I have three v2 cams all of which are attempting outbound connections to 220.127.116.11 at the rate of 13-14 times per minute per camera. I block these at my router firewall so it spams my firewall log something fierce.
Can someone tell me why these cams are trying reach 18.104.22.168 which is a Wowrack instance in a Seattle data center owned by what appears to be a Russian national?
Alienvault shows previous malicious activity on this IP: https://otx.alienvault.com/indicator/ip/22.214.171.124
WHOIS output below:
% whois 126.96.36.199
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
inetnum: 188.8.131.52 - 184.108.40.206
NetRange: 220.127.116.11 - 18.104.22.168
Parent: WOW-IPV4-NET3 (NET-216-244-64-0-1)
Customer: Dmitry Murashov (C04913485)
CustName: Dmitry Murashov
Address: Kostjakova street, 17-1-87