Fix Browser Security Warnings on Regional Payment Portal

Our regional payment subdomain is being flagged by Google Safe Browsing and other security filters as a "potential phishing threat," preventing members from processing payments. We need a technically competent freelancer to diagnose the root cause, implement a secure subdomain solution under our primary corporate domain, and restore trust. Background Primary domain: [Corporate domain managed by headquarters] Payment subdomain: [Regional payment portal — currently flagged] Current impact: Members are discouraged by browsers to proceed, even blocked; payment abandonment is high, credibility is being lost Scope of Work Phase 1: Root Cause Diagnosis (REQUIRED FIRST) Before any fixes, you must: [ ] Scan the payment subdomain for malware, suspicious scripts, or compromise indicators [ ] Check Google Safe Browsing status via transparencyreport.google.com [ ] Review server logs for unauthorized access or injection attempts [ ] Identify why the domain was flagged (compromise vs. false positive vs. shared IP reputation) [ ] Provide a written report with findings and recommended fix path If the site is compromised: Clean it first. If you cannot clean it, report this immediately. Phase 2: Server-Side Preparation (MUST COMPLETE BEFORE DNS CHANGES) [ ] Obtain an SSL/TLS certificate with the new subdomain as a Subject Alternative Name (SAN) [ ] Configure the web server (Apache/Nginx) to serve this certificate when the new subdomain is requested (SNI) [ ] Update application configuration to recognize and handle the new hostname [ ] Implement HTTP → HTTPS redirects [ ] Configure HSTS headers for the payment subdomain [ ] Test the entire configuration using local hosts file overrides before any DNS changes Phase 3: DNS Cutover & Verification [ ] Coordinate with our team to request CNAME record from corporate IT [ ] Monitor DNS propagation (use dig, nslookup, or online tools) [ ] Verify SSL handshake succeeds with no hostname mismatch errors [ ] Test end-to-end payment flow on the new subdomain [ ] Confirm no mixed-content warnings or certificate errors Phase 4: Google Safe Browsing Recovery [ ] Verify ownership of the new subdomain in Google Search Console [ ] Submit Security Issues review request with documentation of fixes [ ] Monitor status and communicate timeline expectations (typically 3 days to 3 weeks) [ ] If the new subdomain is flagged, diagnose and resolve immediately Phase 5: Documentation & Handover [ ] Provide technical documentation of all changes made [ ] Document rollback procedures [ ] Provide a summary report suitable for non-technical stakeholders Technical Requirements Table Requirement Details SSL Certificate Must include new subdomain as SAN; wildcard or single-domain certs are insufficient Server Config Must support SNI; virtual host must respond correctly to new hostname Security Headers HSTS, X-Frame-Options, X-Content-Type-Options required Redirects All HTTP traffic must 301/302 to HTTPS Compatibility Must not break existing payment processor integrations PCI DSS Changes must not violate payment card industry compliance Deliverables Root Cause Analysis Report (Phase 1) Server Configuration Documentation (Phase 2) DNS Cutover Verification (Phase 3) Google Safe Browsing Status Update (Phase 4) Final Handover Document (Phase 5) Skills Required Linux server administration (Apache/Nginx) SSL/TLS certificate management (Let's Encrypt, commercial CAs) DNS configuration and troubleshooting Google Search Console and Safe Browsing protocols Web security best practices (HSTS, SNI, mixed content) Payment gateway integration experience (preferred) Budget & Timeline Budget: $50–$80USD (fixed price, not hourly) Timeline: 5–10 business days Milestone 1: Root cause report (Day 2) — 20% payment Milestone 2: Server prep complete and tested (Day 4) — 30% payment Milestone 3: DNS cutover successful (Day 6) — 30% payment Milestone 4: Google review submitted + handover (Day 10) — 20% payment Important Notes Do NOT add the CNAME before server prep is complete. This will break the site. We will handle communication with corporate IT for DNS changes; you provide the technical specifications. If the root cause is a server compromise, cleaning it is part of this project. The old payment subdomain must remain functional during transition. All server credentials and client data must be treated as strictly confidential. How to Apply Please include: Your experience with similar security warning resolutions Confirmation you understand the server-first, DNS-second sequence Examples of SSL/SAN configurations you've implemented Your approach to root cause diagnosis Availability to start within 48 hours Questions? Ask before bidding. We value technical accuracy over speed.