This is Denial of Service attack by using which an attacker can make an user unable to access nordvpn.com website. For more information you can read this article. [https://blog.innerht.ml/tag/cookie-bomb/]
This will usually work on user's fresh session for which we can use inconginito tab.
Cookie format for both of them is like this FirstSession: source=(direct)&campaign=(direct)&medium=(none)&term=&content=&hostname=nordvpn.com&pathname=/&date=20200119 CurrentSession: source=(direct)&campaign=(direct)&medium=(none)&term=&content=&hostname=nordvpn.com&pathname=/&date=202019 Here the pathname parameter is path to the website that we are on. Since the pathname is directly set into these cookie from the visited url, and there is no size limit on the url path. Hence we can make a request to long random path up to of 4 Kb (Max size of a cookie) and both of the cookies will contain 4kb of randome data. But the CurrentSession cookies will change on each path followed, hence it will change it's payload size. For this attack to be successful we need aprox 8Kb of Cookies size. (Atleast we have 4Kb now from FirstSession)
3 . Now Visit this final link https://nordvpn.com/order/?2year&coupon=anything&ref=xxxxx.....xxxxxxx_up_to_4kb_in_size This will set a cookie n_ref with the value of ref parameter. And Now we have appox 8Kb of cookies and most of the webservers don't accept this large size of request and hence we now have a persistent Denial Of Service Attack.
User will not we able to access the website, and will have persistent DoS attack untill he deletes all the cookies manually.