Have I been hacked? Netstat
Hello,
I was attacked via a phishing email and had passwords stolen to several of my websites. I ran netstat to see what was happening with incoming and outgoing connections. Does any of this look suspicious?
dhcp-164-107-230-209:~ michaelvieth$ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 dhcp-164-107-230.50847 a23-60-83-69.dep.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50837 cache.google.com.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50836 ord08s12-in-f10..https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50834 199.16.156.52.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50832 ord08s12-in-f10..https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50830 ord30s21-in-f13..https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50829 ie-in-f154.1e100.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50820 cache.google.com.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50808 ord30s21-in-f2.1.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50806 ord31s22-in-f4.1.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.50804 cache.google.com.https ESTABLISHED
tcp4 0 0 dhcp-164-107-230.49164 17.110.225.201.5223 ESTABLISHED
udp4 0 0 *.* *.*
udp4 0 0 *.62054 *.*
udp4 0 0 dhcp-164-107-230.ntp *.*
udp4 0 0 dhcp-164-107-230.ipsec *.*
udp4 0 0 dhcp-164-107-230.isakm *.*
udp6 0 0 fdbd:9aab:3772:c.ipsec *.*
udp6 0 0 fdbd:9aab:3772:c.isakm *.*
udp6 0 0 fdbd:9aab:3772:c.ntp *.*
udp6 0 0 fe80::511a:c93e:.ntp *.*
udp6 0 0 localhost.ipsec-ms *.*
udp6 0 0 localhost.isakmp *.*
udp4 0 0 localhost.ipsec-msft *.*
udp4 0 0 localhost.isakmp *.*
udp6 0 0 fe80::1%lo0.ipsec-ms *.*
udp6 0 0 fe80::1%lo0.isakmp *.*
udp6 0 0 fe80::5626:96ff:.ipsec *.*
udp6 0 0 fe80::5626:96ff:.isakm *.*
udp6 0 0 fe80::6cd6:dbff:.ipsec *.*
udp6 0 0 fe80::6cd6:dbff:.isakm *.*
udp6 0 0 fe80::511a:c93e:.ipsec *.*
udp6 0 0 fe80::511a:c93e:.isakm *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp6 0 0 fe80::5626:96ff:.ntp *.*
udp4 0 0 *.* *.*
udp6 0 0 fe80::6cd6:dbff:.ntp *.*
udp6 0 0 fe80::1%lo0.ntp *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 all-systems.mcas.5350 *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.* *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp46 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp46 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
udp4 0 0 *.netbios-ns *.*
udp4 0 0 *.netbios-dgm *.*
Active Multipath Internet connections
Proto/ID Flags Local Address Foreign Address (state)
icm6 0 0 *.* *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
f3af90fc06115d25 stream 0 0 0 f3af90fc0611548d 0 0 /var/run/mDNSResponder
f3af90fc0611548d stream 0 0 0 f3af90fc06115d25 0 0
f3af90fc061157ad stream 0 0 0 f3af90fc04cc3acd 0 0 /var/run/mDNSResponder
f3af90fc04cc3acd stream 0 0 0 f3af90fc061157ad 0 0
f3af90fc06115acd stream 0 0 0 f3af90fc060febfd 0 0 /var/run/mDNSResponder
f3af90fc060febfd stream 0 0 0 f3af90fc06115acd 0 0
f3af90fc04cc3ded stream 0 0 0 f3af90fc0613fcc5 0 0 /var/run/mDNSResponder
f3af90fc0613fcc5 stream 0 0 0 f3af90fc04cc3ded 0 0
f3af90fc04cc4fe5 stream 0 0 0 f3af90fc04cc4e55 0 0 /var/run/mDNSResponder
