Read on Twitter
List of well-known web sites that port scan their visitors - @LawrenceAbrams https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
Last week we reported on eBay port scanning their visitor's computer for remote access programs. These scans are part of an anti-fraud product and are most likely used to find compromised computers making fraudulent purchases. https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
While anti-fraud measures are important for any e-commerce site, many felt that a site port scanning your computer when you visit it was too intrusive.
After reporting on it last week, we reached out to the @DomainTools domain and DNS cybersecurity intelligence firm to see if they could provide other domains that are affiliated with this same service.
They sent us a list of 370 unique host names that utilize the same fraud protection service. The spread sheet can be found here: https://docs.google.com/spreadsheets/d/1Nu4lpyZ5PQUIpiLJBddXnr67t5-1y0u40dzyzSYj1gc/edit#gid=0
While we did not check all of the domains on the list, we did find the port scanning script running on Citibank, TD Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect, TIAA-CREF, Sky, GumTree, and WePay.
Some scan you from the site's main page, some on the login page, and one scanned from the checkout page.
Based on the list of host names, many other sites may use this service including Netflix, Target, Walmart, ESPN, Lloyd Bank, HSN, Telecharge, Ticketmaster, TripAdvisor, PaySafeCard, and possibly even Microsoft. We could not get the port scanning to trigger on these sites.
