That’s the first question that popped up when I installed AdGuard Home on my Raspberry Pi last night. Within minutes, hundreds of queries went out for these two domains:
- xx.ott.io.mi.com
- xx.ot.io.mi.com
What is mi.com, you ask. It is Xiaomi’s US website. I don’t (or thought I didn’t) have an Xiaomi device on my network because, wel, I’d never bought a Xiaomi device.
Except, it turns out, someone in my household did. It’s just not sold as a Xiaomi device. It’s a vacuum, specifically a Roborock S4. That robot sits idle for 2-3 days, does 45 minutes of work, then goes idle again. And when it’s idle, tucked away under a bench, charging it’s little battery and complaining on the app about dirty filters, it’s pinging those two addresses 119,000 times a day.
That screen shot was taken 24 hours after I set up AdGuard and blocked those two domains. Around 16 times a minute, every minute of every hour of every day.
So, if you’re seeing crazy traffic on your network and need a place to start, look for down-market IoT devices that may have borrowed tech from Xiaomi.
If you have AdGuard, the custom filtering rules you want are:
||xx.ott.io.mi.com^$important
||io.mi.com^$important
If you’re there adding those, toss in this one for your noisy Rokus as well.
||logs.roku.com