Update: f5d599a39d02caef1984e95fdc606f838893ffc5.xyz

Unfortunately, as of 16 April 2019, I’m still seeing traffic on this domain.

Here are some others I’m seeing:

dfbfb63dcaff96fbe9616fb806e4799f.com
8d46980d994cc618aeed127df1b5c86d8acd86ce.info
07bf396c25d9a624281c97752aee0247e4229b84.xyz
07bf396c25d9a624281c97752aee0247e4229b84.com
07bf396c25d9a624281c97752aee0247e4229b84.info
d234304f57772cf6be78ab6c24a65c91ce896fff.xyz
d234304f57772cf6be78ab6c24a65c91ce896fff.com
d234304f57772cf6be78ab6c24a65c91ce896fff.info
8d46980d994cc618aeed127df1b5c86d8acd86ce.xyz
cbb0c7dae8061aca012b8a910062c33f3642e383.com
cbb0c7dae8061aca012b8a910062c33f3642e383.xyz
cbb0c7dae8061aca012b8a910062c33f3642e383.info

5 thoughts on “Update: f5d599a39d02caef1984e95fdc606f838893ffc5.xyz”

  1. I do not in the slightest, beleive what Nord are saying.

    We too noticed these random domains. this is not a method you would use to see if an API call is working. This is what a botnet infected host does when it’s looking for a C&C server.

  2. No. They just said it would be fixed in the latest update. I have the latest update and am still seeing events from devices with the updated user-agent string.

  3. I have now 234 rules in LittleSnitch from URLs trying to be accessed from NordVPN.
    This is getting very strange.
    I tested a few of them, and for theses, they were all registered on 2019-04-24 to NameCheap.inc

Comments are closed.