A PHISH with security issues...

[polonus]

Re: https://urlquery.net/report/2615ee1c-d89c-441d-8580-dc9b77e5a867
Given as alerted by Google Safebrowsing: http://isithacked.com/check/www.potbnb.com
and here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.potbnb.com&ref_sel=GSP2&ua_sel=ff&fs=1

Also consider 8 third party embeds and 7 third party tracking : https://privacyscore.org/site/109734/
See: https://urlscan.io/domain/www.potbnb.com
F-grade status and recommemded changes: https://observatory.mozilla.org/analyze/www.potbnb.com
26 security issues: https://sonarwhal.com/scanner/b3d2dedd-da81-4c8c-9bd1-29a8327a7990
1 vuln. library detected: https://retire.insecurity.today/#!/scan/0e6033e5a3d65463dcb0d2d3864a92af8b746befb2864fde18d8decf749f7aa0
errors found

status: (referer=-www.potbnb.com/js/jquery.js)saved 6973 bytes 9f788f5342cb5bf6b757708af6592600217672e2
     info: [script] -www.potbnb.com/js/js/jquery.js
     info: [script] -www.potbnb.com/js/js/jquery.fittext.js
     info: [script] -www.potbnb.com/js/js/scroll-startstop.events.jquery.js
     info: [script] -www.google.com/recaptcha/api.js
     info: [script] -www.potbnb.com/odf/js/odf.js
     info: [img] -www.efty.com/market/uploads/domain/5c13cf5f7661974c394cf08df7640ec4.png
     info: [img] -www.potbnb.com/js/img/themes/mokum/tick.png
     info: [img] -www.potbnb.com/js/img/themes/north/name.png
     info: [img] -www.potbnb.com/js/img/themes/north/emailicon.png
     info: [img] -www.potbnb.com/js/img/themes/north/phone.png
     info: [img] -www.potbnb.com/js/img/themes/north/offer.png
     info: [img] -www.potbnb.com/js/img/themes/north/message.png
     info: [decodingLevel=0] found JavaScript
     error: undefined variable m
     info: [element] URL=-www.google-analytics.com/analytics.js
     info: [1] no JavaScript
     file: 9f788f5342cb5bf6b757708af6592600217672e2: 6973 bytes
     file: cc034b8ef7e51f6116d02c8aef2cc9fc89715a9a: 105 bytes
[

&

-www.potbnb.com/js/jquery.js
     status: (referer=XXX q=puppies)saved 83507 bytes 251ebab358d533b15ff2f89a68fbef9e16b92f3f
     info: [decodingLevel=0] found JavaScript
     error: undefined variable JSON
     error: undefined function o.createDocumentFragment
     error: undefined variable o
     info: [element] URL=-www.potbnb.com/js/undefined
     info: [1] no JavaScript
     file: 251ebab358d533b15ff2f89a68fbef9e16b92f3f: 83507 bytes
     file: 897a9c86f5d8b511cf6403f2385a916e12b10110: 74 bytes

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.potbnb.com

error checked:

-www.potbnb.com/odf/js/odf.js
     status: (referer=XXX/web?q=puppies)saved 21881 bytes 0fbfedf5cd2f556a5bcf0eaa342749d55cab5553
     info: [img] -www.potbnb.com/odf/js/
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     file: 0fbfedf5cd2f556a5bcf0eaa342749d55cab5553: 21881 bytes

Re: (opening up bootstrap code as well -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.potbnb.com%2Fodf%2Fjs%2Fodf.js
Sources and sinks for: Results from scanning URL: //wXw.google.com/recaptcha/api.js?ver=7.8.5&onload=ccfRecaptchaOnload&render=explicit
Number of sources found: 19
Number of sinks found: 1

polonus (volunteer website security analyst and website error-hunter)

[polonus]

Where one would expect this code to protect against phishing: -https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Re: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fmaxcdn.bootstrapcdn.com%2Ffont-awesome%2F4.5.0%2Fcss%2Ffont-awesome.min.css

related from this code going to:  hxtp://vs1.pbworks.com/shared/statics/packed-v65464171.js
Number of sources found: 193
Number of sinks found: 98

Error there for strict-transport-security: 2 errors

But the websites main PHISHING's vulnerability resides in this script: wXw.potbnb.com/odf/js/odf.js
as we can come to conclude from what has been discussed and revealed here:
https://premium.wpmudev.org/forums/topic/google-blocking-my-site-as-phishing

When trying to open up in http://odfviewer.nsspot.net/ I get an error for wXw.potbnb.com/odf/js/odf.js
-> https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.potbnb.com%2Fodf%2Fjs%2Fodf.js&ref_sel=GSP2&ua_sel=ff&fs=1
error in odf.js code

found JavaScript
     error: line:3: SyntaxError: invalid label:
          error: line:3: 1: /*
          error: line:3: ^

Read: https://stackoverflow.com/users/3426235/user3426235 (info credits go out to user:3426235 there). Re: https://stackoverflow.com/questions/23189833/view-odf-file-on-a-website

Allthough not helping much to mitigate towards the odf.js vulnerability, we have to mention these security hick-ups
because we have a non-secured connection via http:

Moreover excessive server info proliferation as "Apache/2.2.22 (Ubuntu)",

We list via 3rd party cold reconnaissance scanning via https://sonarwhal.com/scanner/13996533-c0cc-4b63-bc2f-f68c2da16590
following

ERROR
'strict-transport-security' header was not specified
hxtps://maxcdn.bootstrapcdn.com/
ERROR
'strict-transport-security' header was not specified
hxtps://maxcdn.bootstrapcdn.com/favicon.ico

'content-type' header should have media type 'text/xml' (not 'application/xml') & 'content-type' header should have 'charset=utf-8'  kick up interoperability errors.

found JavaScript

     error: undefined variable PBwiki
     error: undefined variable Class
     error: undefined function Class.create

Nice to have been able to pinpoint this case a little closer to where the PHISHING misery started.
JavaScript has complete access and that is at the root of the PHISHING trouble.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)