Question about browser connections to port 9143

Discussion in 'privacy problems' started by LMHmedchem, Jul 26, 2015.

  1. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    Hello,
    This an interest rather than a pressing problem. I have noticed recently that when I go to some web pages, I get a request from Comodo ISP to allow my browser to make a TCP connection to port 9143 at a web address other than the IP address of the website I am visiting.

    One site that I know of is Harbor Freight Tools.
    http://www.harborfreight.com/ (23.61.194.249)
    If I go to this site and allow first party javascript, I get this request. The attempted connection is to 173.203.160.170 which is listed by whois as Rackspace Hosting. Further, this connection is attempted approximately every 2 minutes as long as the web site is open in the browser.

    A quick search didn't reveal any related posts about browsers connecting to this port. Does anyone have any information about what the browser is doing and why it needs to make this connection outside of the normal port 80 traffic?

    The browser I am using is seamonkey 2.32.1, but I am guessing I would see the same behavior with firefox.

    LMHmedchem
     
  2. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    Just tried this myself and it is just as you stated, without noscript, no attempt was made to access that address / port. Once I did allow scripts to run temporarily my firewall showed quite a few attempts to access that port and address (all blocked) with no ill affects. My first guess was some type of ad but I tried allowing them (scripts) one by one, vimeo.com, addthis.com, moovweb.com. No change. Allowing the *actual* site brings up the address and port again. Might be some sort of flash server or other secondarily thing they use but I'd say unless you run into problems, keep it blocked.
     
  3. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    I have no intention of allowing it to run. Even it this proved to be necessary to make a purchase from the site (I have found a few sites who's shopping cart didn't work with ghostery enabled), at this point I would just buy from a different site. There are lots of places to shop online and I am more and more tending toward those that have less nonsense like this going on.

    At any rate, I am interested in what the connection is trying to do as much as anything. I am wondering if Fiddler would be informative here.

    LMHmedchem
     
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    You could begin by using browser features that show network requests. That should work even if the requests are blocked via external firewall, and will save you the trouble of using an external MITM like Fiddler. If using Firefox, the Browser Console and Web Console and logging features would be ways to see those.

    You could also search the source of pages/scripts you are comfortable accessing to see if there are any URLs with explicit port numbers. For example, if you look at the page source of http://www.harborfreight.com/ and search for :9143, you will see some HTTPS URLs and the context:

    https://ea.harborfreight.com:9143/EasyAsk/js/eascriptcomplete.js
    https://ea.harborfreight.com:9143/EasyAsk/AutoComplete.jsp

    Possibly these guys: http://easyask.com/company/. Investigate further and confirm things as you see fit.
     
    Last edited: Jul 26, 2015
  5. Kobayashi maru

    Kobayashi maru Registered Member

    Joined:
    Nov 7, 2009
    Posts:
    124
    Location:
    Drivin' all night my hands wet on the wheel....
    Do you have cloud lookup, or any of the other call back stuff? As I recall, Comodo firewall uses this port for itself.
     
Loading...