Oh wow, they just disabled it while I was reading some comments. It's no longer working, I'm now getting redirected to nsa.gov<p>Edit: This seems to have been online since 2018, see <a href="https://web.archive.org/web/20181206224407/http://captcha.nsa.gov/" rel="nofollow">https://web.archive.org/web/20181206224407/http://captcha.ns...</a>.
I'm guessing that the NSA website uses recaptcha, which is served by Google. Perhaps in order to comply with strict origin policy, they want everything on nsa.gov to be served from their domain. They seem to have a reverse proxy that proxies requests to google.com.<p>That's one plausible explanation, but in any case, even if my explanation is wrong, I doubt the explanation is interesting.
Can someone explain what's going on? Is this a domain hack to get Google's captcha working under an nsa.gov hostname, presumably so that it's usable on whitelist firewalls? I'm surprised Google serves a homepage to the domain, and that it doesn't only respond to requests to google.com (etc.)
I've seen this on Twitter all day. My guess is that they wanted recaptcha, but serving the resources themselves. The easiest route was probably to reverse proxy google.com, which is what recaptcha is hosted on:<p><a href="https://developers.google.com/recaptcha/docs/v3#frontend_integration" rel="nofollow">https://developers.google.com/recaptcha/docs/v3#frontend_int...</a>
Looks to be cname forwarding.<p>> $ dig captcha.nsa.gov<p>> ;; ANSWER SECTION:<p>> captcha.nsa.gov. 13246 IN CNAME www.nsa.gov.edgekey.net.<p>> www.nsa.gov.edgekey.net. 21528 IN CNAME e6655.dscna.akamaiedge.net.<p>> e6655.dscna.akamaiedge.net. 19 IN A 23.213.xxx.xxx<p>The IP addreses at the last one all seem to be Akamai IPs. So So that is fronting Google here it seems?
Interesting alt names on the SSL certificate:<p>DNS Name=www.nsa.gov<p>DNS Name=nsa.gov<p>DNS Name=apps-test.nsa.gov<p>DNS Name=stage.nsa.gov<p>DNS Name=apps.nsa.gov<p>DNS Name=www2.nsa.gov<p>DNS Name=captcha.nsa.gov<p>DNS Name=m.nsa.gov
I'm curious if this is a (temporary, unsecure) way to use google if you're in a place that google is currently blocked.<p>Small chance, but in case anyone on HN is in a place google is blocked, would be an interesting test to run.
You can see what IP it uses to send requests to google using <a href="https://captcha.nsa.gov/search?q=what+is+my+ip" rel="nofollow">https://captcha.nsa.gov/search?q=what+is+my+ip</a>
<a href="https://captcha.nsa.gov/intl/en/about.html" rel="nofollow">https://captcha.nsa.gov/intl/en/about.html</a><p>There is some truth to this.
It's just a CNAME to an akamai IP:<p><pre><code> $ host captcha.nsa.gov
captcha.nsa.gov is an alias for www.nsa.gov.edgekey.net.
www.nsa.gov.edgekey.net is an alias for e6655.dscna.akamaiedge.net.
e6655.dscna.akamaiedge.net has address 104.75.125.118
e6655.dscna.akamaiedge.net has IPv6 address 2600:1406:5800:7b5::19ff
e6655.dscna.akamaiedge.net has IPv6 address 2600:1406:5800:792::19ff
</code></pre>
edgekey.net is an akamai thingy, all of nsa.gov seems to go through it<p><pre><code> $ host www.nsa.gov
www.nsa.gov is an alias for nsa.gov.edgekey.net.
nsa.gov.edgekey.net is an alias for e16248.dscb.akamaiedge.net.</code></pre>
I assume that the archive.org mirror is showing what was visible? <a href="https://web.archive.org/web/20200203154312/http://captcha.nsa.gov/" rel="nofollow">https://web.archive.org/web/20200203154312/http://captcha.ns...</a><p>I see a google search page (google.com equivalent). Which fits with the reverse proxy that does ~any google url.
The creapiest thing to me is that this post is 7 hours old, and the comment states it's disabled. It was fixed within 2 hours. Ergo, the NSA is actively monitoring HackerNews and taking quick actions when needed.<p>I wonder what other sites the nsa has active alerting on?
Nothing especially interesting happening here, someone just pointed captcha.nsa.gov at google.com in their akamai config.<p>Perhaps they’re just using google.com like example.com, or they’re trying to serve recaptcha under nsa.gov.
It's likely this is set up to collect data by impersonating Google Search in an iframe etc.<p>Consider reporting this to Safe Browsing complaint form as phishing attempt: <a href="https://www.google.com/safebrowsing/report_phish/" rel="nofollow">https://www.google.com/safebrowsing/report_phish/</a>
Among other things, it's weird that it shows up with a different GeoIP triangulation for different users. Someone commented here about seeing this in Portuguese. I'm seeing this in Japanese. Does anyone what's going on?<p>EDIT: And now it's showing up in English.