[German]It seems that eBay performs a port scan on the clients of its visitors as soon as they access the website ebay.com in their browser. Here are a few information I collected so far.
Advertising
The topic has been popping up on Twitter by various people for several hours now. Here is a tweet from a user.
Yep. eBay "scans" your computer using browser websockets after you login, looking for specific ports.
I see ports typically used by RDP, VNC, remote access/control. 14 were probed.They'll probably say it's for *my* safety.
Not cool, eBay. Not cool. pic.twitter.com/BJQlxmkqbS— B:\a.zza (@mcbazza) May 24, 2020
Further details will be disclosed in follow-up tweets. Jack Rhysider has also noticed this in the Edge Browser, as he explains in the following tweet.
If this had conducted a full port scan on my internal network and reported the results to eBay, is that illegal? This is not portscanning the internet, it's port scanning my computer, which is behind a firewall in my home. Is that illegal? Probably not but it's at the line.
2/5— Jack Rhysider (@JackRhysider) May 24, 2020
Although he uses a firewall, a PortScan is performed locally in the browser and the result is sent to eBay. Rhysider continues to discuss the case, that he doesn't find funny, on Twitter. Nobody really has a real explanation for this till yet.
Advertising
eBay port scans visitors' computers for remote support tools – @LawrenceAbramshttps://t.co/Lo5q5Vr6Rc
— BleepingComputer (@BleepinComputer) May 24, 2020
Bleeping Computer covered that topic up and published it in the article linked in the above tweet.
All of these ports are related to remote support/remote access applications that allow you to take over a computer. There was only one port, 63333, that we could not identify. pic.twitter.com/3pRMirgn5P
— BleepingComputer (@BleepinComputer) May 24, 2020
Lawrence Abrams suspects that compromised computers are to be detected by this scan. Details can be found in the linked Bleeping Computer article.
