When you visit eBay.com, it scans for open ports on your device to see what software you use

Sometimes browsing legitimate sites can also put users at risk. According to cybersecurity specialists, when visiting the official site of the e-commerce platform eBay (ebay.com), a script is executed that performs a local port scan on the user’s device in order to detect support and applications for remote access.

Many of the ports on computers are related to remote access and support tools, such as Ammy Admin, Windows Remote Desktop,TeamViewer, VNC, among others. After conducting a series of tests on the compromised site, specialists determined that ebay.com performs a scan of 14 different local ports on users’ computers.

SOURCE: BleepingComputer

Apparently, this scan task is performed using a check.js script present in eBay.com; this script attempts to connect to the following ports:

SOURCE: BleepingComputer

The fourteen different ports being scanned and their associated programs and eBay reference chain are listed below.

SOURCE: BleepingComputer

BleepingComputer specialists point out that it has not been possible to identify the target program at port 63333. However, it has been confirmed that the script performs the scan activity using WebSockets to connect to 127.0.0.0, which represents the local computer on the specified port.

SOURCE: BleepingComputer

Researchers who initially reported port scanning ensure that this activity does not occur when browsing the eBay site from a Linux system, on the other hand, when using Windows systems the scan occurs as reported. This could also be inferred by analyzing the searched tools, which are part of the Windows Remote Access Suite.

In this regard, eBay published a statement of a few lines: “Privacy and our customers’ data remain a priority. We are committed to creating an experience on our sites and services that is secure and reliable.”

DarkNetDiaries researcher Jack Rhysider mentions that this task is performed for marketing purposes, digital trail registration and even as a method of protecting against electronic fraud. Because port scanning only looks for Windows remote access programs, it will most likely be done to check for compromised computers that are used to make fraudulent purchases on eBay, the expert adds.

A few years ago, the cybersecurity community reported hundreds of cases in which the computers of some TeamViewer users were compromised through this tool for the purpose of making fraudulent purchases on eBay; many of the users of the trading platform use cookies to access their sessions automatically, so hackers were able to remotely control their accounts.