Public reasons behind this behaviour according to some oligarchs:
Fingerprinting to uniquely identify your machine for future reference.
Attempting to determine whether your machine is part of a botnet since botnets often use VNC services over various standard ports to control their bots.
A German computer magazine (Heise) wrote about this observation and asked eBay for a statement.
eBay’s answer was:
There is some widely spread software that is either Malware or legit software which can be misused to steal the eBay password. This software is listening on certain TCP ports.
By trying to establish a connection to these TCP ports, the JavaScript of the eBay website tries to find out if such software is currently running.
Now the question is, is it justifiable?
Partially fingerprinting sure but to this extent No, it’s data hoarding most likely to be sold to the highest better after all those come with vulnerable servers & infected users or some personal endeavours (Which kind? Not an answer that I’m longing for it really).
Nevertheless, you will have a lot of malicious actors that will gladly take advantage of this opportunity.
“Action” How am I supposed to interpret that?
Public reasons behind this behaviour according to some oligarchs:
A German computer magazine (Heise) wrote about this observation and asked eBay for a statement.
eBay’s answer was:
Now the question is, is it justifiable?
Partially fingerprinting sure but to this extent No, it’s data hoarding most likely to be sold to the highest better after all those come with vulnerable servers & infected users or some personal endeavours (Which kind? Not an answer that I’m longing for it really).
Nevertheless, you will have a lot of malicious actors that will gladly take advantage of this opportunity.
Sources:
https://security.stackexchange.com/questions/232345/ebay-web-site-tries-to-connect-to-wss-localhostxxxxx-is-this-legit-or-they/232347#232347