u/SequentialHustle

I saw someone else mention they did this. Earlier today I blocked all incoming/outgoing network requests to China and a few other countries. Flow 2 still works perfectly fine. All these outgoing requests were from 1 vacuum run.

Interesting the firmware has the IPs hardcoded.

www.wshifen.com (103.235.46.102 / .115) — this is the Chinese mirror/CDN domain Baidu uses internally. Many Chinese IoT vendors route telemetry through Baidu Cloud, so device traffic ends up resolving here. It's not malicious per se, but it's a known telemetry endpoint.

139.159.191.34, 139.159.254.209, 116.205.184.69 — Huawei Cloud (139.159.0.0/16 and 116.205.0.0/16 are Huawei ranges).

8.135.63.80 — Alibaba Cloud. 122.9.x.x, 110.41.172.154, 113.45.242.21 — also Huawei Cloud / China Telecom ranges.

I’ve had my device since 4/22. How has it uploaded nearly 5gigs of data to China? Is it sending a live feed every time it runs or something? The past 7 days alone it's 2GB upload to Aliexpress. 2.77GB total traffic.

I compared it to my Dreame network activity and there is barely any upload activity on that device over the same period of time.