New scan:

Malware Scanner report for etrade-promotion.com

Malicious/Suspicious/Total urls checked
1/0/25
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "etrade-promotion.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=etrade-promotion.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://etrade-promotion.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://etrade-promotion.com/
HTTP/1.1 200 OK
Date: Fri, 22 Aug 2014 21:03:38 GMT
Accept-Ranges: bytes
ETag: "39318b68dacf1:0"
Server: Microsoft-IIS/8.0
Content-Length: 2817
Content-Type: text/html
Last-Modified: Mon, 06 Jan 2014 03:16:37 GMT
X-Powered-By: ASP.NET
clean
http://www.etrade-promotion.com/2014q1hk/en/
HTTP/1.1 200 OK
Date: Fri, 22 Aug 2014 21:03:40 GMT
Accept-Ranges: bytes
ETag: "f2bf86e2f77ecf1:0"
Server: Microsoft-IIS/8.0
Content-Length: 1344
Content-Type: text/html
Last-Modified: Tue, 03 Jun 2014 06:48:53 GMT
X-Powered-By: ASP.NET
clean
http://www.etrade.com.hk/
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Date: Fri, 22 Aug 2014 21:04:21 GMT
Location: https://global.etrade.com:443/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=as
Server: Apache
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1
Keep-Alive: timeout=60, max=400
clean
https://global.etrade.com:443/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=as
HTTP/1.1 302 Found
Connection: close
Date: Fri, 22 Aug 2014 21:04:23 GMT
Location: https://global.etrade.com/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=hk
Server: Apache
Content-Length: 286
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
clean
https://global.etrade.com/e/t/intl/page?nav=1&subnav=1&screen=1&language=en&country=hk
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 22 Aug 2014 21:04:24 GMT
Location: https://global.etrade.com/hk/en/home
Server: Apache
Content-Length: 0
Content-Type: text/html
Set-Cookie: WRC_ID=78.158.11.226-1408741464045; Domain=.etrade.com; Expires=Sat, 13-Apr-2069 18:08:48 GMT; Path=/; Secure
Set-Cookie: JSESSIONID=3D5C58B4F39800C4783D63523A77B6CA; Path=/e; Secure
clean
https://global.etrade.com/hk/en/home
HTTP/1.1 302 Found
Connection: close
Date: Fri, 22 Aug 2014 21:04:25 GMT
Location: https://global.etrade.com/glp/hk/en/home
Server: Apache
Content-Length: 224
Content-Type: text/html; charset=iso-8859-1
clean
http://global.etrade.com/test404page.js
HTTP/1.1 302 Object Moved
Cache-Control: private
Connection: close
Location: https://global.etrade.com/
Content-Type: text/html
clean
https://global.etrade.com/
HTTP/1.1 302 Found
Connection: close
Date: Fri, 22 Aug 2014 21:04:26 GMT
Location: https://global.etrade.com/e/t/intl/page
Server: Apache
Content-Length: 223
Content-Type: text/html; charset=iso-8859-1
clean
https://global.etrade.com/e/t/intl/page
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 22 Aug 2014 21:04:27 GMT
Location: https://global.etrade.com/gl/home
Server: Apache
Content-Length: 0
Content-Type: text/html
Set-Cookie: WRC_ID=78.158.11.226-1408741467443; Domain=.etrade.com; Expires=Sat, 13-Apr-2069 18:08:54 GMT; Path=/; Secure
Set-Cookie: JSESSIONID=D8D9254268812FBEE2BE4C962781572E; Path=/e; Secure
clean
https://global.etrade.com/gl/home
HTTP/1.1 302 Found
Connection: close
Date: Fri, 22 Aug 2014 21:04:28 GMT
Location: https://global.etrade.com/glp/home
Server: Apache
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
clean
https://global.etrade.com/glp/home
200 OK
Content-Length: 61474
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="https://fls.doubleclick.net/activityi;src=865138;type=flood884;cat=etfcf909;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

https://cdn.etrade.net/1/14071415050.0/glp/widgets/js/jquery/jquery.min.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14071415050.0/glp/widgets/js/jquery/plugins/toolbox.flashembed.js
200 OK
Content-Length: 6873
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/watch.min.js
200 OK
Content-Length: 945
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/cyotaLoginDevicePrint.min.js
200 OK
Content-Length: 7389
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/hoverIntent.js
200 OK
Content-Length: 1464
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/jquery.placehold.js
200 OK
Content-Length: 2823
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14071415050.0/glp/widgets/js/jquery/jquery-ui.min.js
200 OK
Content-Length: 202412
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/autocomplete.js
200 OK
Content-Length: 4951
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/smartlookup.js
200 OK
Content-Length: 5441
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/global_prospect.js
200 OK
Content-Length: 63234
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/omntr/mbox.js
200 OK
Content-Length: 23962
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500120.0/glp/skins/GLP-prospect/js/oo_engine.js
200 OK
Content-Length: 1156
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500420.0/glp/js/GLP-prospect/SWF_src.js
200 OK
Content-Length: 6881
Content-Type: text/javascript
clean
https://cdn.etrade.net/1/14080500420.0/glp/js/GLP-prospect/touchSwipe.js
200 OK
Content-Length: 20799
Content-Type: text/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: etrade-promotion.com

Result:
HTTP/1.1 200 OK
Date: Fri, 22 Aug 2014 21:03:38 GMT
Accept-Ranges: bytes
ETag: "39318b68dacf1:0"
Server: Microsoft-IIS/8.0
Content-Length: 2817
Content-Type: text/html
Last-Modified: Mon, 06 Jan 2014 03:16:37 GMT
X-Powered-By: ASP.NET

...2817 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: etrade-promotion.com
Referer: http://www.google.com/search?q=etrade-promotion.com

Result:
The result is similar to the first query. There are no suspicious redirects found.