Several weeks ago, I activated a feature on my router that blocks access to potentially dangerous IP addresses based on a "threat intelligence database". Since then, the router has repeatedly blocked access from my wife's iPhone 6s (17 incidents in 25 days). I'm aware that these databases often contain false positives, but I've still been concerned. Based on reverse DNS lookup and geolocation, the addresses look sketchy to me -- several of them apparently in eastern Europe. (We're in Seattle.)
Since the router provides no insight into the app responsible for any particular packet, I disabled background refresh for all 3rd party apps. This morning my wife's phone was idle and locked when the router blocked another access attempt, this time to an IP address that is apparently located in Lithuania.
Can anyone suggest an innocent explanation for this? My understanding is that with background refresh disabled, no 3rd party app should be trying to access the internet from an idle and locked phone, and it seems unlikely that an iOS system app or process would be trying to access a random looking site in Lithuania.
My wife's phone is up to date (iOS 13.6) and not jailbroken. I've absorbed the common wisdom that malware for iPhones is extremely rare, but I'm concerned. Out of caution, I'm considering wiping the phone and doing a fresh install, for lack of a better idea. But I would be much happier if I had a better understanding of what's going on before I do that.
Thanks in advance for any suggestions!
Since the router provides no insight into the app responsible for any particular packet, I disabled background refresh for all 3rd party apps. This morning my wife's phone was idle and locked when the router blocked another access attempt, this time to an IP address that is apparently located in Lithuania.
Can anyone suggest an innocent explanation for this? My understanding is that with background refresh disabled, no 3rd party app should be trying to access the internet from an idle and locked phone, and it seems unlikely that an iOS system app or process would be trying to access a random looking site in Lithuania.
My wife's phone is up to date (iOS 13.6) and not jailbroken. I've absorbed the common wisdom that malware for iPhones is extremely rare, but I'm concerned. Out of caution, I'm considering wiping the phone and doing a fresh install, for lack of a better idea. But I would be much happier if I had a better understanding of what's going on before I do that.
Thanks in advance for any suggestions!
