Show HN: BlipCut – AI Tool for Fast Video Translation and Localization (videotranslator.blipcut.com)

I have recently installed this extension on FF: https://addons.mozilla.org/en-US/firefox/addon/port-authorit... and yesterday I visited this website: https://ceac.state.gov/genniv/ and I got a notification that the website tried to do a port-scan of my private network.

Is this a common thing? I have just recently installed the extension, so I am not sure if there are a lot of other websites who do it.

Since looking into it, I noticed that uBlock Origin already has the default list "Block Outsider Intrusion into LAN" but it wasn't enabled.

Comments (44)

edarchis · 1h ago

Visa application is riddled with scams. From the simple website that charges you twice the price to websites that will tell you that you were rejected and then fake your documents to get in with your name. So they're probably trying to see that you're not one of those web servers, a proxy for them or detect some known C2 channels.

mrtksn · 5m ago

That would be quite clever for an incredibly horrible website. The other day my SO, who is a Turkish citizen, was filling up her visa application and after half an hour off form filling the system just kick her out I think the session timed out or something. If you haven't created an account I haven't noted the current application ID everything is lost. In the process she was also directed to a non-.gov website for something during the process, I thought she was getting scammed but no.

It actually makes sense to have a paid service that makes this abomination less painful. Though they work with VFS Global for collecting the applications and relevant documents, the VFS Global itself is an abomination.

Recently EU streamlined the Schengen visa application process for Turkish citizens as those "visa agencies" that are the official agencies and the only way to apply for a visa for many countries don't actually help with anything and are scamming people by selling the "good hours" for the visa appointment on the black market. That's even not my opinion or speculation, the scams by the official agencies were listed among the reason to streamline the application process.

Both with US and EU people are losing scholarships etc. due to outrageous wait times that are sometimes are years ahead or there's an issue with the systems handling the applications.

I guess there must be an opportunity there to fix all this together with smaller stuff like handling transliteration and character encodings, I wonder if some of those scam site are not scams and actually help with it. An AI agent can be useful here.

testdelacc1 · 1h ago

Another data point - 5he Indian visa system is similar. The official website ending in .gov.in, which is hard to find, offers a visa for $10 and minimal hassle. The scam websites, with better SEO sell the same shit for $80. They’re just proxying your application to the real website and pocketing the difference.

It would be good if the Indian government could block the scammers but I guess it’s a lower priority for the moment.

mdp2021 · 23m ago

> It would be good if the Indian government could block the scammers

Lead poisoning in South Asia: impact of possibly ~9% of GDP

> The heart and brain diseases it causes - to which children are especially susceptible - accounted for at least 1.4m deaths in the region in 2019. The economic cost is crippling; that year lead poisoning is estimated to have lowered South Asian productivity by the equivalent of 9% of GDP

important cause of lead poisoning in South Asia: the practice of drugging spices:

> Lead chromate was added to the turmeric to brighten its golden colour and lead oxide gave the chilli powders a rich red hue

...This (ineffective action to curb the phenomenon of food producers that are mass poisoners, with a priority also equivalent to a staggering slice of GDP) should give you a picture.

https://www.economist.com/leaders/2023/11/02/how-to-stop-tur...

https://www.theguardian.com/global-development/2020/dec/24/d...

dns_snek · 26m ago

Huh, how do you imagine that would work? This "scan" is happening inside client-side javascript, delivering the file through a proxy wouldn't "detect" anything about the proxy.

JosephRedfern · 9m ago

I imagine it may not be a proxy in the true sense, but a headless browser that's "proxying" the application process rather than the network traffic itself.

jaimehrubiks · 1h ago

This is a very clever answer.

actionfromafar · 51m ago

If the proxy scams are just a little clever, they'll run the proxy on an another IP.

M95D · 1h ago

I'm using uMatrix and it blocks by default all connections outside the requested site and parent domains. For example, if I request https://mail.yahoo.com, connections to yimg.com are blocked. I need to manually allow each CDN for each website, so this attack/profiling won't work.

