Update: f5d599a39d02caef1984e95fdc606f838893ffc5.xyz

Unfortunately, as of 16 April 2019, I’m still seeing traffic on this domain.

Here are some others I’m seeing:

dfbfb63dcaff96fbe9616fb806e4799f.com
8d46980d994cc618aeed127df1b5c86d8acd86ce.info
07bf396c25d9a624281c97752aee0247e4229b84.xyz
07bf396c25d9a624281c97752aee0247e4229b84.com
07bf396c25d9a624281c97752aee0247e4229b84.info
d234304f57772cf6be78ab6c24a65c91ce896fff.xyz
d234304f57772cf6be78ab6c24a65c91ce896fff.com
d234304f57772cf6be78ab6c24a65c91ce896fff.info
8d46980d994cc618aeed127df1b5c86d8acd86ce.xyz
cbb0c7dae8061aca012b8a910062c33f3642e383.com
cbb0c7dae8061aca012b8a910062c33f3642e383.xyz
cbb0c7dae8061aca012b8a910062c33f3642e383.info

5 thoughts on “Update: f5d599a39d02caef1984e95fdc606f838893ffc5.xyz

  1. I do not in the slightest, beleive what Nord are saying.

    We too noticed these random domains. this is not a method you would use to see if an API call is working. This is what a botnet infected host does when it’s looking for a C&C server.

    Like

  2. I have now 234 rules in LittleSnitch from URLs trying to be accessed from NordVPN.
    This is getting very strange.
    I tested a few of them, and for theses, they were all registered on 2019-04-24 to NameCheap.inc

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: