# APPLE Malware, Exploits, Hacks IOCs # Source: https://otx.alienvault.com/user/Kailula4/pulses + https://otx.alienvault.com # # UPDATED 02-05-2021 # # Every link reported should be considered harmefull and could result in an unwanted malware download. Use this file carrefully. # # **** Therefor my advice is **** # **** If you experience sites that are being blocked **** # **** please double check your input in search field and **** # **** see if it's correct and verify that it is the correct page you **** # **** are going too! If it is correct then whitelist that site **** # # USE THIS LIST WITH CAUTION! # # # *****The list is released without any warranty to the end users.***** # # *** This list contains domains and hosts *** # ******************************************************************************************************************************************************************* #------------------------------------------------------- # Suspected NSO Group iMessage ‘Zero-Click’ Exploit Used Against Journalists # Source: https://otx.alienvault.com/pulse/5fe0cd0101540b1d4144f8a3 # Domains bananakick.net crashparadox.net flowersarrows.com holdmydoor.com regularhours.net stilloak.net #------------------------------------------------------- # Why is Pegasuses in my MacOS Calculator App? # Source: https://otx.alienvault.com/pulse/603fe5ed4000bc7f624042a2 # Domains 5starsp.com akadns.net akamaitechnologies.com bangcdn.net blinko.fr byxiaorun.com calendarserver.org cloudflare-dns.com com-policy.info coms.my.id coveriaprograms.com dynu.club dynv6.net edge.apple frozenthemusical.co.uk hongjian.org ipdiagnostics.com iphonecopyright.com ipodtouch.co jomton.ru manoramahorizon.com manoramayearbook.in mktdelivery.com mob-trk.com myxtv.com netflix-details-support.com networking.apple neulion.net pfultd.com plan-b.co.jp pregnancy-breastfeeding-ste-justine.com programsmgu.com qkdoc.com radiomango.fm restricted-payment.co.uk rugbypass.com sa-log.in shuins.com statesupply.dev theman.in uwgk.org vanitha.in # Hosts 0.0.0.0 1doc1doc1doc1.cloudflare-dns.com 0.0.0.0 1dot1dot1dot2.cloudflare-dns.com 0.0.0.0 1dot1dot1dot3.cloudflare-dns.com 0.0.0.0 1dot1dot1dot.cloudflare-dns.com 0.0.0.0 271754.genapicloud.comorigin.pfultd.com 0.0.0.0 a2-20-88-168.deploy.static.akamaitechnologies.com 0.0.0.0 a2-22-22-211.deploy.static.akamaitechnologies.com 0.0.0.0 a2.phobos.g.aaplimg.com 0.0.0.0 a23-33-85-182.deploy.static.akamaitechnologies.com 0.0.0.0 a23-36-187-5.deploy.static.akamaitechnologies.com 0.0.0.0 a23-55-166-88.deploy.static.akamaitechnologies.com 0.0.0.0 a23-57-227-204.deploy.static.akamaitechnologies.com 0.0.0.0 a23-62-239-9.deploy.static.akamaitechnologies.com 0.0.0.0 a23-62-239-41.deploy.static.akamaitechnologies.com 0.0.0.0 a23-63-250-8.deploy.static.akamaitechnologies.com 0.0.0.0 a23-73-91-120.deploy.static.akamaitechnologies.com 0.0.0.0 a23-193-129-54.deploy.static.akamaitechnologies.com 0.0.0.0 a23-195-77-164.deploy.static.akamaitechnologies.com 0.0.0.0 a23-205-165-83.deploy.static.akamaitechnologies.com 0.0.0.0 a23-221-223-11.deploy.static.akamaitechnologies.com 0.0.0.0 a23-221-223-35.deploy.static.akamaitechnologies.com 0.0.0.0 a41becb02dfbd797bb18309accc256347.v.ipdiagnostics.com 0.0.0.0 a95-100-87-88.deploy.static.akamaitechnologies.com 0.0.0.0 a96-16-6-41.deploy.static.akamaitechnologies.com 0.0.0.0 a104-91-69-58.deploy.static.akamaitechnologies.com 0.0.0.0 a104-91-69-66.deploy.static.akamaitechnologies.com 0.0.0.0 a104-106-241-109.deploy.static.akamaitechnologies.com 0.0.0.0 a173-223-193-88.deploy.static.akamaitechnologies.com 0.0.0.0 a248.e.akamai.net 0.0.0.0 a767.dscg3.akamai.net 0.0.0.0 a1220.phobos.apple.com 0.0.0.0 a1441.g4.akamai.net 0.0.0.0 a1441.g4.akamai.net.0.1.cn.akamaitech.net 0.0.0.0 a1584.phobos.apple.com 0.0.0.0 a1767.g.akamai.net 0.0.0.0 admin.manoramahorizon.com 0.0.0.0 ads.sidekick.condenast.com 0.0.0.0 aeb226a41976d3d7ec2d011c614a7009f.v46.ipdiagnostics.com 0.0.0.0 aeb226a41976d3d7ec2d011c614a7009f.v.ipdiagnostics.com 0.0.0.0 akcdn.bangcdn.net 0.0.0.0 albert.apple.com 0.0.0.0 alitup.bangcdn.net 0.0.0.0 amp-uk.rugbypass.com 0.0.0.0 aod.itunes.g.aaplimg.com 0.0.0.0 ap-origin-usw-2-lb.aasa.edge.apple 0.0.0.0 apac-china-courier-4.push-apple.com.akadns.net 0.0.0.0 apac-china-courier-vs.push-apple.com.akadns.net 0.0.0.0 api-app.espn.com 0.0.0.0 api.manoramahorizon.com 0.0.0.0 app-site-association-parent.networking.apple 0.0.0.0 app-site-association.edge.apple 0.0.0.0 app-site-association.g.aaplimg.com 0.0.0.0 app-site-association.networking.apple 0.0.0.0 appldnld.g.aaplimg.com 0.0.0.0 apple.com.edgekey.net.globalredir.akadns.net 0.0.0.0 apple.com.sa-log.in 0.0.0.0 apple.coms.my.id 0.0.0.0 apptrailers.itunes.g.aaplimg.com 0.0.0.0 apsu.g.aaplimg.com 0.0.0.0 as-dash-uk-live.akamaized.net 0.0.0.0 associated-proxy-origin.edge.apple 0.0.0.0 atworkc2c.americanexpress.com.akadns.net 0.0.0.0 au-bg-shim.trafficmanager.net 0.0.0.0 au.download.windowsupdate.com.edgesuite.net 0.0.0.0 audio.itunes.g.aaplimg.com 0.0.0.0 audownload.windowsupdate.nsatc.net 0.0.0.0 azure.cloudflare-dns.com 0.0.0.0 bbs.byxiaorun.com 0.0.0.0 beta.uwgk.org 0.0.0.0 blog.byxiaorun.com 0.0.0.0 books.itunes.g.aaplimg.com 0.0.0.0 btnplus.neulion.net 0.0.0.0 cache.edge.apple 0.0.0.0 calculator.uwgk.org 0.0.0.0 captive-cdn.origin-apple.com.akadns.net 0.0.0.0 captive-cidr.origin-apple.com.akadns.net 0.0.0.0 card.apple.com 0.0.0.0 cdn-xp-ingest.edge.apple 0.0.0.0 cdn.akamai.statesupply.dev 0.0.0.0 cdn.smoot.g.aaplimg.com 0.0.0.0 chrome-security.cloudflare-dns.com 0.0.0.0 chrome.cloudflare-dns.com 0.0.0.0 click.email.uwgk.org 0.0.0.0 clientflow.g.aaplimg.com 0.0.0.0 cloudflare.cloudflare-dns.com 0.0.0.0 cloudgz-ecs.gravityzone.bitdefender.comorigin.pfultd.com 0.0.0.0 club.blinko.fr 0.0.0.0 cms-uk.rugbypass.com 0.0.0.0 com.sa-log.in 0.0.0.0 commozilla.cloudflare-dns.com 0.0.0.0 con.byxiaorun.com 0.0.0.0 configuration.apple.com.akadns.net 0.0.0.0 connectmozilla.cloudflare-dns.com 0.0.0.0 courses.manoramahorizon.com 0.0.0.0 css.radiomango.fm 0.0.0.0 darwinbuild.macosforge.org 0.0.0.0 devgigya.myxtv.com 0.0.0.0 devstreaming.g.aaplimg.com 0.0.0.0 dewelier.dynv6.net 0.0.0.0 dns.byxiaorun.com 0.0.0.0 docker.edge.apple 0.0.0.0 e6858.dsce9.akamaiedge.net 0.0.0.0 e6858.dsce9.akamaiedge.net.0.1.cn.akamaiedge.net 0.0.0.0 ecdn-assets.edge.apple 0.0.0.0 em.mktdelivery.com 0.0.0.0 embed.apple.media 0.0.0.0 espnplayer.neulion.com.akadns.net 0.0.0.0 espnplayer.neulion.net 0.0.0.0 eu-central-courier-4.push-apple.com.akadns.net 0.0.0.0 family.cloudflare-dns.com 0.0.0.0 fast.fairfax.demdex.net 0.0.0.0 file.hongjian.org 0.0.0.0 gateway.fe.apple-dns.net 0.0.0.0 git.calendarserver.org 0.0.0.0 givetoday.uwgk.org 0.0.0.0 graph.americanexpress.com.akadns.net 0.0.0.0 gsp1.apple.com 0.0.0.0 gspe35-ssl.ls-apple.com.akadns.net 0.0.0.0 gspe85-ssl.g.aaplimg.com 0.0.0.0 guzzoni.apple.com 0.0.0.0 helpqt.apple.com 0.0.0.0 hostnamens1.ns1.ns3.ns1.ns2.jomton.ru 0.0.0.0 icloud.com.sa-log.in 0.0.0.0 icloud.coms.my.id 0.0.0.0 image.email.uwgk.org 0.0.0.0 images.apple.com 0.0.0.0 images.g.aaplimg.com 0.0.0.0 imap.www.apple.com.edgekey.net.globalredir.akadns.net 0.0.0.0 img.radiomango.fm 0.0.0.0 init-p01st.push.apple.com 0.0.0.0 invitation.ess-apple.com.akadns.net 0.0.0.0 iosapps-itunes-lr.g.aaplimg.com 0.0.0.0 iosapps.itunes.g.aaplimg.com 0.0.0.0 itunes.apple.com 0.0.0.0 itunesconnect.apple.com 0.0.0.0 iwpsn1.blinko.fr 0.0.0.0 js.radiomango.fm 0.0.0.0 js.rbxcdn.com 0.0.0.0 leoscloud.dynv6.net 0.0.0.0 link.plan-b.co.jp 0.0.0.0 m.blinko.fr 0.0.0.0 ma1-aaemail-dr-lapp01.apple.com 0.0.0.0 malwarebytes.com-lb.ssopt.net.akadns.net 0.0.0.0 manage-information-applied.com-policy.info 0.0.0.0 media.manoramahorizon.com 0.0.0.0 mensura-seed.edge.apple 0.0.0.0 mensura-zero-seed.edge.apple 0.0.0.0 mensura-zero.edge.apple 0.0.0.0 mensura.edge.apple 0.0.0.0 mensurazero.edge.apple 0.0.0.0 miketkf.dynv6.net 0.0.0.0 mozila.cloudflare-dns.com 0.0.0.0 mozilla.cloudflare-dns.com 0.0.0.0 musicbox.dynv6.net 0.0.0.0 muzeipixivsource.cloudflare-dns.com 0.0.0.0 mvod.itunes.g.aaplimg.com 0.0.0.0 mysupport.apple.com 0.0.0.0 