Using uMatrix was very annoying at first, most websites are broken without their CDNs, but after a few months or so, the whitelist grew and it contains 90% of websites I visit.

On my system https://ceac.state.gov/genniv/ tries to connect to captcha.com, google-analytics, googletagmanager, 127.0.0.1 and "burp" (a local hostname that doesn't exist in my network). Interestigly, the browser console doesn't list connection attempts to localhost or burp. If I allow 127.0.0.1 and "tcpdump -i lo", I see connections to port 8888, which isn't open.

user070223 · 39m ago

uMatrix is archived and I think uBlockOrigin is now advised to use(which incorporate uMatrix by enabling advanced settings)

For those who want to try blocking more stuff you can enable hard mode and bind relax blocking mode keyboard shortcut

I'd recommend also enabling filter lists(I advice yokoffing/filterlists and your region/language)

https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m...

Semaphor · 13m ago

I reluctantly switched to only uBo because of uM bugs. But the UI/UX is just a huge step backwards to enable mobile usability.

noja · 1h ago

How does uMatrix handle the Facebook tracking pixel, or the replacement which is the Conversions API Gateway?

This is a container that FB gives you to host that lives under your domain (it can be your main domain) that slurps up user data and sends it to Facebook from the server side. You embed some JS in your website, and they hoover up the data.

M95D · 38m ago

It doesn't handle it. Anyway, there's no way to know what a website does on the server site. Even a completely static website could be sending the server logs somewhere.

There are options to not load JS, images, XMLHttpRequests, frames, cookies, for each site, but it doesn't list individual files.

quietfox · 1h ago

It seems to try to check if you are using the Burp Suite on their web application.

samsonradu · 1h ago

How does it manage to hide the requests to 127.0.0.1 from the network tab?

M95D · 1h ago

I have no ideea. Possibly that's a limitation of Chrome+Firefox developer tools (I get the feeling it's the same code)?

But I found what "burp" is: https://portswigger.net/burp/communitydownload

culturestate · 58m ago

It seems like they only make the localhost requests on your first visit. If you open devtools in incognito mode (or just clear the cookies) before accessing https://ceac.state.gov/genniv/ you should see those 127.0.0.1 attempts as ERR_CONNECTION_REFUSED in the network tab.

Somewhat more worryingly, Little Snitch doesn't report them at all, though that might just be because they were already blocked at the browser.

worthless-trash · 1h ago

The requests are not made, because some operating systems prevent this.

If you're on OSX, the permission to "discover on the local network" prevents it from happening ( System Settings -> Privacy & Security -> Local Network -> yourbrowser )

Could also be 'network' permissions on firefox ( Go to Settings > Privacy & Security > Permissions ) which is on a per site level, but iirc that could be set site-wide at some point.

The other browsers likely have similar configs, but this is what I have found.

thaumasiotes · 1h ago

> On my system https://ceac.state.gov/genniv/ tries to connect to captcha.com, google-analytics, googletagmanager, 127.0.0.1 and "burp" (a local hostname that doesn't exist in my network).

That will be this burp: https://portswigger.net/burp/documentation/desktop/tools/pro...

Sounds like they don't want you to analyze their site.

galaxy_gas · 2h ago

Many sites do it .Included in many standard device fingerprinting / anti anonymity SAAS. Ebay facebook etc all do this ! But it looks this is first party to prevent the adblocking of them

1MB of obfuscated fingerprinting + portscan + Webgl . But oddity this one is trying to find burp suite specific route's.

meitham · 1h ago

Madness! How do I harden my network against that?

ale42 · 1h ago

You should actually harden your browser or PC... to block any unwanted requests. Apparently some browser extensions can do that.

dns_snek · 15m ago

Enable "Block Outsider Intrusion into LAN" filter list in uBlock Origin.

bawolff · 1h ago

Chrome is already in the process of killing it https://developer.chrome.com/blog/local-network-access

gethly · 27m ago

Just a little side note - in this context, it makes sense if the website tries to connect to a local port because you might be running a card reader(ie. terminal). This is how it works with some(all?) EU countries that have a chip in their ID cards, or even vehicle registration cards, which you can use to access sensitive information or perform certain administrative tasks on government websites.

