This is something I posted here a while back, how sites like banks and
other financials were making scripted local queries to check for open
"services" or ports as referrals to localhost and ports known to be
malicious ala some worm or botnet if they should trust you or not. Quick
way for them to
moin moin,
once in a while I run into a site trying to make JavaScript or XHR
connections to localhost.
What are they doing?
Are they setting up backdoor tunnels on localhost?
Are they trying to run a daemon out of the browser?
Are they trying to escape the sandbox and exfiltrate data?
ciao,
