Suspect outbound traffic from all my v2 cameras

I have three v2 cams all of which are attempting outbound connections to at the rate of 13-14 times per minute per camera. I block these at my router firewall so it spams my firewall log something fierce.

Can someone tell me why these cams are trying reach which is a Wowrack instance in a Seattle data center owned by what appears to be a Russian national?

Alienvault shows previous malicious activity on this IP: AlienVault - Open Threat Exchange

WHOIS output below:
% whois
% IANA WHOIS server
% for more information on IANA, visit
% This query returned 1 object


inetnum: -
organisation: ARIN


changed: 1998-04
source: IANA

NetRange: -
NetName: 216-244-65-0-0-DMITRYMURASHOV
NetHandle: NET-216-244-65-0-1
Parent: WOW-IPV4-NET3 (NET-216-244-64-0-1)
NetType: Reassigned
Customer: Dmitry Murashov (C04913485)
RegDate: 2014-03-21
Updated: 2014-03-21

CustName: Dmitry Murashov
Address: Kostjakova street, 17-1-87
City: Moscow
PostalCode: 127422
Country: RU
RegDate: 2014-03-21
Updated: 2014-03-27

OrgAbuseHandle: WAT1-ARIN
OrgAbuseName: Wowrack Abuse Team
OrgAbusePhone: +1-206-522-4402

OrgTechHandle: WOWRA1-ARIN
OrgTechName: Wowrack NOC
OrgTechPhone: +1-206-522-4402

OrgNOCName: Wowrack Hostmaster
OrgNOCPhone: +1-206-522-4402

1 Like

Wow! Another post said China was connecting to his cams. Maybe this is why the cams are so cheap?

They answered it here:


That’s quite a long read, but in the end I didn’t find Wyze final say about this…
Sorry, I’m not very familiar on navigating reddit, so maybe I’ve miss the conclusion.

From @WyzeTao in the comments:

Here is an update tonight. This is a new server added by our P2P service provider recently. It is not any malicious server. My previous server check was based on an older server version that was why I didn’t find an IP match.

The server is physically located in Seattle, WA. Currently it is leased by our provider as a P2P connection server. This is confirmed by our service provider over phone. For some reason, some IP lookup websites resolve the IP as in Seattle and some resolve as in Russia. For example:

IP Location Lookup - Instantly Locate an IP Location resolves as in Seattle IP Address Geolocation Lookup Demo | IP2Location resolves as in Seattle resolves as in Russia

We are asking the cloud service provider why the IP resolves into different locations. Our guess is that IP location record was changed once and the record was not populated. This info is to be confirmed by the cloud service provider.

1 Like

Good to know. Thanks for the update.

there’s others in Canada as well. I’m seeing traffic recently to and OVH Hosting, as well as IANA. OVH in my experience has a reputation for some dodgy activity. I’m using Firewalla Gold as my router, if anyone is curious, that’s what the traffic data is from. Amazing device.


Amazing. I am glad I am using a secondary router for my cam network.

I have been keeping an eye on it, and the server appears to be utilized for cloud video storage to some extent, as I found after blocking at the domain level (causes dns resolution and subsequent allow/block per rules) that I was getting a bunch of errors trying to view uploaded events.