Although, from personal experience, it used to require java and it worked only on internet explorer and since it has been retired and replaced with chromium, i am not sure what is the way to make it work nowadays, as i have not been able to figure out to use it when i needed the last time.

vaylian · 1h ago

> Blocks malicious websites from port-scanning your computer/network

How does that work? A browser extension can't influence how your router and other machines in your network react to incoming requests.

Mashimo · 1h ago

Judging just from the screenshots, it seems it blocks websites from accessing 127.0.0.1 get requests. Not a port scan to the outside, more of what do you have running on the local machine inside your network.

ale42 · 1h ago

As far as I understand it, it is supposed to be a scan done by the browser on the user's computer, not an external scan, which a browser extension wouldn't be able to detect.

vaylian · 42m ago

I see. So the website would try to access private IP adresses (RFC 1918) by having elements like <iframe src="http://10.0.0.1"> in the web site and then the web site would check if the iframe was loaded successfully?

Delk · 12m ago

It could also just try making the request with javascript. Or try a websocket connection.

bawolff · 1h ago

Hopefully should soon be a thing of the past with https://developer.chrome.com/blog/local-network-access

est · 1h ago

but it can hook javascript methods before that scan can happen.

dns_snek · 24m ago

The "port scan" just seems to be a local connection to 127.0.0.1:8888. I don't know what purpose it serves on this page, but our government websites often use this technique to communicate with native software for digitally signing documents.

Are you seeing connection attempts to other IPs?

asimovDev · 1h ago

Embarrassed to say that I wasn't aware of this practice. Are there malicious uses for this beyond fingerprinting?

asimovDev · 1h ago

https://files.catbox.moe/g1bejn.png

When I visit the site from Safari on macOS I see this in the console. Are there any particular services that use port 8888 for the website to do this?

slyall · 1h ago

Be careful your security tool isn't producing false positives.

I remember years back when people would run these firewalls and we'd get complaints from home users about normal traffic.

Thinks like complaints our mail servers was scanning them on port 25 when they sent email.

Maxious · 2h ago

Perhaps to avoid people using misconfigured open proxies https://en.wikipedia.org/wiki/Open_proxy

Like a less sophisticated Tor/VPN that is easily detected by port scans

trod1234 · 1h ago

Capturing forensic artifacts of the local network allows a building a bridge strategy for identifying fraudulent networks without requiring knowledge of the path taken from destination to recipient. Other local devices do this and send the network map during a phone home, allowing comparison to a source of truth that is tied almost directly to the person, or group of people.

There is also a lot of fingerprintable material within such a port scan from clock skew, TCP ISN, and a few other areas.

You can sieve this quite easily with this available, thanks to Roku's, Phone's, and other things doing this while just sitting locally in a shared collision domain (a digital soldier quartered in every home).

The metadata node graph of devices locally acts as a unique fingerprint once in RFC1918 space, technically not unique but close enough.

LoadingXD · 1h ago

is it true visa and paypal are able to mkae you unable to buy games on steam?

kolla · 1h ago

My biggest grief with that site is that it's like something from the 90s.

thrown-0825 · 1h ago

Yeah it should have a fixed header and footer along with a pop-up consent drawer so you can only see 10% of the actual site content.

So much better.

Modern web design is a joke.

bhaney · 1h ago

As something from the 90s myself, I find this rude.

danw1979 · 1h ago

The 1990s web was actually good

yard2010 · 42m ago

I think you are confusing something from the 90 with something from the gov

Conk (1995) – Action Game Construction Kit (semprini.me)

Show HN: Moyu Search – A better tab search (chromewebstore.google.com)

SubBuddy: Never Miss a Payment Again (subbuddy.io)

Windows 11 August Update Triggers NVMe Controller Failures; Phison Investigates (windowsforum.com)

Palantir stock slumps 9%, falling for a fifth straight day from record (cnbc.com)

Anyone using USDT for online payments? What do you buy and how?