nex.dbhomese.dynv6.net 0.0.0.0 npvr-stg.nscreen.iptv.bell.ca 0.0.0.0 ns1.ns1.ns2.jomton.ru 0.0.0.0 ns1.ns1.ns3.ns1.ns2.jomton.ru 0.0.0.0 ns1.ns1.ns4.ns1.ns4.ns3.jomton.ru 0.0.0.0 ns1.ns2.jomton.ru 0.0.0.0 ns1.ns2.ns1.ns4.ns3.jomton.ru 0.0.0.0 ns1.ns2.ns2.ns1.ns2.jomton.ru 0.0.0.0 ns1.ns2.ns2.ns1.ns3.jomton.ru 0.0.0.0 ns1.ns3.ns1.jomton.ru 0.0.0.0 ns1.ns4.ns1.ns4.ns3.jomton.ru 0.0.0.0 ns1.ns4.ns2.ns1.ns4.ns3.jomton.ru 0.0.0.0 ns1.ns4.ns3.jomton.ru 0.0.0.0 ns2.ns1.ns4.ns1.ns4.ns3.jomton.ru 0.0.0.0 ns2.ns2.ns2.ns1.ns3.ns1.jomton.ru 0.0.0.0 ns2.ns4.ns3.ns3.jomton.ru 0.0.0.0 ns2.ns4.ns4.ns4.ns3.ns3.jomton.ru 0.0.0.0 ns3.jomton.ru 0.0.0.0 ns3.ns1.ns1.ns2.jomton.ru 0.0.0.0 ns3.ns2.ns2.ns1.ns3.ns1.jomton.ru 0.0.0.0 ns3.ns2.ns4.ns3.ns3.jomton.ru 0.0.0.0 ns3.ns3.jomton.ru 0.0.0.0 ns3.ns3.ns1.ns1.ns2.jomton.ru 0.0.0.0 ns3.ns4.ns1.ns1.ns2.jomton.ru 0.0.0.0 ns4.ns1.ns1.ns2.jomton.ru 0.0.0.0 ns4.ns1.ns4.ns3.jomton.ru 0.0.0.0 ns4.ns2.ns4.ns3.jomton.ru 0.0.0.0 ns4.ns3.jomton.ru 0.0.0.0 ns4.ns3.ns3.jomton.ru 0.0.0.0 ns4.ns4.ns3.ns3.jomton.ru 0.0.0.0 ns4.ns4.ns4.ns3.ns3.jomton.ru 0.0.0.0 ns4.ns4.ns4.ns4.ns3.ns3.jomton.ru 0.0.0.0 ocsp-lb.apple.com.akadns.net 0.0.0.0 ocsp.g.aaplimg.com 0.0.0.0 ocsp.godaddy.com.akadns.net 0.0.0.0 odoh.cloudflare-dns.com 0.0.0.0 odr.itunes.g.aaplimg.com 0.0.0.0 one.byxiaorun.com 0.0.0.0 origin.pfultd.com 0.0.0.0 origin.pfultd.comorigin.pfultd.com 0.0.0.0 osxapps.itunes.g.aaplimg.com 0.0.0.0 p41-buy.itunes-apple.com.akadns.net 0.0.0.0 p55-buy.itunes-apple.com.akadns.net 0.0.0.0 p59-buy.itunes-apple.com.akadns.net 0.0.0.0 p71-buy.itunes-apple.com.akadns.net 0.0.0.0 pd-activate.apple.com 0.0.0.0 pd-ent.apple.com 0.0.0.0 pd-fit.apple.com 0.0.0.0 pd-fitness.apple.com 0.0.0.0 pd-itmsdav.apple.com 0.0.0.0 pd-itunes.apple.com 0.0.0.0 pd-xp2.apple.com 0.0.0.0 pd-xp.apple.com 0.0.0.0 prebid-server-perf-eu.rubiconproject.net.akadns.net 0.0.0.0 production.skype-registar.akadns.net 0.0.0.0 proxy.odoh.cloudflare-dns.com 0.0.0.0 push-apple.com.akadns.net 0.0.0.0 push.apple.com 0.0.0.0 pvd.networking.apple 0.0.0.0 qamozilla.cloudflare-dns.com 0.0.0.0 qr.byxiaorun.com 0.0.0.0 radarsubmissions.apple.com 0.0.0.0 radarsubmissions.apple.com.akadns.net 0.0.0.0 rogue.blizzard.com.edgesuite.net 0.0.0.0 secure.logmein.com.akadns.net 0.0.0.0 securemetrics.apple.com 0.0.0.0 security.cloudflare-dns.com 0.0.0.0 service.plan-b.co.jp 0.0.0.0 shop.rugbypass.com 0.0.0.0 smtp.www.apple.com.edgekey.net.globalredir.akadns.net 0.0.0.0 stag-api.manoramahorizon.com 0.0.0.0 stag-college.manoramahorizon.com 0.0.0.0 stag-fe.manoramahorizon.com 0.0.0.0 stag-media.manoramahorizon.com 0.0.0.0 stag-mma.manoramahorizon.com 0.0.0.0 stag-static.manoramahorizon.com 0.0.0.0 staging.frozenthemusical.co.uk 0.0.0.0 static.calendarserver.org 0.0.0.0 static.manoramahorizon.com 0.0.0.0 static.movavi.com 0.0.0.0 store-005-lb.blobstore-apple.com.akadns.net 0.0.0.0 storevideos.g.aaplimg.com 0.0.0.0 streamingaudio.g.aaplimg.com 0.0.0.0 streamqa.osn.com 0.0.0.0 streamqaosn.neulion.net 0.0.0.0 studio.manoramahorizon.com 0.0.0.0 svn.calendarserver.org 0.0.0.0 sw88.frozenthemusical.co.uk 0.0.0.0 sylvan.g.aaplimg.com 0.0.0.0 target.c.obs-th.line.ngc.akadns.net 0.0.0.0 test.tup.bangcdn.net 0.0.0.0 tiktok.rugbypass.com 0.0.0.0 tls.cloudflare-dns.com 0.0.0.0 trac.calendarserver.org 0.0.0.0 track.mob-trk.com 0.0.0.0 tunnelbear.cloudflare-dns.com 0.0.0.0 tup.bangcdn.net 0.0.0.0 updates-http.g.aaplimg.com 0.0.0.0 updates.g.aaplimg.com 0.0.0.0 use.typekit.net 0.0.0.0 uslax1-gw1-transit-lf.g.aaplimg.com 0.0.0.0 v46.ipdiagnostics.com 0.0.0.0 view.email.uwgk.org 0.0.0.0 watch-dev-nba.neulion.net 0.0.0.0 watch-qa-nba.neulion.net 0.0.0.0 watch-uat-nba.neulion.net 0.0.0.0 watch.rugbypass.com 0.0.0.0 watchnba.neulion.net 0.0.0.0 watchrugbypass.neulion.net 0.0.0.0 world-gen.g.aaplimg.com 0.0.0.0 www-map-migration.apple.com.akadns.net 0.0.0.0 www-origin.icbc.perf.akadns.net 0.0.0.0 www.alliedelec.com 0.0.0.0 www.apple.com 0.0.0.0 www.apple.com.cn 0.0.0.0 www.apple.com.edgekey.net 0.0.0.0 www.apple.com.edgekey.net.globalredir.akadns.net 0.0.0.0 www.btnplus.com 0.0.0.0 www.byxiaorun.com 0.0.0.0 www.laguiatv.com 0.0.0.0 www.malwarebytes.com-lb.ssopt.net.akadns.net 0.0.0.0 www.nickjr.com.br 0.0.0.0 www.opensource.apple.com 0.0.0.0 www.test.myxtv.com 0.0.0.0 www.unilever.sk 0.0.0.0 www.unilevernigeria.com 0.0.0.0 xr.byxiaorun.com 0.0.0.0 zeusmedia.g.aaplimg.com #------------------------------------------------------- # What a Hacked MacBook looks like.. # Source: https://otx.alienvault.com/pulse/602dd912cd52c1160c7ada6a # Domains 2.app 3.app 50onpaletteserver.app 1220a22.bom 8600.app aaapreserveppd.pl abassistantservice.app aclmodify.pl aosalertmanager.app aosheartbeat.app aospushrelay.app ardagent.app axvisualsupportagent.app cimfindinputcodetool.app commandfilter.app common.sb ctkbind.app deleteobsoletefiles.pl deleteobsoletefilesfullinstall.pl dfrhud.app driver.apple driver.sony eaptlstrust.app epfaxautosetuptool.app epsonfax.app hpdot4d.app hpscanner.app icloud.app icloudusernotificationsd.app identityservicesd.app idsremoteurlconnectionagent.app ijscanner2.app ijscanner4.app ijscanner6.app imagent.app imautomatichistorydeletionagent.app imtransferagent.app install.apple install.software loginwindow.app mrt.app nbagent.app obexagent.app odsagent.app osduihelper.app pipagent.app preference.network preference.security ptpcamera.app qlmanage.app quicklookd.app rastertoepfax.app rcd.app scim.app screencaptureui.app series.app ssmenuagent.app stics.app stmuihelper.app storeuid.app syncuid.app tcim.app tv.app tyim.app uasharedpasteboardprogressui.app uikitsystem.app universalaccessauthwarn.app wifi.events zzzpreserveppd.pl # Hosts 0.0.0.0 4.5.app 0.0.0.0 254.169.in-addr.arpa 0.0.0.0 apple.preference.network 0.0.0.0 apple.wifi.events 0.0.0.0 com.apple.driver.apple 0.0.0.0 com.apple.driver.sony 0.0.0.0 com.apple.mobile 0.0.0.0 com.apple.pkg.mobiledevicesu.1220a22.bom 0.0.0.0 com.apple.preference.network 0.0.0.0 com.apple.preference.security 0.0.0.0 com.apple.wifi.events 0.0.0.0 swscan.apple.com 0.0.0.0 system.install.apple 0.0.0.0 system.install.software #------------------------------------------------------- # Apple's IHome # Source: https://otx.alienvault.com/pulse/6020cb3ffb42be102f9ee111 # Domains grovo.com iphonecopyright.com ipodtouch.co restricted-payment.co.uk shuins.com # Hosts 0.0.0.0 abebembezayahoo.centralus.cloudapp.azure.com 0.0.0.0 account.azure.com 0.0.0.0 adf.azure.com 0.0.0.0 amp-account.music.apple.com 0.0.0.0 amp-api-edge.music.apple.com 0.0.0.0 amp-api-preview.music.apple.com 0.0.0.0 amp-api.music.apple.com 0.0.0.0 api.music.apple.com 0.0.0.0 asbassangmail.centralus.cloudapp.azure.com 0.0.0.0 audioconn.wikaba.com 0.0.0.0 authorize.music.apple.com 0.0.0.0 bcrw.apple.com 0.0.0.0 bcsandboxpla.westeurope.cloudapp.azure.com 0.0.0.0 beta.music.apple.com 0.0.0.0 bot.music.apple.com 0.0.0.0 buy.music.apple.com 0.0.0.0 catalogapi.azure.com 0.0.0.0 cdn.grovo.com 0.0.0.0 centralus.cloudapp.azure.com 0.0.0.0 cst-canary.azure.com 0.0.0.0 cst.azure.com 0.0.0.0 cuseuapprod-dacsvc.azure.com 0.0.0.0 cyrius-sapprd.alteanet.it 0.0.0.0 datamarket.azure.com 0.0.0.0 demo-a18.lify.io 0.0.0.0 dev.azure.com 0.0.0.0 devedgeepic.globalenglish.com 0.0.0.0 devstreaming-cdn.apple.com 0.0.0.0 devwww2.globalenglish.com 0.0.0.0 discussionschinese.apple.com 0.0.0.0 djm.tpagent.eilabonline.biz 0.0.0.0 download.dev.oneviewhealthcare.com 0.0.0.0 ea.azure.com 0.0.0.0 embed.music.apple.com 0.0.0.0 failover.bulgaro.io 0.0.0.0 feedback.azure.com 0.0.0.0 futureedge.grovo.com 0.0.0.0 gallery.azure.com 0.0.0.0 gateway.fe.apple-dns.net 0.0.0.0 geo.music.apple.com 0.0.0.0 iadcm.apple.com 0.0.0.0 iadsdk.apple.com 0.0.0.0 ianadata.vip.icann.org 0.0.0.0 init-p01st.push.apple.com 0.0.0.0 insideapple.apple.com 0.0.0.0 itunes.apple.com 0.0.0.0 itunesconnect.apple.com 0.0.0.0 js-cdn.music.apple.com 0.0.0.0 kirankumark545g.centralus.cloudapp.azure.com 0.0.0.0 language.azure.com 0.0.0.0 library-sync.music.apple.com 0.0.0.0 ma-mbudregp.apple.com 0.0.0.0 mail.landrover-ersatzteile.wien 0.0.0.0 mail.onfinance.co.za 0.0.0.0 mail.stanzertal.at 0.0.0.0 management.azure.com 0.0.0.0 messenger.music.apple.com 0.0.0.0 microlearning.grovo.com 0.0.0.0 ml.azure.com 0.0.0.0 mobile.mansioncasino.com 0.0.0.0 mroacademy.grovo.com 0.0.0.0 mrsandeshkadamg.centralus.cloudapp.azure.com 0.0.0.0 music.apple.com 0.0.0.0 nelless.dev.gloww.io 0.0.0.0 nwk-aaemail-lapp01.apple.com 0.0.0.0 nwk-aaemail-lapp03.apple.com 0.0.0.0 opensource.apple.com 0.0.0.0 outsideapple.apple.com 0.0.0.0 pillgal.linux-dude.net 0.0.0.0 play.music.apple.com 0.0.0.0 portal.azure.com 0.0.0.0 processsimplerp.azure.com 0.0.0.0 public-api.grovo.com 0.0.0.0 radarsubmissions.apple.com 0.0.0.0 replay.music.apple.com 0.0.0.0 sb.music.apple.com 0.0.0.0 securemetrics.apple.com 0.0.0.0 securemvt.apple.com 0.0.0.0 shell.azure.com 0.0.0.0 solutionprofessionals.apple.com 0.0.0.0 status-stag2.azure.com 0.0.0.0 status-stag.azure.com 0.0.0.0 suhasbhandariym.centralus.cloudapp.azure.com 0.0.0.0 supportmetrics.apple.com 0.0.0.0 swdlp.apple.com 0.0.0.0 track.azure.com 0.0.0.0 tracking.grovo.com 0.0.0.0 tv.apple.com 0.0.0.0 umeshbhowragmai.centralus.cloudapp.azure.com 0.0.0.0 videos.grovo.com 0.0.0.0 www.aeonnetshop.com 0.0.0.0 www.sqlazureservices.com 0.0.0.0 xp.apple.com #------------------------------------------------------- # above.com porn & pegasus infected iphones # Source: https://otx.alienvault.com/pulse/5fdfe6dceffecbf4a29b2702 # Domains 3gp-world.cz 4happy.fr 24x7mcafeesupportnumber.com 247ptp.com above.com ac-bordeau.fr ac-cean.fr addme.com addmefast.fr aimjunkies.fr aleenfilms.org alleyecandy.org apparentlyfemale.com appleiph0ne.com balonoveletani.cz balzamic.fr best-download.org bolilecopilariei.info boots.cz borondameadowselementary.com bulkclicks.com ca-agricole.fr cab.com chat-aveneu.com cumlpuder.com discrodapp.com dot17.com drakensang.cz drop.com.au eroprofil.com euromodels.cz extreme-tanning.com fachebook.com familystoke.com fapscr.com fkk-prague.cz foodpicsgo.com gauchopedia.fr gigantischebrueste.com greaklist.com hgogo.com hibbylobby.com hrichy.cz janpanhdv.com leafagents.com louboutinchaussure.fr mailbustrings.com mesuret.org mfk1.com mps-j.cz myliftouch.ca networks-tools.com novela.cz numa001.fr oasolaire.fr olozto.cz owafraserhealth.ca paybalanceto.com pennygirl.cz protichripce.cz protoonmail.com realmediaalerts.com roseluxe.com rossifurniture.com rusxcam.com sageinvoices.com skateshoes.cz skyreads.com sracka.cz streammovs.com styrodome.com sunapeeregionrentals.com tfplay.org thepartyrentals.ca tienpo.com tonicmania.cz tostotor.com trellian.com tronghuu.org tvrdysex.cz videosearcher.org wangyuehd.com wchat.cz westemunion.com whimporn.com windows8startbutton.com wwwtouchpaydirect.com xvldes.com yourcartier.com ysktoday.com zone-stealer.fr # Hosts 0.0.0.0 6i3cb6owitcouepv.paybalanceto.com 0.0.0.0 777.tienpo.com 0.0.0.0 amateurblogs.eroprofil.com 0.0.0.0 buy-this-domain.gi.net 0.0.0.0 erosumma.dot17.com 0.0.0.0 erotube.dot17.com 0.0.0.0 exp2.above.com 0.0.0.0 exp4.above.com 0.0.0.0 forums.numa001.fr 0.0.0.0 gci.tienpo.com 0.0.0.0 i.whimporn.com 0.0.0.0 madam.dot17.com 0.0.0.0 ns2.above.com 0.0.0.0 ns2.acll.org 0.0.0.0 ns2.localhosty.com 0.0.0.0 ns2.mfk1.com 0.0.0.0 ns2.next.org 0.0.0.0 ns4.above.com 0.0.0.0 ns4.gi.net 0.0.0.0 ns6.above.com 0.0.0.0 ns8.above.com 0.0.0.0 owa.tienpo.com 0.0.0.0 paytoc4gtpn5czl2.tostotor.com 0.0.0.0 plus.alleyecandy.org 0.0.0.0 static.4happy.fr 0.0.0.0 whois.above.com 0.0.0.0 ww1.6i3cb6owitcouepv.paybalanceto.com 0.0.0.0 ww1.ac-bordeau.fr 0.0.0.0 ww1.boots.cz 0.0.0.0 ww1.ca-agricole.fr 0.0.0.0 ww1.courrier.ac-bordeau.fr 0.0.0.0 ww1.forums.numa001.fr 0.0.0.0 ww1.hibbylobby.com 0.0.0.0 ww1.janpanhdv.com 0.0.0.0 ww1.leafagents.com 0.0.0.0 ww1.mailbustrings.com 0.0.0.0 ww1.ns2.mfk1.com 0.0.0.0 ww1.numa001.fr 0.0.0.0 ww1.oasolaire.fr 0.0.0.0 ww1.paytoc4gtpn5czl2.tostotor.com 0.0.0.0 ww1.protichripce.cz 0.0.0.0 ww1.roseluxe.com 0.0.0.0 ww1.skyreads.com 0.0.0.0 ww1.sracka.cz 0.0.0.0 ww1.videosearcher.org 0.0.0.0 ww1.wchat.cz 0.0.0.0 ww1.ww1.euromodels.cz 0.0.0.0 ww2.6i3cb6owitcouepv.paybalanceto.com 0.0.0.0 ww2.borondameadowselementary.com 0.0.0.0 ww2.skateshoes.cz 0.0.0.0 ww2.videosearcher.org 0.0.0.0 ww2.wchat.cz 0.0.0.0 ww6.tienpo.com 0.0.0.0 ww11.6i3cb6owitcouepv.paybalanceto.com 0.0.0.0 ww11.btintranet.com 0.0.0.0 ww11.chat-aveneu.com 0.0.0.0 ww11.edf.oasolaire.fr 0.0.0.0 ww11.kemahfarmersmarket.com 0.0.0.0 ww11.ns2.mfk1.com 0.0.0.0 ww11.paytoc4gtpn5czl2.tostotor.com 0.0.0.0 ww11.peneufree.com 0.0.0.0 ww11.teachalabama.org 0.0.0.0 ww11.tostotor.com 0.0.0.0 ww11.whimporn.com 0.0.0.0 ww11.www159i.com 0.0.0.0 ww16.adbulletin.com 0.0.0.0 ww16.bkrfdf.xyz 0.0.0.0 ww16.conjuguemons.com 0.0.0.0 ww16.cricbuss.com 0.0.0.0 ww16.discrodapp.com 0.0.0.0 ww16.emedramps.com 0.0.0.0 ww16.freshgrannypics.com 0.0.0.0 ww16.hroncrochet.com 0.0.0.0 ww16.htwa.com.au 0.0.0.0 ww16.huffmansautosales.com 0.0.0.0 ww16.juicygay.net 0.0.0.0 ww16.k122.com 0.0.0.0 ww16.ldsatwork.org 0.0.0.0 ww16.msdaneka.com 0.0.0.0 ww16.punters-paradise.com 0.0.0.0 ww16.regripper.net 0.0.0.0 ww16.rockaouto.com 0.0.0.0 ww16.roseluxe.com 0.0.0.0 ww16.sacks5th.com 0.0.0.0 ww16.slaves-training.com 0.0.0.0 ww16.spairroom.com 0.0.0.0 ww16.sracka.cz 0.0.0.0 ww16.unlimtedvacationclub.com 0.0.0.0 ww16.vhlcentrl.com 0.0.0.0 ww16.vintaga.co.uk 0.0.0.0 ww16.webstarauntstore.com 0.0.0.0 ww16.whimporn.com 0.0.0.0 ww17.6i3cb6owitcouepv.paybalanceto.com 0.0.0.0 ww17.alleyecandy.org 0.0.0.0 ww17.paytoc4gtpn5czl2.tostotor.com 0.0.0.0 ww17.videosearcher.org 0.0.0.0 ww17.wchat.cz 0.0.0.0 ww25.6i3cb6owitcouepv.paybalanceto.com 0.0.0.0 ww25.alleyecandy.org 0.0.0.0 ww25.eroprofil.com 0.0.0.0 ww25.erosumma.dot17.com 0.0.0.0 ww25.paytoc4gtpn5czl2.tostotor.com 0.0.0.0 ww25.tostotor.com 0.0.0.0 ww25.videosearcher.org 0.0.0.0 ww25.whimporn.com 0.0.0.0 ww25.yourcartier.com 0.0.0.0 ww31.tronghuu.org 0.0.0.0 ww35.ac-bordeau.fr 0.0.0.0 ww35.balzamic.fr 0.0.0.0 ww35.conformite.casa.ca-agricole.fr 0.0.0.0 ww35.static.4happy.fr 0.0.0.0 ww38.edf.oasolaire.fr 0.0.0.0 ww38.tostotor.com 0.0.0.0 ww41.aleenfilms.org 0.0.0.0 ww41.tronghuu.org 0.0.0.0 ww84.paytoc4gtpn5czl2.tostotor.com 0.0.0.0 www.above.com #------------------------------------------------------- # pegasus-os.netlify.app # Source: https://otx.alienvault.com/pulse/5f706db9d05f84d92036b7c4 # Domains data.gouv.fr edushare.ca edushifts.world eltiradero.net ertpropertymanagement.com fury.ca myfiretimeline.com pineapplebrat.com sektioneins.de shemalshah.com shubh.tech sticks.cool successfurnishings.com taranich.net webspotstudio.com ww.codes xpresscart.net # Hosts 0.0.0.0 0instagram.netlify.app 0.0.0.0 221hyg.000webhostapp.com 0.0.0.0 andr0id.000webhostapp.com 0.0.0.0 app72626287at.000webhostapp.com 0.0.0.0 arquivosloaderpubg.000webhostapp.com 0.0.0.0 asimov-win.vortex.data.microsoft.com.akadns.net 0.0.0.0 asimov-win.vortex.data.trafficmanager.net 0.0.0.0 autoconfig.edushifts.world 0.0.0.0 autoreg12.000webhostapp.com 0.0.0.0 azrecposz.000webhostapp.com 0.0.0.0 bazad.github.io 0.0.0.0 bestbuycanada20.000webhostapp.com 0.0.0.0 bigfishing.000webhostapp.com 0.0.0.0 blog.pangu.io 0.0.0.0 blogs.mapplescience.com 0.0.0.0 blrl3254.000webhostapp.com 0.0.0.0 booking.goboat.co.uk 0.0.0.0 canadaasdforum.000webhostapp.com 0.0.0.0 checkout.pineapplebrat.com 0.0.0.0 dashboard.covid19.data.gouv.fr 0.0.0.0 dns1.000webhost.com 0.0.0.0 dns1.p01.nsone.ne 0.0.0.0 dns2.000webhost.com 0.0.0.0 ebero.fury.ca 0.0.0.0 geo.vortex.data.microsoft.com.akadns.net 0.0.0.0 hardcore-cori-47247c.netlify.com 0.0.0.0 kiwi-bak.fury.ca 0.0.0.0 members.pineapplebrat.com 0.0.0.0 now.edushifts.world 0.0.0.0 ns12.wixdns.net 0.0.0.0 ns13.wixdns.net 0.0.0.0 obey.supportify.club 0.0.0.0 outlukmailupdating.netlify.com 0.0.0.0 pegasus-os.000webhostapp.com 0.0.0.0 pegasus-os.netlify.app 0.0.0.0 qa.authblue.com 0.0.0.0 ra60mv-lumiere-67e6f0.netlify.app 0.0.0.0 services.sx.fury.ca 0.0.0.0 sleepy-kirch-914ec6.netlify.app 0.0.0.0 support.pineapplebrat.com 0.0.0.0 sx-bak.fury.ca 0.0.0.0 tejaschaudharindb.github.io 0.0.0.0 tickets.ilgrandemuseodelduomo.it 0.0.0.0 tweetie2.atebites.com 0.0.0.0 us-east-1.route-1.000webhost.awex.io 0.0.0.0 vortex-win.data.microsoft.com 