Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Diogenes Pontifex

macrumors newbie
Original poster
Jan 14, 2020
4
1
Several weeks ago, I activated a feature on my router that blocks access to potentially dangerous IP addresses based on a "threat intelligence database". Since then, the router has repeatedly blocked access from my wife's iPhone 6s (17 incidents in 25 days). I'm aware that these databases often contain false positives, but I've still been concerned. Based on reverse DNS lookup and geolocation, the addresses look sketchy to me -- several of them apparently in eastern Europe. (We're in Seattle.)

Since the router provides no insight into the app responsible for any particular packet, I disabled background refresh for all 3rd party apps. This morning my wife's phone was idle and locked when the router blocked another access attempt, this time to an IP address that is apparently located in Lithuania.

Can anyone suggest an innocent explanation for this? My understanding is that with background refresh disabled, no 3rd party app should be trying to access the internet from an idle and locked phone, and it seems unlikely that an iOS system app or process would be trying to access a random looking site in Lithuania.

My wife's phone is up to date (iOS 13.6) and not jailbroken. I've absorbed the common wisdom that malware for iPhones is extremely rare, but I'm concerned. Out of caution, I'm considering wiping the phone and doing a fresh install, for lack of a better idea. But I would be much happier if I had a better understanding of what's going on before I do that.

Thanks in advance for any suggestions!
 
  • Like
Reactions: imnotlisa

Realityck

macrumors G4
Nov 9, 2015
11,471
17,287
Silicon Valley, CA
Just the first thought but are you using Safari in privacy mode after clearing history and website data? You don't want your browser being profiled/tracked going to various web sites routinely. If you launch Safari and see several tabs open to sites, its what I would suspect. If you have game apps bought or downloaded possibly another source of possible unknown activity as developers are worldwide.

  1. From the home screen, tap Settings.
  2. Scroll to and tap Safari.
  3. Scroll to and tap Clear History and Website Data.
  4. When prompted, tap Clear History and Data.
  5. The browser cache is now cleared.
How to turn on Private Browsing
  1. Open Safari on your iPhone or iPod touch.
  2. Tap the new page button .
  3. Tap Private, then tap Done.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.