The LattePanda Mu (taoofmac.com)

My Take on the iPadOS 26 Beta (taoofmac.com)

Wanted: Sane, tasteful Wi-Fi 6/7 Access Points (taoofmac.com)

Reading Books vs. Engaging with Them (cold-takes.com)

Webb spots a new, tiny moon orbiting Uranus (astronomy.com)

Why Is the US Punishing India – But Not China – For Buying Russian Oil? (thediplomat.com)

Show HN: College Student Program Across Various Country (github.com)

Doctor cracks the case of a 15-year-old who suddenly couldn't walk (economictimes.indiatimes.com)

Ask HN: Is there any plugin to use OpenAI or Claude API in Xcode like Cursor?

Stupidity as a Service (lawrenc.es)

Databricks Secures Series K Funding, Surpassing $100B Valuation (jphfeeds.top)

The Russia-Ukraine War Has Made North Korea More Dangerous (thediplomat.com)

Real-Time Mode in Apache Spark Structured Streaming (databricks.com)

Open source tools to lighten your summer (open-source-ward.com)

Mirrorshades, the Cyberpunk Anthology (rudyrucker.com)

Swinsian 3 Released – The Advanced Music Player for Mac (swinsian.com)

OpenAI makes GPT-5 'friendlier' after widespread user backlash (pcworld.com)

SPL Lightweight Multisource Mixed Computation Practices (github.com)

Show HN: I've launched my app on Hacker News and here is what happened (indiehackers.com)

Show HN: File-Fabric – Generate Files (docs, media, archives) for Testing

Show HN: BlipCut – AI Tool for Fast Video Translation and Localization (videotranslator.blipcut.com)

If Indian goods cannot go to the US, they can head to Russia (timesofindia.indiatimes.com)

From Sound to Meaning: A Deep Meaning Comprehension by DeepSeek (medium.com)

'The Lord Is Counting on Me to Stand on the Side of Israel' (zeteo.com)

Postgres in 2025: No managed service required? (docs.codefloe.com)

Show HN: Code – coding CLI with browser control and diffs (github.com)

Diploma of Nursing (menzies.vic.edu.au)

Virtuous Machines: Towards Artificial General Science (arxiv.org)

Understanding Go Error Types: Pointer vs. Value (blog.fillmore-labs.com)

Hkust Launches the Largest AI Education Sandbox Game "Aivilization" (aivilization.onrender.com)

How to build a world model? Introduction to Laplace Neuron (abibulic.github.io)

Why Detection Of Fake Content Isn't the Answer Anymore (inreality.io)

Show HN: Tempmail3 – Instant disposable email service, zero signup, open-source (tempmail3.com)

Show HN: VoxDemo – Create demo videos with AI voiceovers (voxdemo.com)

Building Ultra Cheap Energy Storage for Solar PV (austinvernon.substack.com)

Why is my device a touchpad and a mouse and a keyboard? (who-t.blogspot.com)

Accessibility Conformance Testing (Act) Rules Format 1.1 (w3.org)

Ask HN: Would you use an agent that migrates your stack (with benchmarks)? (charter-nlpt.vercel.app)

Show HN: Spectre, a coding agent for llama.cpp servers (github.com)

Monad Annoyance (macwright.com)

In AI push, China holds the first sports event for humanoid robots (nbcnews.com)

Qwen-Image-Edit: Image Editing with Higher Quality and Efficiency (qwenlm.github.io)

Unknown object explodes in cornfield in eastern Poland (newsweek.com)

The Company Who Created "Play": The Origin of Namco (gamingalexandria.com)

Ask HN: Why does the US Visa application website do a port-scan of my network?

Comments (44)