TD Ameritrade

Hi - I am connecting to TD Ameritrade, but I get a warning that this is “HAS BEEN MARKED AS A PHISHING SITE”.

This is the first time I have experienced this on TDAMERITRADE.COM and it is suprising since it is a common stock market website.

Does anyone, including AVAST, know anything about this situation.

I get this warning in BOTH the Avast Secure Browser in BANKING mode, and the MS EDGE browser also reports that the website is “insecure”.

TLS Recommendations
HTTPS version of this website is not accessible: Timeout reached. Please consider setting up HTTPS to avoid the “Not Secure” browser warning. → https://sitecheck.sucuri.net/results/TDAmitrade.com

1 communicating file → https://www.virustotal.com/gui/domain/TDAMERITRADE.COM/relations
See the detections on the communicating files given here:
https://www.virustotal.com/gui/ip-address/198.200.171.204/relations
Server: https://www.shodan.io/host/199.59.242.152 server running on openresty
Access Restriction Bypass Vulnerability on validation beyond the hundreth parameter :o

pol

Thanks for the pointer. But

the website I am interested in is spelled differently. It is tdameritrade.com

I used the SiteCheck for this and got https://sitecheck.sucuri.net/results/tdameritrade.com

or see the attachment. SiteChck has detected a problem with tdameritrade.com it looks like, right?

On itself a weak point in website security, as I was trapped by it.
Here the real McCoy: https://www.virustotal.com/gui/domain/tdameritrade.com/details
and the various detections on the communicating files launched from that domain:
https://www.virustotal.com/gui/domain/tdameritrade.com/relations

“What’s in a name?”. The other site was from Columbia, alas.

polonus

Hmm - well I was just looking at some additional details on this security warning for tdameritrade.com . It says

Malicious Redirect Found

http://tdameritrade.com/ (More Details)

Redirect to a blacklisted domain https://www.tdameritrade.com/home.page

This page redirects to https://www.tdameritrade.com/home.page that is blacklisted by PhishTank, see https://www.phishtank.com/phish_detail.php?phish_id=6205058

HTTP redirect <301 MOVED PERMANENTLY>

So tdameritrade.com redirects to tdameritrade.com/home.page . So this is in the same domain, but PhishTank has blacklisted it?

I have often been redirected to tdameritrade.com/home.page without any warning being issued, so this warning is something new just starting today.

Avast and others - any ideas about this?

Thanks for this additional information. Unfortunately I am not a security expert, so can’t really follow much of these details at all.

So I have copied all of these and sent it directly to customer support so they can solve it and give their options on what to do.

–thx!

The immediate risks they are running, threat model:
https://webscan.upguard.com/#/https://www.tdameritrade.com/home.page
MiM attacks →
Insecure SSL/TLS versions available
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Domain at risk of being hijacked:
Domain registry deletion protection not enabled
Domain registry transfer protection not enabled
Domain registry update protection not enabled

Lenient SPF filtering, so e-mails could be fraudulently sent

DNS is susceptible to man-in-the-middle attacks
DNSSEC not enabled. (info source credits go to Upguard’s)

polonus

Thanks - VERY helpful link! --jw