Unfortunately, as of 16 April 2019, I’m still seeing traffic on this domain.
Here are some others I’m seeing:
5 thoughts on “Update: f5d599a39d02caef1984e95fdc606f838893ffc5.xyz”
Did NordVPN provide an explanation as to why this was happening?
No. They just said it would be fixed in the latest update. I have the latest update and am still seeing events from devices with the updated user-agent string.
I do not in the slightest, beleive what Nord are saying.
We too noticed these random domains. this is not a method you would use to see if an API call is working. This is what a botnet infected host does when it’s looking for a C&C server.
100% agreed. It is not expected behavior.
I have now 234 rules in LittleSnitch from URLs trying to be accessed from NordVPN.
This is getting very strange.
I tested a few of them, and for theses, they were all registered on 2019-04-24 to NameCheap.inc