Weird URL in nordvpn
This research is incomplete . I am not able to figure out some things . I am writting this blog to share my finding and help me with this .
So oneday i got curious about nordvpn . So i used wireshark to inttercept the login . When i log in using my username and password I see a DNS query asking IP address of a domain name . The domain looks suspicious af . I mean you see domains like this inside malwares . I am not a good enough reverse engineer to understand such complex code . I also tried decrypting wireshark packets but could not do it . The method I used didn’t work . This the domain zwyr157wwiu6eior.com . I intercepted the login request from browser using burpsuite . The login endpoint was “api.nordvpn.com/v1/users/token” . So whats the weird url is ?