secured connection via http:

Moreover excessive server info proliferation as “Apache/2.2.22 (Ubuntu)”,

We list via 3rd party cold reconnaissance scanning via https://sonarwhal.com/scanner/13996533-c0cc-4b63-bc2f-f68c2da16590
following

ERROR 'strict-transport-security' header was not specified hxtps://maxcdn.bootstrapcdn.com/ ERROR 'strict-transport-security' header was not specified hxtps://maxcdn.bootstrapcdn.com/favicon.ico

‘content-type’ header should have media type ‘text/xml’ (not ‘application/xml’) & ‘content-type’ header should have ‘charset=utf-8’ kick up interoperability errors.

found JavaScript
error: undefined variable PBwiki
error: undefined variable Class
error: undefined function Class.create

Nice to have been able to pinpoint this case a little closer to where the PHISHING misery started.
JavaScript has complete access and that is at the root of the PHISHING trouble.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)