0.0.0.0 whois.ca.fury.ca 0.0.0.0 www230.wixdns.net 0.0.0.0 www.appleverifyaccount.com 0.0.0.0 www.autoconfig.edushifts.world 0.0.0.0 www.edushare.ca 0.0.0.0 www.edushifts.world 0.0.0.0 www.eltiradero.net 0.0.0.0 www.pineapplebrat.com 0.0.0.0 www.shubh.tech 0.0.0.0 www.w3.org 0.0.0.0 youthful-carson-e1e474.netlify.app #------------------------------------------------------- # iPhone 14.3 #pegasuS #compromised #UK # # Source: https://otx.alienvault.com/pulse/5fdfd66d958d45c28f1ede8f # Domains apple.madrid giffgaff.com photos.cloud # Hosts 0.0.0.0 com.apple.icloud-container.com.apple.photos.cloud 0.0.0.0 com.apple.madrid 0.0.0.0 com.apple.photos.cloud #------------------------------------------------------- # Apple AWL Attack # Source: https://otx.alienvault.com/pulse/5fefbb165fef933b7d85d86f # Domains tile.app udemy-mobile-ios.app # Hosts 0.0.0.0 com.apple.safari.safebrowsing.se 0.0.0.0 com.apple.siri.parsec.news 0.0.0.0 ns.itunes.apple.com 0.0.0.0 updates-http.cdn-apple.com 0.0.0.0 www.apple.com 0.0.0.0 xp.apple.com #------------------------------------------------------- # Mac Book using malicious AUDIO files to execute code- THANKS, SIRI!!!!!! # Source: https://otx.alienvault.com/pulse/5fde5a6fdcf5035d48206aa6 # Domains parsec.news tile.app # Hosts 0.0.0.0 apple.siri.parsec.news 0.0.0.0 com.apple.siri.parsec.news 0.0.0.0 com.google.ios.youtube 0.0.0.0 siri.parsec.news #----------------------------------------------- # Apple iPad 7th Generation - Kernal Exploit # Source: https://otx.alienvault.com/pulse/5fdec4e50d60e852183e4de8 # Domains apple.ht asleep.energy awake.energy battery.design charging.energy com.app delta.is error.safe extension.pr ging.energy ioreport.channel mobileslideshow.photo off.energy on.energy pluggedin.energy safebrowsing.se unplugged.energy # Hosts 0.0.0.0 age.wifiinkb.com.apple.weather 0.0.0.0 appactivetime.com.apple.mobileslideshow.photo 0.0.0.0 appbackgroundactivereason.backgroundcontentfetching.com.microsoft 0.0.0.0 bits.com.app 0.0.0.0 cikolatam.com.app 0.0.0.0 com.apple.cltm.lservo.e.delta.is 0.0.0.0 com.apple.cltm.lservo.g.delta.is 0.0.0.0 com.apple.cltm.lservo.p.delta.is 0.0.0.0 com.apple.ht 0.0.0.0 com.apple.ioreport.channel 0.0.0.0 com.apple.mobileslideshow.photo 0.0.0.0 com.apple.power.battery.design 0.0.0.0 com.apple.power.state.pluggedin.energy 0.0.0.0 com.apple.power.state.unplugged.energy 0.0.0.0 com.apple.quicklook.extension.pr 0.0.0.0 com.apple.safari.domainloadedwithuseragent.mobile 0.0.0.0 com.apple.safari.safebrowsing.se 0.0.0.0 datausage.wifiinkb.com.apple.com.apple.online 0.0.0.0 datausage.wifiinkb.com.apple.weather 0.0.0.0 datausage.wifioutkb.com.apple.com.apple.online 0.0.0.0 datausage.wifioutkb.com.apple.weather 0.0.0.0 mizihu.com.app 0.0.0.0 nihong.com.app 0.0.0.0 softbank.com.app 0.0.0.0 soni.com.app 0.0.0.0 zhuxin.com.app #------------------------------------------------------- # 2018 Launch of Mac Book Pro Exploit # Source: https://otx.alienvault.com/pulse/5fdc111330bed536bb3e4de8 # Domains 3.app 16u1287.bom 20access.app 20agent.app 20alerts.app 20applet.app 20archive.app 20assistant.app 20autoupdate.app 20book.app 20booth.app 20calibrator.app 20capture.app 20casino.app 20chooser.app 20components.app 20control.app 20daemon.app 20devices.app 20diagnostics.app 20disabler.app 20drive.app 20droplet.app 20editor.app 20epic.app 20events.app 20excel.app 20exchange.app 20files.app 20info.app 20information.app 20installer.app 20launcher.app 20mac.app 20machine.app 20mahjong.app 20management.app 20manager.app 20menu.app 20message.app 20meter.app 20mojave.app 20monitor.app 20onenote.app 20outlook.app 20page.app 20passwords.app 20player.app 20poker.app 20powerpoint.app 20preferences.app 20pro.app 20progress.app 20properties.app 20quickstart.app 20reporter.app 20reporting.app 20request.app 20research.app 20resolver.app 20runner.app 20service.app 20setup.app 20sharing.app 20shell.app 20simulator.app 20solitaire.app 20start.app 20status.app 20store.app 20stub.app 20tools.app 20training.app 20update.app 20updater.app 20uploader.app 20utility.app 20viewer.app 20word.app 24hr.energy 50onpaletteserver.app 203.app 1200a1040.bom 8600.data aaapreserveppd.pl abassistantservice.app aclmodify.pl afp.app aosalertmanager.app aosheartbeat.app aospushrelay.app apple.com ardagent.app asleep.energy attwifi.com awake.energy btmmdisable.app casino-2012.bom cation-agent.app cation.app cationcenter.app cationmanager.app cationsd.app ce365servicev2.app charging.energy cimfindinputcodetool.app cloudphotosd.app cmfsyncagent.app com.apple com.microsoft d.app deleteobsoletefiles.pl deleteobsoletefilesfullinstall.pl dfrhud.app e.app eaptlstrust.app ed.app etcontainer.app eview.app fsmenuapp.app fsmenuapploginitemhelper.app g.app garageband.help gblogicalchemyessentials.bom guration.app guration.pro hpdot4d.app hpscanner.app ibooks.app icloud.app identityservicesd.app idsremoteurlconnectionagent.app imagent.app imautomatichistorydeletionagent.app imavagent.app imovie.app imovieapp.help imtransferagent.app is.network iserver.app itunes.app ituneshelper.app journals.health journals.live journals.repair keynote.help killkeynoteconverters.pl killnumbersconverters.pl killpagesconverters.pl le.ca lecount.total lesize.total ll.auto ller.app loginwindow.app ltpbasicguitar1.bom ltpbasicpiano1.bom ltpchordtrainer.bom mac.app main.cf master.cf mcxdiskauthorization.app mcxmenuextratool.app mrt.app nbagent.app nd.codes ngerprint.sb numbers.help obexagent.app odsagent.app off.energy on.energy osduihelper.app pages.help pdate.app pipagent.app pro.app pshiphop1.bom ptpcamera.app quicklookd32.app quicklookd.app rcd.app reserved.pt rting.app rtprotectiondaemon.app rvicev2.app scan.pl scim.app screencapturetb.app screencaptureui.app security.re soagent.app ssassistancecursor.app ssdraghelper.app ssinvitationagent.app ssmenuagent.app stall.apple stmuihelper.app storeuid.app syncuid.app tart.app tcim.app tiswitcher.app tmhelperagent.app uasharedpasteboardprogressui.app ui.app uikitsystem.app universalaccessauthwarn.app unplugged.energy wplayingwidgetcontainer.app xfinity.com zzzpreserveppd.pl # Hosts 0.0.0.0 0.com.google.ios.youtube 0.0.0.0 03.com.google.ios.youtube 0.0.0.0 0303.com.google.ios.youtube 0.0.0.0 6h4hrtu5e3.com.avast.osx.secureline.avastsecurelinehelper.app 0.0.0.0 an.apple.com 0.0.0.0 appactivationcount.com.apple.camera 0.0.0.0 appactivationcount.com.google.ios.youtube 0.0.0.0 appactivetime.com.apple.camera 0.0.0.0 appactivetime.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.activation.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.audio.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.suspend.com.google.ios.youtube 0.0.0.0 appbackgroundactivetime.com.google.ios.youtube 0.0.0.0 appbackupfilecount.com.google.gmail 0.0.0.0 appbackupfilecount.com.google.ios.youtube 0.0.0.0 appbackupfilecount.group.com.google.gmail 0.0.0.0 appbackupfilesize.com.google.gmail 0.0.0.0 appbackupfilesize.com.google.ios.youtube 0.0.0.0 appbackupfilesize.group.com.google.gmail 0.0.0.0 applaunchcount.com.google.ios.youtube 0.0.0.0 applaunchtime.com.google.ios.youtube 0.0.0.0 appresumetime.com.apple.camera 0.0.0.0 appresumetime.com.google.ios.youtube 0.0.0.0 autoupdate.app.bom 0.0.0.0 c02b.com.google.ios.youtube 0.0.0.0 cation.private.com.app 0.0.0.0 cation.private.com.apple 0.0.0.0 com.apple.aop.button.click 0.0.0.0 com.apple.apsd-recreatecourierstate-push.apple.com 0.0.0.0 com.apple.camera 0.0.0.0 com.apple.cltm.lservo.e.delta.is 0.0.0.0 com.apple.cltm.lservo.g.delta.is 0.0.0.0 com.apple.cltm.lservo.p.delta.is 0.0.0.0 com.apple.coreanimation.fr 0.0.0.0 com.apple.coreanimation.ren 0.0.0.0 com.apple.coreaudio.aq 0.0.0.0 com.apple.coreduet.knowledgestore.eventcount.total 0.0.0.0 com.apple.coremedia.camera.af 0.0.0.0 com.apple.coremedia.ne 0.0.0.0 com.apple.dt.commandlinetools.installondemand.in 0.0.0.0 com.apple.functions.help 0.0.0.0 com.apple.garageband10.help 0.0.0.0 com.apple.healthkit.nanosync.total 0.0.0.0 com.apple.imovieapp10.help 0.0.0.0 com.apple.iokit.graphics 0.0.0.0 com.apple.ioreport.channel 0.0.0.0 com.apple.itunes.help 