I have to thank you all for posting about this. I have cameras and iot confined to a range of ip's, and that range has a script that sets up iptable drop for any outside requests (no chance to phone home). Normally logs stay mostly quiet and network stays happy this way. After reading this, I checked my router logs and I'll be damned...
I immediately verified my script was for some reason not started. It could have been problems with power while I was gone over the weekend. My homeassistant did notify my of a brief outage, but router and cams are on a 40min ups. So the mystery remains until I have time to dig through logs and test things. It was just a new d6bi
doorbell cam making all that traffic, but my 5442 is not phoning home (both have been running several weeks now). Anyhow, I restarted the drop rule script on my router and now it's walled off safely... just need to investigate why it was not started. Until I figure that out I put on belt and suspenders by blocking internet from that doorbell and the rest of the cam/iot using the router's built in features.
[edit: That is of course, not to say that what I have is better than hardware separation, vlans, etc.]