See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=lakhoos.com%2Fheader.js&ref_sel=GSP2&ua_sel=ff&fs=1
Re: header.js flagged as malware: http://urlquery.net/report/f0eb030b-9030-4b21-8881-0eb75dab61df
Asafaweb scan with warnings and Custom:errors Fail: https://asafaweb.com/Scan?Url=lakhoos.com
Phish domain via wXw.saulchristie.com/:8880/javascript/promo-flags.js.php → https://talk.plesk.com/threads/plesk-server-administrators-page.72026/
This might have been there before on IP: http://www.malwareurl.com/ns_listing.php?ns=ns3.tlipldxb.com
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Flakhoos.com%2Fheader.js

polonus (volunteer website security analyst and website error-hunter)