TD Ameritrade

[letron_2000]

Hi - I am connecting to TD Ameritrade, but I get a warning that this is "HAS BEEN MARKED AS A PHISHING SITE".

This is the first time I have experienced this on TDAMERITRADE.COM and it is suprising since it is a common stock market website.

Does anyone, including AVAST, know anything about this situation.

I get this warning in BOTH the Avast Secure Browser in BANKING mode, and the MS EDGE browser also reports that the website is "insecure".

[polonus]

TLS Recommendations
HTTPS version of this website is not accessible: Timeout reached. Please consider setting up HTTPS to avoid the "Not Secure" browser warning. -> https://sitecheck.sucuri.net/results/TDAmitrade.com

1 communicating file -> https://www.virustotal.com/gui/domain/TDAMERITRADE.COM/relations
See the detections on the communicating files given here:
https://www.virustotal.com/gui/ip-address/198.200.171.204/relations
Server: https://www.shodan.io/host/199.59.242.152   server running on openresty
Access Restriction Bypass Vulnerability on validation beyond the hundreth parameter 

pol

[letron_2000]

Thanks for the pointer. But

the website I am interested in is spelled differently. It is tdameritrade.com

I used the SiteCheck for this and got https://sitecheck.sucuri.net/results/tdameritrade.com

or see the attachment. SiteChck has detected a problem with tdameritrade.com it looks like, right?

[polonus]

On itself a weak point in website security, as I was trapped by it.
Here the real McCoy: https://www.virustotal.com/gui/domain/tdameritrade.com/details
and the various detections on the communicating files launched from that domain:
https://www.virustotal.com/gui/domain/tdameritrade.com/relations

"What's in a name?". The other site was from Columbia, alas.

polonus

[letron_2000]

Hmm - well I was just looking at some additional details on this security warning for tdameritrade.com . It says

Malicious Redirect Found

http://tdameritrade.com/ (More Details)
   
Redirect to a blacklisted domain https://www.tdameritrade.com/home.page

This page redirects to https://www.tdameritrade.com/home.page that is blacklisted by PhishTank, see https://www.phishtank.com/phish_detail.php?phish_id=6205058

HTTP redirect <301 MOVED PERMANENTLY>

So tdameritrade.com redirects to tdameritrade.com/home.page . So this is in the same domain, but PhishTank has blacklisted it?

I have often been redirected to tdameritrade.com/home.page without any warning being issued, so this warning is something new just starting today.

Avast and others - any ideas about this?

[letron_2000]

Thanks for this additional information. Unfortunately I am not a security expert, so can't really follow much of these details at all.

So I have copied all of these and sent it directly to customer support so they can solve it and give their options on what to do.

--thx!

[polonus]

The immediate risks they are running, threat model:
https://webscan.upguard.com/#/https://www.tdameritrade.com/home.page
MiM attacks ->
Insecure SSL/TLS versions available
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Domain at risk of being hijacked:
Domain registry deletion protection not enabled
Domain registry transfer protection not enabled
Domain registry update protection not enabled

Lenient SPF filtering, so e-mails could be fraudulently sent

DNS is susceptible to man-in-the-middle attacks
DNSSEC not enabled.  (info source credits go to Upguard's)

polonus

[letron_2000]

Thanks - VERY helpful link!   --jw