eBay port scans visitors’ computers for remote access programs
When visiting the eBay.com site, a script will run that performs a localport scan of your computer todetect remote support and remote management applications. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site.
This scan is being conducted by a check.js script [archived] on eBay.com that attempts to connect to the following ports: The fourteen different ports that are scanned and their associated programs and eBay reference string is listed below. BleepingComputer has not been able to identify the targeted program on port 63333. If you recognize it, please let us know.
The script performs these scans using WebSockets to connect to 127.0.0.1, which is the local computer, on the specified port. According to Nullsweep, who first reported on the port scans, they do not occur when browsing the site with Linux.