Solved Nordvpn.com and Nordcdn.com? Same thing?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Wallace_n_Gromit

Senior Member
Never really noticed this before. May be/likely Nordvpn owns both names. (and many more to prevent typing errors being sent to malicious sites)

When I try and download the newest NordVPN app for windows at [nordvpn.com/download] when I hover over the button to download the *.exe I see this link:

https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe

...now tell me please, this is a legitimate Nordvpn link otherwise :eek:
 

RMerlin

Asuswrt-Merlin dev
According to Whois both are behind the same Cloudflare DNS, so there's a good chance it's a domain they use for a CDN.

Check the properties of the downloaded file, there should typically have a digital signature to confirm it's really from them.
 

Wallace_n_Gromit

Senior Member
According to Whois both are behind the same Cloudflare DNS, so there's a good chance it's a domain they use for a CDN.

Check the properties of the downloaded file, there should typically have a digital signature to confirm it's really from them.
https://www.cloudflare.com/learning/cdn/what-is-a-cdn/

Also, I haven't downloaded the file, but I assume it is digitally signed. You can check the digital signature and see if it is valid and if it is signed by the entity you expect (NordVPN themselves, but could be any other service).

https://www.sslsupportdesk.com/how-to-verify-a-digital-code-signing-signature-in-windows/

After your responses, I did check the signature in Properties and found the issued to/signed: TEFINCOM S.A. which was one of two signers I expected (the other being nordvpn, of course)

I had heard some vague info about content distribution networks (CDN), and that link really helped clarify how they work.

I don't understand how being behind the same Cloudflare DNS (in this case):

lily.ns.cloudflare.com
seth.ns.cloudflare.com

helps unless/probably like if your business is in the Seattle area you would expect to use/see something like [seattle.wa.cloudflare.com]?

I did submit a ticket to the nordvpn chat/email customer service on their website yesterday (which I wouldn't have trusted since I would have to assume that my url to nordvpn.com just might have been hijacked to a malicious site) and they responded:
===============================================================================
NordVPN <[email protected]>
Reply for your ticket (ID #XXXXXXX) with a subject title is nordcpn.com part of nordvpn.com?
##- Please type your reply above this line -##
Your request has been updated recently. To add additional comments, reply to this email.

NordVPN16 (NordVPN)

May 17, 2020, 4:35:03 AM GMT+3

Hello,

Thank you for your letter.

We can confirm, that the link you provided is legitimate and is one of our official alternative domains.

Let us know if you have any other questions.

Best Regards,
Navarro Soriano
Customer Success Team
NordVPN.com


[email protected]

May 17, 2020, 2:05:22 AM GMT+3

-----------------------------------------------
Email : [email protected]
subject : is nordcpn.com part of nordvpn.com?
Department : General info
Topic : Security
Origin-URL : https://nordvpn.com/contact-us/
-----------------------------------------------
seeing this link when trying to download your nordvpn app for windows: https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe is it legitimate?
 

RMerlin

Asuswrt-Merlin dev
I don't understand how being behind the same Cloudflare DNS (in this case):

lily.ns.cloudflare.com
seth.ns.cloudflare.com

helps unless/probably like if your business is in the Seattle area you would expect to use/see something like [seattle.wa.cloudflare.com]?

Cloudflare authoritative nameservers are unrelated to locations. When you open an account with Cloudflare, they assign two nameservers to your account. Any domain name you configure on that account will use those same two nameservers. So in this case, it means that there is a very good chance that both domain names are on the same Cloudflare account, and so, belong to the same company.
 

jeden

Regular Contributor
I must say, though, for a "security" company it is a terrible idea to use a lookalike domain (nordvpn vs nordcdn) to host their software. They should've gone with cdn.nordvpn.com or something similar instead of making users suspicious of phishing attacks or being served malware.
 

Wallace_n_Gromit

Senior Member
I must say, though, for a "security" company it is a terrible idea to use a lookalike domain (nordvpn vs nordcdn) to host their software. They should've gone with cdn.nordvpn.com or something similar instead of making users suspicious of phishing attacks or being served malware.

I agree that seeing a link like https://downloads.cdn.nordvpn.com/whatever*.*

would not have raised the hairs on the back of my neck.;)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top