I have three v2 cams all of which are attempting outbound connections to 216.244.65.2 at the rate of 13-14 times per minute per camera. I block these at my router firewall so it spams my firewall log something fierce.
Can someone tell me why these cams are trying reach 216.244.65.2 which is a Wowrack instance in a Seattle data center owned by what appears to be a Russian national?
Alienvault shows previous malicious activity on this IP: AlienVault - Open Threat Exchange
WHOIS output below:
% whois 216.244.65.2
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.arin.net
inetnum: 216.0.0.0 - 216.255.255.255
organisation: ARIN
status: ALLOCATED
whois: whois.arin.net
changed: 1998-04
source: IANA
whois.arin.net
NetRange: 216.244.65.0 - 216.244.65.7
CIDR: 216.244.65.0/29
NetName: 216-244-65-0-0-DMITRYMURASHOV
NetHandle: NET-216-244-65-0-1
Parent: WOW-IPV4-NET3 (NET-216-244-64-0-1)
NetType: Reassigned
OriginAS:
Customer: Dmitry Murashov (C04913485)
RegDate: 2014-03-21
Updated: 2014-03-21
Ref: https://rdap.arin.net/registry/ip/216.244.65.0
CustName: Dmitry Murashov
Address: Kostjakova street, 17-1-87
City: Moscow
StateProv:
PostalCode: 127422
Country: RU
RegDate: 2014-03-21
Updated: 2014-03-27
Ref: https://rdap.arin.net/registry/entity/C04913485
OrgAbuseHandle: WAT1-ARIN
OrgAbuseName: Wowrack Abuse Team
OrgAbusePhone: +1-206-522-4402
OrgAbuseEmail: abuse@wowrack.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/WAT1-ARIN
OrgTechHandle: WOWRA1-ARIN
OrgTechName: Wowrack NOC
OrgTechPhone: +1-206-522-4402
OrgTechEmail: noc@wowrack.com
OrgTechRef: https://rdap.arin.net/registry/entity/WOWRA1-ARIN
OrgNOCHandle: WOWRA-ARIN
OrgNOCName: Wowrack Hostmaster
OrgNOCPhone: +1-206-522-4402
OrgNOCEmail: hostmaster@wowrack.com
OrgNOCRef: https://rdap.arin.net/registry/entity/WOWRA-ARIN