Am 20. May, 2022 schwätzte Michael Butash via PLUG-discuss so:
moin moin,
This is something I posted here a while back, how sites like banks and
other financials were making scripted local queries to check for open
"services" or ports as referrals to localhost and ports known to be
malicious al
Hey,
Institutions do in fact scan local systems and public networks on
connection to as they say "fight bots" and "malicious/compromised
users". Here is an example of someone going through and pulling apart
ebay's use of it: https://blog.nem.ec/2020/05/24/ebay-port-scanning/
They also use in
This is something I posted here a while back, how sites like banks and
other financials were making scripted local queries to check for open
"services" or ports as referrals to localhost and ports known to be
malicious ala some worm or botnet if they should trust you or not. Quick
way for them to
moin moin,
once in a while I run into a site trying to make JavaScript or XHR
connections to localhost.
What are they doing?
Are they setting up backdoor tunnels on localhost?
Are they trying to run a daemon out of the browser?
Are they trying to escape the sandbox and exfiltrate data?
ciao,
