Rogue Electric Imp Device on Network

I have a rogue device on my network with an electric imp mac address. It provides no hostname via DHCP.

I’ve tried creating an account and logging in and searching in the portal by mac address, but the portal says no devices found with that mac.

An aggressive nmap shows no open ports / running services on the host.

Packet captures show DNS queries to two domains (the host has been blocked from internet access now)

Traffic was seen going to (TLS)

The mac address of the device 0c:2a:69:0d:66:7b

If someone has any idea how to figure out what device this mac belongs to, or better yet, what vendor purchased a chip/board with this mac, that’d be amazing.

Edit: I should mention that’s a WiFi device, not hardwired.

It’s a Petnet Smart Feeder.

1 Like

…and its behavior (connectivity on port 31314, 993 or 443 to a * host via TLS1.2) is consistent with a normally functioning imp device.

Next-door neighbour making use of your network?

Confirming that it is in fact, a PetNet Smart Feeder.