Odd Kerberos Hosts After HD Wipe, and fresh OS re-install
After reformatting my hard disk and rebuilding/re-installing the latest macOS operating system, I found the following IP addresses after running Kerberos.internal.com:
kerberos.internal.com has address 18.104.22.168
kerberos.internal.com has address 22.214.171.124
kerberos.internal.com has address 126.96.36.199
kerberos.internal.com has address 188.8.131.52
kerberos.internal.com has address 184.108.40.206
kerberos.internal.com has address 220.127.116.11
These IPs belong to a web hosting company called Linode LLC out of New Jersey. These IP addresses are also listed in the Abuse IDB website with reports of XSS attacks and more. I just want a sanity check - after wiping my hard disk and re-installing my OS and immediately running this command that this is highly indicative of the presence of sophisticated malware right?
I want to add that this is a personal machine, not used for work, or associated with any dc.
internal.comis a domain name registered on the public Internet (to whom, we don't know, because the WHOIS is private). It is not, as you might have suspected, internal to your network or company, unless your company just so happens to have registered that domain name. It may be that your organization is using its own DNS server to serve internal domains as
internal.com, but that's not a good idea and they should stop using other people's domains for that purpose.
It appears that the owners of this domain have specified a wildcard record in their DNS, so all hostnames under
internal.comresolve to the same IP addresses, whether that's
As a result, this is not the Kerberos server you were intending to use; it's just some unrelated domain, and its configuration is not indicative of anything nefarious. I haven't tested, but I suspect it won't even respond to Kerberos packets at all.