0.0.0.0 com.apple.iwork.keynote.remote.help 0.0.0.0 com.apple.iwork.numbers.remote.help 0.0.0.0 com.apple.iwork.pages.remote.help 0.0.0.0 com.apple.ltecoex.bt 0.0.0.0 com.apple.metal.api.com.google.ios.youtube 0.0.0.0 com.apple.metal.client.coreimage-internal.com.apple.camera 0.0.0.0 com.apple.mobile 0.0.0.0 com.apple.mobileslideshow.camera 0.0.0.0 com.apple.mobileslideshow.camera.shutter.software 0.0.0.0 com.apple.mobileslideshow.importedby.camera 0.0.0.0 com.apple.mobileslideshows.memories.graph.publiceventscount.dance 0.0.0.0 com.apple.mobileslideshows.memories.graph.publiceventscount.theater 0.0.0.0 com.apple.osanalytics.submissions.total 0.0.0.0 com.apple.parsecd.search 0.0.0.0 com.apple.photoanalysisd.faceprocessing.no 0.0.0.0 com.apple.photos 0.0.0.0 com.apple.pk 0.0.0.0 com.apple.pkg.coreadi.bom 0.0.0.0 com.apple.pkg.corefp.bom 0.0.0.0 com.apple.pkg.installassistantauto.bom 0.0.0.0 com.apple.pkg.itunesaccess.bom 0.0.0.0 com.apple.pkg.itunesx.bom 0.0.0.0 com.apple.pkg.keynote7.bom 0.0.0.0 com.apple.pkg.keynote8.bom 0.0.0.0 com.apple.pkg.mobileassets.bom 0.0.0.0 com.apple.pkg.mobiledevice.bom 0.0.0.0 com.apple.pkg.mobiledeviceondemand.1200a1040.bom 0.0.0.0 com.apple.pkg.numbers4.bom 0.0.0.0 com.apple.pkg.numbers5.bom 0.0.0.0 com.apple.pkg.pages6.bom 0.0.0.0 com.apple.pkg.pages7.bom 0.0.0.0 com.apple.power.battery.design 0.0.0.0 com.apple.power.link 0.0.0.0 com.apple.power.state.pluggedin.energy 0.0.0.0 com.apple.power.state.unplugged.energy 0.0.0.0 com.apple.preference.datetime.re 0.0.0.0 com.apple.preference.displays.ai 0.0.0.0 com.apple.preference.ink 0.0.0.0 com.apple.preference.network 0.0.0.0 com.apple.preference.printfax.re 0.0.0.0 com.apple.preference.security 0.0.0.0 com.apple.preference.security.re 0.0.0.0 com.apple.preferences.sharing.re 0.0.0.0 com.apple.proactive.actionpredictions.app 0.0.0.0 com.apple.proactive.actionpredictions.total 0.0.0.0 com.apple.proactive.springboard.medusausage.space 0.0.0.0 com.apple.qmaster.do 0.0.0.0 com.apple.safari.sa 0.0.0.0 com.apple.share.facebook.post 0.0.0.0 com.apple.share.linkedin.post 0.0.0.0 com.apple.share.sinaweibo.post 0.0.0.0 com.apple.share.tencentweibo.post 0.0.0.0 com.apple.share.twitter.post 0.0.0.0 com.apple.sharepoint.group 0.0.0.0 com.apple.uikit.feedback.behavioractivationcount.selection.default.com.apple.ca 0.0.0.0 com.apple.uikit.feedback.behavioractivationcount.states.swipeaction.com.apple 0.0.0.0 com.apple.uikit.feedback.behavioractivationduration.button.default.com.apple.ca 0.0.0.0 com.apple.uikit.feedback.behavioractivationduration.edge.zoom.com.apple.mobi 0.0.0.0 com.apple.uikit.feedback.behavioractivationduration.keyboard.default.com.apple 0.0.0.0 com.apple.uikit.feedback.behavioractivationduration.selection.default.com.apple 0.0.0.0 com.apple.uikit.feedback.behaviorplaycount.button.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behaviorplaycount.keyboard.default.com.apple.mobile 0.0.0.0 com.apple.uikit.feedback.behaviorplaycount.selection.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behaviorpreparationcount.button.default.com.apple.ca 0.0.0.0 com.apple.uikit.feedback.behaviorpreparationcount.selection.default.com.apple 0.0.0.0 com.apple.uikit.feedback.behaviorpreparationcount.selection.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineactivationcount.haptic.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineactivationcount.systemsound.com.apple.mobile 0.0.0.0 com.apple.uikit.feedback.engineactivationduration.haptic.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineprewarmcount.haptic.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineprewarmduration.haptic.com.apple.camera 0.0.0.0 com.apple.weather 0.0.0.0 com.apple.webkit.storage 0.0.0.0 com.apple.wifi.events 0.0.0.0 com.encore.hoyle-casino-2012.bom 0.0.0.0 com.google.ios.youtube 0.0.0.0 com.grlgames.fulldecksolitaire.bom 0.0.0.0 com.hp.autosetup.bom 0.0.0.0 com.hp.chorse.bom 0.0.0.0 com.hp.chuckwalla.bom 0.0.0.0 com.hp.cmd2hp.bom 0.0.0.0 com.hp.devicemodel.plugins.transport.network 0.0.0.0 com.hp.dm 0.0.0.0 com.hp.dmf4.bom 0.0.0.0 com.hp.drivercore.bom 0.0.0.0 com.hp.faxk2.bom 0.0.0.0 com.hp.imageenhancement1.bom 0.0.0.0 com.hp.inkjetk3.bom 0.0.0.0 com.hp.kextnew.bom 0.0.0.0 com.hp.pde.bom 0.0.0.0 com.hp.pdf2pdf1.bom 0.0.0.0 com.hp.scan3.bom 0.0.0.0 com.hp.scanbutton.bom 0.0.0.0 com.hp.scanl.bom 0.0.0.0 com.iphonesoft3g.texaspokermac.bom 0.0.0.0 com.jdi.ss.passwordagent.app 0.0.0.0 com.microsoft.onedrive.bom 0.0.0.0 com.microsoft.package.fonts.bom 0.0.0.0 com.microsoft.package.frameworks.bom 0.0.0.0 com.microsoft.package.microsoft 0.0.0.0 com.microsoft.pkg.licensing.bom 0.0.0.0 com.mobileage.shanghaiosx.bom 0.0.0.0 com.popcap.osx.bejeweled3.bom 0.0.0.0 daily.ios.apps.data 0.0.0.0 daily.ios.apps.total 0.0.0.0 daily.ios.books.total 0.0.0.0 daily.ios.logs.total 0.0.0.0 daily.ios.media.total 0.0.0.0 daily.ios.photos.photos 0.0.0.0 daily.ios.photos.total 0.0.0.0 daily.ios.system.total 0.0.0.0 daily.ios.userdata.health 0.0.0.0 daily.ios.userdata.total 0.0.0.0 ecc.com.google.ios.youtube 0.0.0.0 excel.app.bom 0.0.0.0 ft.onedrive.bom 0.0.0.0 ft.package.microsoft 0.0.0.0 ftp.security.re 0.0.0.0 gsa.apple.com 0.0.0.0 guration.count.pro 0.0.0.0 inkb.com.apple 0.0.0.0 inkb.com.apple.health 0.0.0.0 inkb.com.google.ios.youtube 0.0.0.0 internal.com.google.ios.youtube 0.0.0.0 le.signed.apple 0.0.0.0 list.com.google.ios.youtube 0.0.0.0 microsoft.package.fonts.bom 0.0.0.0 mobileage.shanghaiosx.bom 0.0.0.0 nished.tls.events.com.google.ios.youtube 0.0.0.0 nishtask.com.apple.camera 0.0.0.0 nishtask.com.google.ios.youtube 0.0.0.0 nora.16u1287.bom 0.0.0.0 obiledeviceondemand.1200a1040.bom 0.0.0.0 onenote.app.bom 0.0.0.0 org.photoscape.photoscapex.bom 0.0.0.0 outkb.com.apple 0.0.0.0 outkb.com.apple.health 0.0.0.0 outkb.com.google.ios.youtube 0.0.0.0 outlook.app.bom 0.0.0.0 p256.com.google.ios.youtube 0.0.0.0 powerpoint.app.bom 0.0.0.0 ppbackgroundactivereason.activation.com.google.ios.youtube 0.0.0.0 push.apple.com 0.0.0.0 recreatecourierstate-push.apple.com 0.0.0.0 rosoft.package.microsoft 0.0.0.0 support.apple.com 0.0.0.0 swcdn.apple.com 0.0.0.0 swscan.apple.com 0.0.0.0 system.install.apple 0.0.0.0 system.install.software 0.0.0.0 tion.haptic.com.apple.camera 0.0.0.0 tivationcount.selection.default.com.apple.ca 0.0.0.0 word.app.bom 0.0.0.0 written.com.apple 0.0.0.0 written.com.apple.camera 0.0.0.0 written.com.apple.icloud.fm 0.0.0.0 written.com.google.ios.youtube 0.0.0.0 www.apple.com 0.0.0.0 www.linotype.com #------------------------------------------------------- # Mac Exploit Regeneration After Hardwipe # Source: https://otx.alienvault.com/pulse/5fdbbc25e435386d3c4f9adc # Domains 0com.apple 1com.app 3com.app abassistantservice.app account.exchange account.google aclmodify.pl afp.app aosheartbeat.app aospushrelay.app ardagent.app axvisualsupportagent.app c.room cationcenter.app com.app com.apple common.sb ctkbind.app deleteobsoletefiles.pl deleteobsoletefilesfullinstall.pl dfrhud.app e.cloud emlog.pl essage.date g.gg icloudusernotificationsd.app identityservicesd.app idsremoteurlconnectionagent.app ijfaxuty.help imagent.app imautomatichistorydeletionagent.app imtransferagent.app j.chat lockd.pid logd.events loginwindow.app nbagent.app new.date notify.host oalition.run odsagent.app org.net osduihelper.app pipagent.app public.movie quicklookd.app r.io rcd.app reserved.pt rui.ping scim.app screencaptureui.app ssinvitationagent.app ssmenuagent.app stmuihelper.app storeuid.app syncuid.app t.store tcim.app teservicediscovery.events tificationcenterui.menu tion.run tmhelperagent.app tyim.app uasharedpasteboardprogressui.app uikitsystem.app universalaccessauthwarn.app v.vc yspolicy.report # Hosts 0.0.0.0 2com.apple.icloud.searchpartyuseragent.post 0.0.0.0 2com.apple.managedclient.pr 0.0.0.0 2com.apple.private.mobile 0.0.0.0 3com.apple.me 0.0.0.0 3com.apple.mobile.storage 0.0.0.0 3com.apple.payment.pa 0.0.0.0 3com.apple.usernotifications.delegate.com 0.0.0.0 4com.apple.re 0.0.0.0 4com.apple.usernotifications.delegate.com.apple 0.0.0.0 5com.apple.si 0.0.0.0 5com.apple.usagetrackingagent.registration.now 