[flotillo]

Why is it suspicious? I don't see your reasoning here. Having a diverse range of DNS names requested doesn't seem to me to be an indicator of suspiciousness.

On earlier releases of iOS that had a public jailbreak released, I spent quite some time using HttPeek (https://github.com/Yonsm/HttPeek) to examine what various OS processes were sending, and found nothing untoward.

I'd be surprised if this had changed for the worse in more recent iOS releases.