My Firewalla Gold Flagged nexthop.onl?
My Firewalla flagged nexthop.onl from my MacMini M2 on port 55290. The size of the data transfer looked like BackBlaze or more likely iCloud backup and nexthop.onl indicated maybe a VPN as I use ExpressVPN on all my computers. I contacted ExpressVPN support via Chat and was told the ExpressVPN client does not use that domain. In fact, ExpressVPN doesn't use domain names only IP Addresses. How would I investigate this on the Firewalla? Is there a way I can see how often nexthop.onl is contacted with a noticeable data transfer of hundreds of MBs?
-
My suggestion is to block that domain and see if anything useful is broken. (the domain is a parked domain ... meaning, it should not be active, unless the parked IP maps to many domains, then you get a false positive. this happens too)
I also hide the private conversation you had with your VPN
Please sign in to leave a comment.
Comments
7 comments