Hi - I am connecting to TD Ameritrade, but I get a warning that this is “HAS BEEN MARKED AS A PHISHING SITE”.
This is the first time I have experienced this on TDAMERITRADE.COM and it is suprising since it is a common stock market website.
Does anyone, including AVAST, know anything about this situation.
I get this warning in BOTH the Avast Secure Browser in BANKING mode, and the MS EDGE browser also reports that the website is “insecure”.
TLS Recommendations
HTTPS version of this website is not accessible: Timeout reached. Please consider setting up HTTPS to avoid the “Not Secure” browser warning. → https://sitecheck.sucuri.net/results/TDAmitrade.com
1 communicating file → https://www.virustotal.com/gui/domain/TDAMERITRADE.COM/relations
See the detections on the communicating files given here:
https://www.virustotal.com/gui/ip-address/198.200.171.204/relations
Server: https://www.shodan.io/host/199.59.242.152 server running on openresty
Access Restriction Bypass Vulnerability on validation beyond the hundreth parameter :o
pol
Thanks for the pointer. But
the website I am interested in is spelled differently. It is tdameritrade.com
I used the SiteCheck for this and got https://sitecheck.sucuri.net/results/tdameritrade.com
or see the attachment. SiteChck has detected a problem with tdameritrade.com it looks like, right?
On itself a weak point in website security, as I was trapped by it.
Here the real McCoy: https://www.virustotal.com/gui/domain/tdameritrade.com/details
and the various detections on the communicating files launched from that domain:
https://www.virustotal.com/gui/domain/tdameritrade.com/relations
“What’s in a name?”. The other site was from Columbia, alas.
polonus
Hmm - well I was just looking at some additional details on this security warning for tdameritrade.com . It says
Malicious Redirect Found
http://tdameritrade.com/ (More Details)
Redirect to a blacklisted domain https://www.tdameritrade.com/home.page
This page redirects to https://www.tdameritrade.com/home.page that is blacklisted by PhishTank, see https://www.phishtank.com/phish_detail.php?phish_id=6205058
HTTP redirect <301 MOVED PERMANENTLY>
So tdameritrade.com redirects to tdameritrade.com/home.page . So this is in the same domain, but PhishTank has blacklisted it?
I have often been redirected to tdameritrade.com/home.page without any warning being issued, so this warning is something new just starting today.
Avast and others - any ideas about this?
Thanks for this additional information. Unfortunately I am not a security expert, so can’t really follow much of these details at all.
So I have copied all of these and sent it directly to customer support so they can solve it and give their options on what to do.
–thx!
polonus
October 14, 2019, 11:28am
7
The immediate risks they are running, threat model:
https://webscan.upguard.com/#/https://www.tdameritrade.com/home.page
MiM attacks →
Insecure SSL/TLS versions available
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Domain at risk of being hijacked:
Domain registry deletion protection not enabled
Domain registry transfer protection not enabled
Domain registry update protection not enabled
Lenient SPF filtering, so e-mails could be fraudulently sent
DNS is susceptible to man-in-the-middle attacks
DNSSEC not enabled. (info source credits go to Upguard’s)
polonus
Thanks - VERY helpful link! --jw