Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=etrade-promotion.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://etrade-promotion.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://etrade-promotion.com/ | HTTP/1.1 200 OK Date: Fri, 22 Aug 2014 21:03:38 GMT Accept-Ranges: bytes ETag: "39318b68dacf1:0" Server: Microsoft-IIS/8.0 Content-Length: 2817 Content-Type: text/html Last-Modified: Mon, 06 Jan 2014 03:16:37 GMT X-Powered-By: ASP.NET | clean |
http://www.etrade-promotion.com/2014q1hk/en/ | HTTP/1.1 200 OK Date: Fri, 22 Aug 2014 21:03:40 GMT Accept-Ranges: bytes ETag: "f2bf86e2f77ecf1:0" Server: Microsoft-IIS/8.0 Content-Length: 1344 Content-Type: text/html Last-Modified: Tue, 03 Jun 2014 06:48:53 GMT X-Powered-By: ASP.NET | clean |
http://www.etrade.com.hk/ | HTTP/1.1 301 Moved Permanently Connection: Keep-Alive Date: Fri, 22 Aug 2014 21:04:21 GMT Location: https://global.etrade.com:443/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=as Server: Apache Content-Length: 314 Content-Type: text/html; charset=iso-8859-1 Keep-Alive: timeout=60, max=400 | clean |
https://global.etrade.com:443/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=as | HTTP/1.1 302 Found Connection: close Date: Fri, 22 Aug 2014 21:04:23 GMT Location: https://global.etrade.com/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=hk Server: Apache Content-Length: 286 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
https://global.etrade.com/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=hk | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 22 Aug 2014 21:04:24 GMT Location: https://global.etrade.com/hk/en/home Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: WRC_ID=78.158.11.226-1408741464045; Domain=.etrade.com; Expires=Sat, 13-Apr-2069 18:08:48 GMT; Path=/; Secure Set-Cookie: JSESSIONID=3D5C58B4F39800C4783D63523A77B6CA; Path=/e; Secure | clean |
https://global.etrade.com/hk/en/home | HTTP/1.1 302 Found Connection: close Date: Fri, 22 Aug 2014 21:04:25 GMT Location: https://global.etrade.com/glp/hk/en/home Server: Apache Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 | clean |
http://global.etrade.com/test404page.js | HTTP/1.1 302 Object Moved Cache-Control: private Connection: close Location: https://global.etrade.com/ Content-Type: text/html | clean |
https://global.etrade.com/ | HTTP/1.1 302 Found Connection: close Date: Fri, 22 Aug 2014 21:04:26 GMT Location: https://global.etrade.com/e/t/intl/page Server: Apache Content-Length: 223 Content-Type: text/html; charset=iso-8859-1 | clean |
https://global.etrade.com/e/t/intl/page | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 22 Aug 2014 21:04:27 GMT Location: https://global.etrade.com/gl/home Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: WRC_ID=78.158.11.226-1408741467443; Domain=.etrade.com; Expires=Sat, 13-Apr-2069 18:08:54 GMT; Path=/; Secure Set-Cookie: JSESSIONID=D8D9254268812FBEE2BE4C962781572E; Path=/e; Secure | clean |
https://global.etrade.com/gl/home | HTTP/1.1 302 Found Connection: close Date: Fri, 22 Aug 2014 21:04:28 GMT Location: https://global.etrade.com/glp/home Server: Apache Content-Length: 218 Content-Type: text/html; charset=iso-8859-1 | clean |
https://global.etrade.com/glp/home | 200 OK Content-Length: 61474 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=865138;type=flood884;cat=etfcf909;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
https://cdn.etrade.net/1/14071415050.0/glp/widgets/js/jquery/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14071415050.0/glp/widgets/js/jquery/plugins/toolbox.flashembed.js | 200 OK Content-Length: 6873 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/watch.min.js | 200 OK Content-Length: 945 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/cyotaLoginDevicePrint.min.js | 200 OK Content-Length: 7389 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/hoverIntent.js | 200 OK Content-Length: 1464 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/jquery.placehold.js | 200 OK Content-Length: 2823 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14071415050.0/glp/widgets/js/jquery/jquery-ui.min.js | 200 OK Content-Length: 202412 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/autocomplete.js | 200 OK Content-Length: 4951 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/smartlookup.js | 200 OK Content-Length: 5441 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/global_prospect.js | 200 OK Content-Length: 63234 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/omntr/mbox.js | 200 OK Content-Length: 23962 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/oo_engine.js | 200 OK Content-Length: 1156 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500420.0/glp/js/GLP-prospect/SWF_src.js | 200 OK Content-Length: 6881 Content-Type: text/javascript | clean |
https://cdn.etrade.net/1/14080500420.0/glp/js/GLP-prospect/touchSwipe.js | 200 OK Content-Length: 20799 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: etrade-promotion.com
Result:
HTTP/1.1 200 OK
Date: Fri, 22 Aug 2014 21:03:38 GMT
Accept-Ranges: bytes
ETag: "39318b68dacf1:0"
Server: Microsoft-IIS/8.0
Content-Length: 2817
Content-Type: text/html
Last-Modified: Mon, 06 Jan 2014 03:16:37 GMT
X-Powered-By: ASP.NET
...2817 bytes of data.
GET / HTTP/1.1
Host: etrade-promotion.com
Result:
HTTP/1.1 200 OK
Date: Fri, 22 Aug 2014 21:03:38 GMT
Accept-Ranges: bytes
ETag: "39318b68dacf1:0"
Server: Microsoft-IIS/8.0
Content-Length: 2817
Content-Type: text/html
Last-Modified: Mon, 06 Jan 2014 03:16:37 GMT
X-Powered-By: ASP.NET
...2817 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: etrade-promotion.com
Referer: http://www.google.com/search?q=etrade-promotion.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: etrade-promotion.com
Referer: http://www.google.com/search?q=etrade-promotion.com
Result:
The result is similar to the first query. There are no suspicious redirects found.