When users visit eBay's website from a Windows PC, the site runs a script that performs a local port scan of the device to detect if any remote support or remote access applications are running.
As reported by BleepingComputer, many of the ports scanned by the online auction site are used for remote access and remote support tools including Windows Remote Desktop, VNC, TeamViewer and more. Upon further testing, the news outlet discovered that eBay is performing a local port scan of 14 different point when users visit its site.
The scan is conducted by a check.js script on the website that attempts WebSocket connections to a number of ports such as 3389 (Microsoft remote desktop, 5931 (Ammy Admin remote desktop), 6333 (VNC remote connection 7070 (real Audio and Apple QuickTime streaming) and more.
- eBay waives fees for new business sellers
- Google Pay users could be left out of pocket by PayPal fraud bug
- 30 million payment cards listed on fraud marketplace
Oddly enough, the port scans do not occur when a user running Linux visits eBay's website, though the programs being scanned for are all Windows remote access tools.
As it turns out, eBay is conducting port scans of Windows PCs in order to detect if a compromised computer is being used to make fraudulent purchases on the site.
In a blog post, Dan Nemec explained how he discovered that the script being used for fraud detection is actually from a product called ThreatMetrix which is owned by LexisNexis. While the programs eBay scans for when users visit its site are all legitimate, some of them have previously been used as RATs in phishing campaigns.
Fighting fraud is very important for eBay but at the same time, port scanning is still intrusive for its users. TechRadar Pro reached out to the company for a statement regarding the matter but we did not hear back at the time of writing.
- Also check out our complete list of the best VPN services
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.