URGENT ABUSE REPORT: Malicious NextDNS Configuration (ID: eab6bf) Used for Apple iCloud Theft & Scams

Dear NextDNS Trust & Safety Team,

I am writing to urgently report a malicious NextDNS configuration that is being widely distributed in Vietnam to facilitate iPhone theft, predatory lending scams, and bypassing Apple's Activation Lock / Find My device security.

Malicious Configuration Details:

• Configuration ID: eab6bf
• Endpoint URL used in profiles: https://apple.dns.nextdns.io/eab6bf/fullsevice-sangtao
• Profile Creator/Organization: "BlockFMI ☎️0937225866" (as seen in the payload)

How the abuse works: The scammers are instructing victims/users to install an iOS Configuration Profile (.mobileconfig) that forces all system-wide Wi-Fi and Cellular DNS traffic through your DoH endpoint (eab6bf).

They have specifically configured this NextDNS ID to block Apple's core security domains, notably:

• fmipmobile.icloud.com
• setup.icloud.com
• albert.apple.com

By blacklisting these Apple domains via your service, the scammers successfully sever the device's connection to the Apple Find My network. This hides stolen or collateralized devices from their rightful owners, effectively neutralizing Apple's anti-theft mechanisms.

Evidence: I have attached the exact .mobileconfig payload currently being distributed by these bad actors to hijack the device's DNS.

This is a clear violation of Acceptable Use Policies, as your infrastructure is being weaponized to bypass hardware security and facilitate fraud.

Requested Action: Please investigate and permanently suspend/delete configuration ID eab6bf immediately. Once disabled, the hijacked devices will fall back to standard DNS, restoring Apple's security functions and disrupting this massive scam ring.

Thank you for your prompt action.

Best regards,