0.0.0.0 6com.apple.icloud.se 0.0.0.0 8com.apple.mobi 0.0.0.0 acom.apple.pro 0.0.0.0 acom.apple.telephonyutilities.callservicesdaemon.co 0.0.0.0 alloy.facetime.video 0.0.0.0 apple.mobile.storage 0.0.0.0 bcom.apple.mobileasset.voicetriggerassetsmac.ma.new 0.0.0.0 com.apple.a2dp.in 0.0.0.0 com.apple.accessories.now 0.0.0.0 com.apple.accounts.do 0.0.0.0 com.apple.ae 0.0.0.0 com.apple.airtunes.dacp.play 0.0.0.0 com.apple.ak.post 0.0.0.0 com.apple.ap.ad 0.0.0.0 com.apple.ap.pr 0.0.0.0 com.apple.app 0.0.0.0 com.apple.aps.ga 0.0.0.0 com.apple.aps.remindd.dataaccess.de 0.0.0.0 com.apple.assistant.analytics 0.0.0.0 com.apple.assistant.app 0.0.0.0 com.apple.assistant.security 0.0.0.0 com.apple.audio 0.0.0.0 com.apple.avatar.support 0.0.0.0 com.apple.bird.analytics 0.0.0.0 com.apple.bird.app 0.0.0.0 com.apple.bonjour.events 0.0.0.0 com.apple.cal 0.0.0.0 com.apple.calendaragent.push.dev 0.0.0.0 com.apple.calendarnotification.cal 0.0.0.0 com.apple.cg 0.0.0.0 com.apple.chineseim.help 0.0.0.0 com.apple.cloudkitshare.post 0.0.0.0 com.apple.co 0.0.0.0 com.apple.configuration.account.exchange 0.0.0.0 com.apple.configuration.app 0.0.0.0 com.apple.contact 0.0.0.0 com.apple.contacts.donation.me-card.properties 0.0.0.0 com.apple.contactsagent.ad 0.0.0.0 com.apple.coreduet.sy 0.0.0.0 com.apple.csrutil.report 0.0.0.0 com.apple.ctcategories.se 0.0.0.0 com.apple.dictationim.feedback 0.0.0.0 com.apple.dt.xctestd.target 0.0.0.0 com.apple.education 0.0.0.0 com.apple.family 0.0.0.0 com.apple.family.family 0.0.0.0 com.apple.familycontrols.author 0.0.0.0 com.apple.foundation 0.0.0.0 com.apple.iconservices.store 0.0.0.0 com.apple.imdpersistence.im 0.0.0.0 com.apple.in 0.0.0.0 com.apple.inputmethod.kotoeri.help 0.0.0.0 com.apple.intlpreferences.analytics 0.0.0.0 com.apple.intlpreferences.events 0.0.0.0 com.apple.io 0.0.0.0 com.apple.it 0.0.0.0 com.apple.itunescloudd.aps.dev 0.0.0.0 com.apple.koreanim.help 0.0.0.0 com.apple.logd.events 0.0.0.0 com.apple.lsd.open 0.0.0.0 com.apple.ma 0.0.0.0 com.apple.madrid 0.0.0.0 com.apple.managedclient.profileplugin.exchange 0.0.0.0 com.apple.maps.mapssync.store 0.0.0.0 com.apple.md 0.0.0.0 com.apple.me 0.0.0.0 com.apple.mediaanalysisd.photos 0.0.0.0 com.apple.menuextra.battery.help 0.0.0.0 com.apple.message.ac-active.coalition.run 0.0.0.0 com.apple.message.ac-active.cstate.core.total 0.0.0.0 com.apple.message.ac-active.cstate.gpu.total 0.0.0.0 com.apple.message.ac-active.cstate.pkg.total 0.0.0.0 com.apple.message.ac-active.dev 0.0.0.0 com.apple.message.ac-active.energy 0.0.0.0 com.apple.message.ac-active.interrupt.total 0.0.0.0 com.apple.message.ac-idle.coalition.run 0.0.0.0 com.apple.message.ac-idle.cstate.core.total 0.0.0.0 com.apple.message.ac-idle.cstate.gpu.total 0.0.0.0 com.apple.message.ac-idle.cstate.pkg.total 0.0.0.0 com.apple.message.ac-idle.energy 0.0.0.0 com.apple.message.ac-idle.interrupt.total 0.0.0.0 com.apple.message.battery-active.coalition.run 0.0.0.0 com.apple.message.battery-active.cstate.core.total 0.0.0.0 com.apple.message.battery-active.cstate.gpu.total 0.0.0.0 com.apple.message.battery-active.cstate.pkg.total 0.0.0.0 com.apple.message.battery-active.delta 0.0.0.0 com.apple.message.battery-active.energy 0.0.0.0 com.apple.message.battery-active.interrupt.total 0.0.0.0 com.apple.message.battery-darkwake.delta 0.0.0.0 com.apple.message.battery-idle.coalition.run 0.0.0.0 com.apple.message.battery-idle.delta 0.0.0.0 com.apple.message.battery-idle.energy 0.0.0.0 com.apple.message.battery-sleep.delta 0.0.0.0 com.apple.message.battery-standby.delta 0.0.0.0 com.apple.ml 0.0.0.0 com.apple.mobile.storage 0.0.0.0 com.apple.mobileaccessoryupdater.defaultclient.rest 0.0.0.0 com.apple.mobileasset.embeddedspeechmac.ma.new 0.0.0.0 com.apple.mobileslideshow.photo 0.0.0.0 com.apple.ne 0.0.0.0 com.apple.network 0.0.0.0 com.apple.networkextension.app 0.0.0.0 com.apple.newsd.analytics 0.0.0.0 com.apple.newsd.today 0.0.0.0 com.apple.nexus 0.0.0.0 com.apple.no 0.0.0.0 com.apple.notificationcenterui.pr 0.0.0.0 com.apple.pars 0.0.0.0 com.apple.passd.cloud 0.0.0.0 com.apple.passkit.in 0.0.0.0 com.apple.photo 0.0.0.0 com.apple.pkg.mobiledevicesu.1220a22.bom 0.0.0.0 com.apple.pr 0.0.0.0 com.apple.preference.security.re 0.0.0.0 com.apple.private.al 0.0.0.0 com.apple.private.alloy.sc 0.0.0.0 com.apple.private.alloy.willow.stream 0.0.0.0 com.apple.private.security.no 0.0.0.0 com.apple.proactive.personalizationportrait.contact 0.0.0.0 com.apple.rapport.ma 0.0.0.0 com.apple.rcd.media.key.events 0.0.0.0 com.apple.remoteservicediscovery.events 0.0.0.0 com.apple.replaykit.br 0.0.0.0 com.apple.sa 0.0.0.0 com.apple.security 0.0.0.0 com.apple.security.syspolicy.kext.mt 0.0.0.0 com.apple.services 0.0.0.0 com.apple.siri.cl 0.0.0.0 com.apple.spacestouchbaragent.app 0.0.0.0 com.apple.st 0.0.0.0 com.apple.store 0.0.0.0 com.apple.su 0.0.0.0 com.apple.suggestd.events 0.0.0.0 com.apple.system.config.network 0.0.0.0 com.apple.system.open 0.0.0.0 com.apple.systemstats.daily.io 0.0.0.0 com.apple.tccd.events 0.0.0.0 com.apple.triald.new 0.0.0.0 com.apple.triald.post 0.0.0.0 com.apple.usagetrackingagent.registration.video 0.0.0.0 com.apple.usernoted.events 0.0.0.0 com.apple.usernoted.social 0.0.0.0 com.apple.videoconference.camera 0.0.0.0 com.apple.voicememod.datastore.cloud 0.0.0.0 com.apple.weather 0.0.0.0 destinationitem.userinfo.sr 0.0.0.0 device-local-a6237abc-ce67-48a0-96cc-34ae803a5023.remotewd.com 0.0.0.0 e.message.ac-active.coalition.run 0.0.0.0 e.message.date 0.0.0.0 ecom.apple.usernotifications.delegate.com.apple.st 0.0.0.0 ge.ac-active.energy 0.0.0.0 icom.apple.managedclient.ag 0.0.0.0 ionitem.userinfo.sr 0.0.0.0 le.message.battery-active.energy 0.0.0.0 le.message.camp 0.0.0.0 m.apple.message.date 0.0.0.0 message.ac-active.energy 0.0.0.0 nagedclient.pds.exchange 0.0.0.0 nfiguration.account.google 0.0.0.0 om.apple.message.exchange 0.0.0.0 pple.aospushrelay.push.dev 0.0.0.0 pple.message.ac-active.dev 0.0.0.0 sourceitem.userinfo.sr 0.0.0.0 system.install.apple 0.0.0.0 system.install.software 0.0.0.0 ve.coalition.run #------------------------------------------------------- # Mac OS Network Exploit # Source: https://otx.alienvault.com/pulse/5fda4ebbdfe39a5332ae8040 # Domains locationd.events # Hosts 0.0.0.0 com.apple.cloud 0.0.0.0 com.apple.duet.expertcenter.activity.training 0.0.0.0 valid.apple.com #------------------------------------------------------- # Apple iPad 8th Generation No Touch Exploit # Source: https://otx.alienvault.com/pulse/5fda451af9348ec7ab11792c # Hosts 0.0.0.0 com.google.gmail #------------------------------------------------------- # Mac Exploit that causes high pitched inaudible sounds # Source: https://otx.alienvault.com/pulse/5fda33bd4ca88a8ba612798b # Hosts 0.0.0.0 com.apple.mobileasset.rawcamera.camera 0.0.0.0 www.w3.org #------------------------------------------------------- # Iphone 11 Pro - No Touch Exploit ON BOOT OUT OF THE BOX # Source: https://otx.alienvault.com/pulse/5fda202d4dead89834754e01 # Domains a6741b0690cf20ecf4600b2249df9accf6e00690.zip akadns.net com.apple locationd.events # Hosts 0.0.0.0 3acom.apple.mobile 0.0.0.0 a1799.phobos-apple.com.akadns.net 0.0.0.0 ci61p01if-ztdg03102201.ci.if.apple.com 0.0.0.0 ci61p01if-ztdg04142201.ci.if.apple.com 0.0.0.0 ci61p01if-ztdg05122301.ci.if.apple.com 0.0.0.0 ci61p01if-ztdg09092101.ci.if.apple.com 0.0.0.0 ci61p01if-ztdg10142301.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg01012201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg01022101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg02042201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg02082201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg02122101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg02122201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg03062101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg03062201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg03092201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg03112201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg04012201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg04122101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg04132101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg13022101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg13072101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg13092101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg13132101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg14022101.