When you visit eBay.com, a script is launched that scans the local ports on the user's computer for remote access applications. According to the specialists of the publication Bleeping Computer, the eBay site does carry out a hidden scan using the check.js script, which is launched every time you visit the resource.
The check.js script, using a WebSocket to connect to 127.0.0.1 on a given port, scans 14 ports on the PC. Many of these ports are associated with remote access tools such as Windows Remote Desktop, VNC, TeamViewer, Ammy Admin and others.
According to Nullsweep, who first reported port scanning, the script does not fire when browsing the site from a Linux PC and only affects Windows users.
According to Jack Rhysider, creator of the research podcast Darknet Diaries, port scanning is done to deliver advertisements, track browser digital fingerprints, or protect against fraud. Since the scan takes place in the browser, the user's firewalls cannot prevent this process.
eBay also encrypts the scan results and transmits them to their servers in a GET request to png. A user under the pseudonym Nemec published a script to decrypt the data on gist.github.com.
Representatives of eBay declined to comment on this situation, but said that "the confidentiality and preservation of customer data remain their top priority, so they are striving to create a convenient and reliable system on their website for this."
