The eBay website port scans the computers of people who visit the online classifieds and auctioning service from a Windows PC, according to several reports.
Bleeping Computer reported that the port scan appears to be trying to detect whether the visitor is running remote access or remote support tools.
check.js is scanning for open ports associated with the following applications: VNC, Remote Desktop Protocol, Aeroadmin, Ammyy Admin, TeamViewer, Anyplace Control, and AnyDesk.
These tools allow a computer to be remotely controlled over the Internet. While such tools are not exclusive to Windows, the eBay site only appears to perform the port scan on devices that it identifies as Windows PCs.
MyBroadband was able to replicate the results of Bleeping Computer’s testing and found that the eBay site uses the WebSocket API to scan for open ports.
A screenshot of Firefox’s development tools showing the port scanning in progress is included below.
Bleeping Computer echoed speculation from other commentators that eBay is most likely port scanning to detect potentially compromised computers which are being used to make fraudulent purchases on the platform.
“Our customers’ privacy and data remains a top priority. We are committed to creating an experience on our sites and services that is safe, secure, and trustworthy,” eBay told MyBroadband when asked for comment on this story.
No port scanning on major South African websites
MyBroadband also visited several major local online classifieds and ecommerce websites to test whether they port scan their users.
Gumtree, which was acquired by eBay in 2005, did not port scan our Windows PC when tested. Neither did Bidorbuy, Junk Mail, Takealot, Wantitall, Raru, Loot, Wootware, or Price Check.
None of the website of South Africa’s major banks did it either, nor did the websites of major telecommunications companies.
A full list of the websites we tested is included below:
No port scan