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg14042201.ci.if.apple.com 0.0.0.0 ci62p01if-ztdg14092101.ci.if.apple.com 0.0.0.0 com.apple.camera 0.0.0.0 com.apple.madrid 0.0.0.0 com.apple.photos.cloud 0.0.0.0 easia.skype-edf.akadns.net 0.0.0.0 edge-015.usmsc2.icloud-content.com 0.0.0.0 gsa.apple.com 0.0.0.0 guzzoni.apple.com 0.0.0.0 iphone-services.ls-apple.com.akadns.net 0.0.0.0 mediaexchange.accenture.kaltura.perf.akadns.net 0.0.0.0 mesu.apple.com 0.0.0.0 mr90p00ic-zteu08150401.me.com 0.0.0.0 ms11p08sa.guzzoni-apple.com.akadns.net 0.0.0.0 p34-content.icloud.com 0.0.0.0 policy.video.iqiyiweb.akadns.net 0.0.0.0 qs33p01if-ztdg04022201.qs.if.apple.com 0.0.0.0 static.g.iqiyiweb.akadns.net 0.0.0.0 trackingshipment.isg-apple.com.akadns.net 0.0.0.0 wildcard.mediaspace.kaltura.perf.akadns.net 0.0.0.0 www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net #------------------------------------------------------- # iPhone Exploit IOS 14.2 # Source: https://otx.alienvault.com/pulse/5fda1c95af9816f4c4ae7044 # Hosts 0.0.0.0 ms11p08sa.guzzoni-apple.com.akadns.net #------------------------------------------------------- # Mac OS Breach # Source: https://otx.alienvault.com/pulse/5fd98be62324f48a7ad3fc3d # Domains 1maartemplateinstructions.zip 1mbaseline.zip aartemplateinstructions.zip baseline.zip google.drive mobile.security # Hosts 0.0.0.0 8ye23nzs57.com.kayak.travel 0.0.0.0 appbackgroundactivereason.networkauthentication.com.sophos.mobile.security 0.0.0.0 appbackgroundactivetime.com.sophos.mobile.security 0.0.0.0 com.cloze.app 0.0.0.0 com.google.drive 0.0.0.0 com.kayak.travel 0.0.0.0 com.sophos.mobile.security 0.0.0.0 com.sygic.world 0.0.0.0 com.ziprecruiter.jobs 0.0.0.0 datausage.wifiinkb.com.sophos.mobile.security 0.0.0.0 datausage.wifioutkb.com.sophos.mobile.security 0.0.0.0 group.is.workflow.my.app 0.0.0.0 icloud.com.cloze.app 0.0.0.0 icloud.com.kayak.travel 0.0.0.0 icloud.com.sophos.mobile.security 0.0.0.0 icloud.com.ziprecruiter.jobs 0.0.0.0 is.workflow.my.app 0.0.0.0 lhxy425m9z.com.sygic.world 0.0.0.0 sophos.mobile.security 0.0.0.0 wifiinkb.com.sophos.mobile.security #------------------------------------------------------- # Mac Book Exploit # Source: https://otx.alienvault.com/pulse/5fd98b4ec8ddeda2973e19fc # Domains aclmodify.pl deleteobsoletefiles.pl deleteobsoletefilesfullinstall.pl # Hosts 0.0.0.0 com.apple.pkg.mobiledevicesu.1220a22.bom 0.0.0.0 system.install.software #------------------------------------------------------- # Apple IOS Exploit # Source: https://otx.alienvault.com/pulse/5fd98a45aa2a4515880ae29f # Domains tile.app # Hosts 0.0.0.0 com.google.ios.youtube 0.0.0.0 com.avast.ios.security 0.0.0.0 com.apple.ve #------------------------------------------------------- # iPhone 11 Pro Hack # Source: https://otx.alienvault.com/pulse/5fd988d3d2416edf7f3e6f13 # Domains 24hr.energy asleep.energy awake.energy charging.energy off.energy on.energy unplugged.energy # Hosts 0.0.0.0 appactivationcount.com.google.gmail 0.0.0.0 appactivationcount.com.google.ios.youtube 0.0.0.0 appactivationcount.ru.yandex.mobile.search 0.0.0.0 appactivetime.com.apple.camera 0.0.0.0 appactivetime.com.google.gmail 0.0.0.0 appactivetime.com.google.ios.youtube 0.0.0.0 appactivetime.ru.yandex.mobile.search 0.0.0.0 appbackgroundactivereason.activation.com.apple.camera 0.0.0.0 appbackgroundactivereason.activation.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.activation.ru.yandex.mobile.search 0.0.0.0 appbackgroundactivereason.audio.com.apple.camera 0.0.0.0 appbackgroundactivereason.audio.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.backgroundcontentfetching.com.apple.news 0.0.0.0 appbackgroundactivereason.backgroundcontentfetching.com.google.gmail 0.0.0.0 appbackgroundactivereason.backgroundcontentfetching.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.finishtask.com.apple.camera 0.0.0.0 appbackgroundactivereason.finishtask.com.google.gmail 0.0.0.0 appbackgroundactivereason.finishtask.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.finishtask.ru.yandex.mobile.search 0.0.0.0 appbackgroundactivereason.suspend.com.apple.camera 0.0.0.0 appbackgroundactivereason.suspend.com.google.gmail 0.0.0.0 appbackgroundactivereason.suspend.com.google.ios.youtube 0.0.0.0 appbackgroundactivereason.suspend.ru.yandex.mobile.search 0.0.0.0 appbackgroundactivetime.com.apple.camera 0.0.0.0 appbackgroundactivetime.com.apple.news 0.0.0.0 appbackgroundactivetime.com.google.gmail 0.0.0.0 appbackgroundactivetime.com.google.ios.youtube 0.0.0.0 appbackgroundactivetime.ru.yandex.mobile.search 0.0.0.0 applaunchcount.com.google.gmail 0.0.0.0 applaunchcount.ru.yandex.mobile.search 0.0.0.0 applaunchtime.com.google.gmail 0.0.0.0 applaunchtime.ru.yandex.mobile.search 0.0.0.0 appresumetime.com.apple.camera 0.0.0.0 appresumetime.com.google.ios.youtube 0.0.0.0 appresumetime.ru.yandex.mobile.search 0.0.0.0 com.apple.assetsd.cpl.last30days.medianaddeddate.camera 0.0.0.0 com.apple.camera 0.0.0.0 com.apple.cltm.lservo.e.delta.is 0.0.0.0 com.apple.cltm.lservo.g.delta.is 0.0.0.0 com.apple.cltm.lservo.p.delta.is 0.0.0.0 com.apple.coremedia.camera.aps.insession.delta 0.0.0.0 com.apple.das.runtimemins.intensive.ma 0.0.0.0 com.apple.das.runtimemins.intensive.pa 0.0.0.0 com.apple.ioreport.channel 0.0.0.0 com.apple.ltecoex.bt 0.0.0.0 com.apple.managedconfiguration.count.profile.signed.apple 0.0.0.0 com.apple.metal.client.coreimage-internal.com.google.gmail 0.0.0.0 com.apple.metal.client.coreimage-internal.ru.yandex.mobile.search 0.0.0.0 com.apple.metal.client.quartzcore-ca.com.google.gmail 0.0.0.0 com.apple.mobile.keybagd.seshat.preflight.fail 0.0.0.0 com.apple.mobileslideshow.camera.shutter.software 0.0.0.0 com.apple.mobileslideshow.importedby.camera 0.0.0.0 com.apple.mobileslideshows.memories.graph.publiceventscount.dance 0.0.0.0 com.apple.mobileslideshows.memories.graph.publiceventscount.theater 0.0.0.0 com.apple.osanalytics.submissions.total 0.0.0.0 com.apple.photoanalysisd.faceprocessing.no 0.0.0.0 com.apple.power.battery.design 0.0.0.0 com.apple.power.link 0.0.0.0 com.apple.power.state.pluggedin.energy 0.0.0.0 com.apple.power.state.unplugged.energy 0.0.0.0 com.apple.proactive.actionpredictions.app 0.0.0.0 com.apple.proactive.actionpredictions.total 0.0.0.0 com.apple.safari.safebrowsing.se 0.0.0.0 com.apple.searchd.datasize.com.google.ios.youtube 0.0.0.0 com.apple.searchd.indexingcount.com.google.ios.youtube 0.0.0.0 com.apple.searchd.indexingtime.com.google.ios.youtube 0.0.0.0 com.apple.uikit.feedback.behavioractivationcount.button.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behavioractivationcount.selection.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behavioractivationduration.button.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behavioractivationduration.selection.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behaviorplaycount.button.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behaviorpreparationcount.button.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.behaviorpreparationcount.selection.default.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineactivationcount.haptic.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineactivationduration.haptic.