See logs
22:12:21 script http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2F{inline_script}for → hxtp://www.dubairu.com/routes/ajax_actions/landing_themes/add_udrp_inquiry_cap.ajaxa.php
22:12:21 cookie http://www.domxssscanner.com/{localStorage}
22:12:20 xhr http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2Fodf%2Fjs%2Fodf.js
22:12:20 xhr http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.google.com%2Frecaptcha%2Fapi.js
22:12:20 xhr http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2Fjs%2Fscroll-startstop.events.jquery.js
22:12:20 xhr http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2Fjs%2Fjquery.fittext.js
22:12:20 xhr http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2Fjs%2Fjquery.js
22:12:20 – script http://www.google-analytics.com/analytics.js
22:12:19 css https://fonts.googleapis.com/css?family=Cabin
22:12:19 script http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
22:12:19 css http://fonts.googleapis.com/css?family=Cabin
22:12:19 css http://www.domxssscanner.com/static/css/lib/960.css
22:12:19 css http://www.domxssscanner.com/static/css/style.css
22:12:17 doc http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2F
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2F
22:11:51 script http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2Froutes%2Fajax_actions%2Flanding_themes%2Fadd_udrp_inquiry_cap.ajaxa.php+{inline_script}
22:11:51 cookie http://www.domxssscanner.com/{localStorage}
22:11:49 – script http://www.google-analytics.com/analytics.js
22:11:48 css https://fonts.googleapis.com/css?family=Cabin
22:11:48 script http://www.domxssscanner.com/static/js/dxsform.js
22:11:48 script http://www.domxssscanner.com/static/js/script.js
22:11:48 script http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
22:11:48 script http://www.domxssscanner.com/static/js/lib/modernizr-2.0.6.min.js
22:11:48 css http://fonts.googleapis.com/css?family=Cabin
22:11:48 css http://www.domxssscanner.com/static/css/lib/960.css
22:11:48 css http://www.domxssscanner.com/static/css/style.css
22:11:45 doc http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2Froutes%2Fajax_actions%2Flanding_themes%2Fadd_udrp_inquiry_cap.ajaxa.php+
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubairu.com%2Froutes%2Fajax_actions%2Flanding_themes%2Fadd_udrp_inquiry_cap.ajaxa.php+
via at-> https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.dubairu.com%2Froutes%2Fajax_actions%2Flanding_themes%2Fadd_udrp_inquiry_cap.ajaxa.php&ref_sel=GSP2&ua_sel=ff&fs=1 - re: https://urlquery.net/report/0fe2a898-6af1-4d82-b0a3-28821a237e7c
303 Found and 404 Not Found - had malware…Apache/2.2.22 (Ubuntu)
found link file → “add_udrp_inquiry_cap.ajaxa.php” 409 text/html PHPSESSID=tdljphjurmslkm1n6e1bn07cm2; path=/
open to bruteforcing? domain arbitration going on?
polonus (volunteer website security analyst and website error-hunter)