Long time lurker as I've been able to find most answers by searching others posts but I'm having trouble finding a definitive answer this time. As this is my first post I don't have a signature setup yet but I'm currently running the RT-AC88U w/ 384.12_beta1-g69e0eaefe1 firmware. I plan to update to 384.12_beta2-g7e33ba651a this weekend. Scripts being ran are amtm, diversion lite and skynet.
I've noticed some blocked outbound traffic from several devices but the most concerning are the two iPhones on the network. I've done a factory reset on one of the iPhones and started from scratch but after re-installing my apps it's still trying to send outbound requests. The other iPhone wasn't affected until yesterday but it's doing the same thing now. The information from Skynet is posted below it's the same two IP's each time and according to a quick search it's a bitly.com address. Yesterday the IP's weren't associated with the etsy.me it was a different domain.
Is this something I should be concerned about or am I being overly paranoid? If it is something to be concerned about my next step is to wipe every device in the house and start fresh. Any insight would be greatly appreciated.
Blocked Outbound Traffic
28x | 67.199.248.13 (US) |
https://otx.alienvault.com/indicator/ip/67.199.248.13 | BanMalware: coinbl_hosts_browser.ipset | etsy.me
28x | 67.199.248.12 (US) |
https://otx.alienvault.com/indicator/ip/67.199.248.12 | BanMalware: coinbl_hosts_browser.ipset | etsy.me