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineprewarmcount.haptic.com.apple.camera 0.0.0.0 com.apple.uikit.feedback.engineprewarmduration.haptic.com.apple.camera 0.0.0.0 com.google.gmail 0.0.0.0 com.google.ios.youtube 0.0.0.0 datausage.wwaninkb.com.apple.news 0.0.0.0 datausage.wwaninkb.com.google.gmail 0.0.0.0 datausage.wwaninkb.com.google.ios.youtube 0.0.0.0 datausage.wwaninkb.org.edx.mobile 0.0.0.0 datausage.wwanoutkb.com.apple.news 0.0.0.0 datausage.wwanoutkb.com.google.gmail 0.0.0.0 datausage.wwanoutkb.com.google.ios.youtube 0.0.0.0 datausage.wwanoutkb.org.edx.mobile 0.0.0.0 ru.yandex.mobile.search 0.0.0.0 www.apple.com #------------------------------------------------------- # MacBook Pro BlueTooth Exploit # Source: https://otx.alienvault.com/pulse/5fd98858ba66ec0cb0a97ba7 # Domains cationcenter.app common.sb loginwindow.app tv.app # Hosts 0.0.0.0 com.apple.preference.security.re #------------------------------------------------------- # Big Sir Malware # Source: https://otx.alienvault.com/pulse/5fd91d2a9ee5c885021a2e3e # Domains certstable.data data.data functions1.data functions2.data functions3.data functions4.data functions5.data functions6.data functions7.data functions8.data functions9.data functions12.data functions25.data functions30.data functions.data greatlakesgelatin.com journals.health journals.live lexicon.map libraries1.data libraries2.data libraries3.data libraries4.data libraries5.data libraries6.data libraries7.data libraries8.data libraries9.data libraries12.data libraries25.data libraries30.data libraries.data routined.events thumbnails.data tokrulele.data # Hosts 0.0.0.0 549.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net 0.0.0.0 a23-13-221-92.deploy.static.akamaitechnologies.com 0.0.0.0 dbstr-1.map.data 0.0.0.0 dbstr-2.map.data 0.0.0.0 dbstr-3.map.data 0.0.0.0 dbstr-4.map.data 0.0.0.0 dbstr-5.map.data 0.0.0.0 session.370.a154320c-600f-49fb-b084-a21de1b63785.open #------------------------------------------------------- # MAC BOOK COMPROMISE # Source: https://otx.alienvault.com/pulse/5fd8f5006e93c376aab680e8 # Domains common.sb #------------------------------------------------------- # APPLE IOT ATTACK # Source: https://otx.alienvault.com/pulse/5fd8f4381f57a543f4a7fcf0 # Domains common.sb mrt.app tile.app tmhelperagent.app tv.app common.sb mrt.app tile.app tmhelperagent.app tv.app # Hosts 0.0.0.0 com.apple.mobile 0.0.0.0 com.apple.routined.persistence.mirroring.post 0.0.0.0 com.apple.wifi.events #------------------------------------------------------- # APPLE BLUE TOOTH EXPLOIT # Source: https://otx.alienvault.com/pulse/5fd8f2b1162ec862071a2e3e # Domains com.app com.apple common.sb ificationdid.show l.show notificationdid.show notificationwill.show otificationdid.show pple.camera tificationdid.show tv.app # Hosts 0.0.0.0 com.apple.app 0.0.0.0 com.apple.ca 0.0.0.0 com.apple.cam 0.0.0.0 com.apple.camera 0.0.0.0 com.apple.coreidv.tel 0.0.0.0 com.apple.foundation 0.0.0.0 com.apple.health 0.0.0.0 com.apple.mo 0.0.0.0 com.apple.mobi 0.0.0.0 com.apple.new 0.0.0.0 com.apple.news 0.0.0.0 com.apple.sc 0.0.0.0 com.apple.siri.parsec.news 0.0.0.0 com.apple.tips 0.0.0.0 com.google.ios.you 0.0.0.0 com.google.ios.youtube 0.0.0.0 google.ios.youtube #------------------------------------------------------- # Mac OS ATTACK # Source: https://otx.alienvault.com/pulse/5fd8efbeaa0acef61f1a2e3e # Domains 50onpaletteserver.app abassistantservice.app afp.app aosalertmanager.app aosheartbeat.app aospushrelay.app ardagent.app axvisualsupportagent.app cimfindinputcodetool.app commandfilter.app common.sb ctkbind.app dfrhud.app eaptlstrust.app epfaxautosetuptool.app epsonfax.app icloud.app icloudusernotificationsd.app identityservicesd.app idsremoteurlconnectionagent.app ijscanner2.app ijscanner4.app ijscanner6.app imagent.app imautomatichistorydeletionagent.app imtransferagent.app loginwindow.app mrt.app nbagent.app obexagent.app odsagent.app osduihelper.app padim.app pipagent.app ptpcamera.app qlmanage.app quicklookd.app rastertoepfax.app rcd.app scim.app screencaptureui.app ssmenuagent.app stmuihelper.app storeuid.app syncuid.app tcim.app tv.app tyim.app uasharedpasteboardprogressui.app uikitsystem.app universalaccessauthwarn.app #------------------------------------------------------- # AGENT USED TO OVERHEAT HARDWARE # Source: https://otx.alienvault.com/pulse/5fd8eada98b9c69f3daf567f # Domains 24hr.energy asleep.energy awake.energy charging.energy common.sb mrt.app off.energy on.energy pluggedin.energy tv.app unplugged.energy # Hosts 0.0.0.0 com.apple.ioreport.channel 0.0.0.0 com.apple.mobile 0.0.0.0 com.apple.power.battery.design 0.0.0.0 com.apple.power.state.pluggedin.energy 0.0.0.0 com.apple.power.state.unplugged.energy 0.0.0.0 com.apple.routined.persistence.mirroring.post 0.0.0.0 com.apple.wifi.events 0.0.0.0 swcdn.apple.com #------------------------------------------------------- # Malicious Apple Domain names, by RiskReact.eu # Source: https://otx.alienvault.com/pulse/5f0592d8262b13b753e2c13f # Domains 1oginver1f-app1eldsecures.com 12apple.com 13apple.com aapple-billing-verification.com allapplestore.com appl-securein.com apple36.com apple4006.com apple-age43.com apple-billing-verificationable.com apple-billing-verificationaholic.com apple-billing-verificational.com apple-billing-verificationance.com apple-billing-verificationant.com apple-billing-verificationent.com apple-billing-verificationery.com apple-billing-verificationient.com apple-billing-verificationify.com apple-billing-verificationily.com apple-billing-verificationious.com apple-billing-verificationish.com apple-billing-verificationism.com apple-billing-verificationist.com apple-billing-verificationize.com apple-billing-verificationly.com apple-billing-verificationoid.com apple-billing-verificationy.com apple-chatsupport.com apple-customercare.com apple-eshop.info apple-find.net apple-gifts.com apple-id-validation.online apple-iverify.com apple-jp.xyz apple-oficial.com apple-services-unlocked.com apple-severs.com apple-sms.com apple-store-receipts.com apple-store-verification-jp.com apple-support-add-cardq.com apple-support-add-cardr.com apple-turkiye.com apple-verification.com apple-verifyid.com apple-xuzhou.com appled-sign.info applefmi-support.com appleid-apple.com appleid-appleid.com appleid-icloudfmi.com appleid-jp.com appleinc-verify.com applelication.com applemanaging.com applenail.icu applenewsfeed.com appleoficialmx.com appleoiskd76.world applepremium.com apples.support applesupport-login.info appletechsupport.info appleuid.com bestapple-billing-verification.com billingapplepay.com conf1rm-app1eldsecures.com home-appleld.com iapple-billing-verification.com id-apple.cloud invoice-from-apple.com login-apple-icloud.com meapple-billing-verification.com myapple-billing-verification.com officialapplesite.com premiumappleid.com premiumappleids.com secure-appleid.info secureapp1eld-conf1rm.com secureapp1eld-ver1fy.com ss-apple.com update-apple.com user-appleid.com ver1fy-app1eldupdate.com ver1fyapp1eldupdate.com verlfy-app1eidsecures.com wwwappelsupport.com # Hosts 0.0.0.0 account.billingapplepay.com 0.0.0.0 apple.home-appleld.com 0.0.0.0 apple.support.account.billingapplepay.com 0.0.0.0 appleid.apple.support.account.billingapplepay.com 0.0.0.0 awsmimage.com.premiumappleids.com 0.0.0.0 cpcalendars.appleinc-verify.com 0.0.0.0 cpcalendars.home-appleld.com 0.0.0.0 cpcontacts.appleinc-verify.com 0.0.0.0 cpcontacts.home-appleld.com 0.0.0.0 en.appleid-apple.com 0.0.0.0 letsboost.net.premiumappleids.com 0.0.0.0 mail.apple-turkiye.com 0.0.0.0 pixelpaste.net.premiumappleids.com 0.0.0.0 support.account.billingapplepay.com 0.0.0.0 ww1.appleid-apple.com 0.0.0.0 ww.conf1rm-app1eldsecures.com 0.0.0.0 ww.secureapp1eld-conf1rm.com 0.0.0.0 ww.secureapp1eld-ver1fy.com 0.0.0.0 ww.ver1fy-app1eldupdate.com 0.0.0.0 ww.ver1fyapp1eldupdate.com 0.0.0.0 ww.verlfy-app1eidsecures.com 0.0.0.0 www.apple-find.net 0.0.0.0 www.apple-gifts.com 0.0.0.0 www.apple-iverify.com 0.0.0.0 www.apple-support-add-cardq.com 0.0.0.0 www.apple-turkiye.com 0.0.0.0 www.apple-verifyid.com 0.0.0.0 www.apple.home-appleld.com 0.0.0.0 www.appleinc-verify.com 0.0.0.0 www.apples.support 0.0.0.0 www.applesupport-login.info 0.0.0.0 www.appletechsupport.info 0.0.0.0 www.awsmimage.com.premiumappleids.com 0.0.0.0 www.home-appleld.com 0.0.0.0 www.id-apple.cloud 0.0.0.0 www.invoice-from-apple.com 0.0.0.0 www.letsboost.net.premiumappleids.com 0.0.0.0 www.pixelpaste.net.premiumappleids.com 0.0.0.0 www.secure-appleid.info 0.0.0.0 www.update-apple.com 0.0.0.0 www.user-appleid.com