iPhone hijacked by using swcd user agent ?

I have an iPhone 8 (IOS 13.6 upgraded from 13.5.1) .

I have suspected that my iPhone has unusual behavior of battery drain, much mobile data communication traffic since this spring. the behavior happen since perhaps IOS 13.4.x.

I have installed and enabled a proxy application that records HTTP traffic including IP address, user agent name and so on. it catches them in the middle of traffic. Usually it records regular apple site accesses like 'init.push.apple.com','bag.itunes.apple.com', etc. etc. i believe these access generated via apple background process. it must be normal.

Also, it records each application web access when I starts applications like microsoft outlook, slack, etc.

these must be normal too.

However, sometime, when I haven't spent time on the iPhone, it records various web site access in several seconds or several minutes even all applications stopped.

on all access user agent is 'swcd (unknown version) CFNetwork/1128.0.1 Darwin/19.6.0'

I am not sure whether swcd means 'Shared Web Credentials Daemon'.

Why does 'swcd' probably as universal-link agent work without any foreground application ?

The site lists which swcd user agent accesses to as attachment

but not all site included. site name and remote address may be incorrect reason by hand writing.

but this may be no relation. analytics data created in privacy of setting application when it happened.

log sessions $DATE.session of bug type 179. Also regularly creates Jetsam event data everyday.

* Of course , my iPhone is genuine iPhone. it's never jail broken. *

The phone had restored from downloaded apple genuine firmware on Mac before. but it reinstalled all applications from its iPhone backup. because I wanted restore the google authenticator application.

anyone knows how to stop these behavior or explain these behavior ?

how can you remove susceptible application from iPhone if it was unusual ?

Or, how can you report this behavior to suitable support ?

Thanks in advance