Anyone seeing Wyze Cam v2 contacting phishing site 216.105.168.146?
I use a Firewalla for my home which just started alerting for the above.
That IP seems to be managed by some random colo company dedicated.com.
This is on port UDP 10001 which I find this about Wyze.
Facilitates P2P live streaming of video feeds, allowing direct camera-to-device communication.
It’s possible that this traffic is miscategorized but this seems a bit suspect as I though Wyze was hosted all in AWS.
Of course, as soon as I post this, I realized that I should have searched the forum for the UDP port number.
The below links are informative but it still seems sketchy that we’re streaming video to some random unknown hosting company at random locations.
Compared to other brands of cams the Wyze cams sure are busy chatting all over the place all the time, and use a lot of data.
The older cams, prior to about the OG, used some inexpensive hosting companies for many of the functions (before they moved to AWS). Of course, those inexpensive hosting companies also get used by unethical people doing unethical things, so their IPs tend to get flagged in various blacklists. There are also a couple services they used for integration with Alexa, Google, Apple, etc that use smaller hosting companies, so you’ll see connections for that sometimes too.
Nothing to worry about in this case. The older cams don’t get updated to use AWS, they’re pretty much locked into the old design. If you end up replacing them at some point, you’ll start to see pretty much AWS only connections going out.
There are some like the Panv3 that use a little of both, but my OGs and v4 are strictly AWS from what I’ve seen.