What ".ly" do you mean?
tunnelblick.net hosts everything except disk images. Those .dmg files are hosted by GitHub, and GitHub uses amazon web services, so the downloads come from
amazonaws.com as shown in the following Firefox screenshot:
I suppose GitHub could use other hosts, but in my experience they have consistently used AWS.
(It would cost too much to host them on tunnelblick.net and pay for the bandwidth.)
If your Tunnelblick.dmg is being downloaded from a ".ly" address, it sounds like your computer has been hacked or is the target of a "Man in the Middle" attack. (But I don't know how a MITM attack could take place unless MITM-ed by a state-level player who has control of a certificate authority and created forged credentials.)
We suggest
verifying downloads. (Of course, if your https: access to the
tunnelblick.net website is compromised, you may not be able to get the correct verification checksum and hash.)
In addition to using https: for everything, Tunnelblick's update mechanism uses digital signatures which are not vulnerable to MITM attack. And you could verify the Tunnelblick.app after an update if you want to be extra sure.