Preface: Host discovery function embedded detection and vulnerability scan service. Under normal circumstances, since you are on a private network, there is no objection in this setting.

Synopsis: When visiting the eBay, a script will run that performs a local port scan of your computer to detect remote support and remote access applications, said bleeping computer.

Verification: Refer to the “Bleeping Computer” information. (https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/) There is already a program script on the eBay front-end Web portal, which has a scanning function, please refer to the following url (https://src.ebay-us.com/fp/check.js?org_id=usllpic0&session_id=1) . Apart from that this matter lure my interest to know the details. Following my analysis step, it also found current user profile has design weakness (SQL injection). Perhaps this issue was only detected when the user logged in. Now return the focus to the scan function. From technical point of view, it is not 100% guarantee on existing protection mechanism can avoid session fixation. So eBay should be aware of it. For the details of session fixation. Please refer below:

Wiki: Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application.

Comment: I am the eBayer since 2000. However I could not find the official announcement that eBay is going to scan my device. Perhaps I am not the only one has this unsatisfied feeling.