Charlie Belmer, a DevOp expert who works for DuckDuckGo, has noticed an increase in the number of websites that use localhost port scans against their visitors.
(Shahadat Rahman, Unsplash)
Usually, penetration testers and hackers use port scanning against online machines to figure the services and applications listening on the network to create an attack strategy. These websites use localhost port scans to identify bots and also to track or fingerprint users.
There are claims that certain banks may use port-scanning on visitors to their websites to scan for malware or backdoors that criminals may use to track a user's banking sessions.
Port scanning is a way to figure out the activities of specific IP addresses belonging to unique users or routers. A user's computer will likely have programs running while listening on ports for one reason or the other. Therefore, an attacker may be able to figure out which software is open on your pc and decide to use this information to his advantage.
Belmer recommends the use of extensions that block these kinds of activities in your browser.