f3af90fc04cc4e55 stream 0 0 0 f3af90fc04cc4fe5 0 0
f3af90fc01392c5d stream 0 0 0 f3af90fc060e867d 0 0 /var/run/mDNSResponder
f3af90fc060e867d stream 0 0 0 f3af90fc01392c5d 0 0
f3af90fc0613f365 stream 0 0 0 f3af90fc060e8d85 0 0 /var/run/mDNSResponder
f3af90fc060e8d85 stream 0 0 0 f3af90fc0613f365 0 0
f3af90fc04cc2bf5 stream 0 0 0 f3af90fc04cc30a5 0 0 /var/run/mDNSResponder
f3af90fc04cc30a5 stream 0 0 0 f3af90fc04cc2bf5 0 0
f3af90fc060feb35 stream 0 0 0 f3af90fc06115555 0 0 /var/run/mDNSResponder
f3af90fc06115555 stream 0 0 0 f3af90fc060feb35 0 0
f3af90fc04cc474d stream 0 0 0 f3af90fc04cc2105 0 0 /var/run/mDNSResponder
f3af90fc04cc2105 stream 0 0 0 f3af90fc04cc474d 0 0
f3af90fc0613ffe5 stream 0 0 f3af90fc0719b3d5 0 0 0 /Users/michaelvieth/Library/Group Containers/gdrive/tmpGCO86B
f3af90fc06114fdd stream 0 0 0 f3af90fc06115235 0 0 /var/run/usbmuxd
f3af90fc06115235 stream 0 0 0 f3af90fc06114fdd 0 0
f3af90fc04cc3f7d stream 0 0 0 f3af90fc04cc4045 0 0 /var/run/mDNSResponder
f3af90fc04cc4045 stream 0 0 0 f3af90fc04cc3f7d 0 0
f3af90fc04cc41d5 stream 0 0 0 f3af90fc04cc410d 0 0 /var/run/mDNSResponder
f3af90fc04cc410d stream 0 0 0 f3af90fc04cc41d5 0 0
f3af90fc04cc429d stream 0 0 0 f3af90fc01392d25 0 0 /var/run/mDNSResponder
f3af90fc01392d25 stream 0 0 0 f3af90fc04cc429d 0 0
f3af90fc04cc4bfd stream 0 0 f3af90fc04d2f885 0 0 0 /var/folders/1f/w1ck_fqx65d2dhg78tsx6y6r0000gn/T/icssuis501
f3af90fc01391105 stream 0 0 0 f3af90fc013911cd 0 0
f3af90fc013911cd stream 0 0 0 f3af90fc01391105 0 0
f3af90fc013920a5 stream 0 0 0 f3af90fc01391fdd 0 0 /var/run/mDNSResponder
f3af90fc01391fdd stream 0 0 0 f3af90fc013920a5 0 0
f3af90fc01391bf5 stream 0 0 0 f3af90fc01391d85 0 0 /var/run/mDNSResponder
f3af90fc01391d85 stream 0 0 0 f3af90fc01391bf5 0 0
f3af90fc01391b2d stream 0 0 0 f3af90fc01391cbd 0 0 /var/run/mDNSResponder
f3af90fc01391cbd stream 0 0 0 f3af90fc01391b2d 0 0
f3af90fc0139199d stream 0 0 0 f3af90fc01391a65 0 0 /var/run/mDNSResponder
f3af90fc01391a65 stream 0 0 0 f3af90fc0139199d 0 0
f3af90fc0139180d stream 0 0 0 f3af90fc01391745 0 0 /var/run/mDNSResponder
f3af90fc01391745 stream 0 0 0 f3af90fc0139180d 0 0
f3af90fc0139135d stream 0 0 f3af90fc03bbd6a5 0 0 0 /private/tmp/com.apple.launchd.ObqKYE2jcu/Listeners
f3af90fc01391295 stream 0 0 f3af90fc03bbd885 0 0 0 /private/tmp/com.apple.launchd.Cg8VYT50uA/Render
f3af90fc01391425 stream 0 0 f3af90fc03bbda65 0 0 0 /var/tmp/filesystemui.socket
f3af90fc0139216d stream 0 0 0 f3af90fc01392235 0 0 /var/run/mDNSResponder
f3af90fc01392235 stream 0 0 0 f3af90fc0139216d 0 0
f3af90fc0139248d stream 0 0 0 f3af90fc01392555 0 0 /var/run/mDNSResponder
f3af90fc01392555 stream 0 0 0 f3af90fc0139248d 0 0
f3af90fc013931d5 stream 0 0 f3af90fc02216885 0 0 0 /var/run/pppconfd
f3af90fc0139342d stream 0 0 f3af90fc0168de25 0 0 0 /private/var/run/cupsd
f3af90fc013934f5 stream 0 0 f3af90fc0162e4c5 0 0 0 /var/run/usbmuxd
f3af90fc013935bd stream 0 0 f3af90fc016123d5 0 0 0 /var/run/systemkeychaincheck.socket
f3af90fc01393685 stream 0 0 f3af90fc015eb1f5 0 0 0 /var/run/portmap.socket
f3af90fc0139374d stream 0 0 f3af90fc015eb795 0 0 0 /var/run/vpncontrol.sock
f3af90fc01393815 stream 0 0 f3af90fc015ae975 0 0 0 /var/rpc/ncacn_np/wkssvc
f3af90fc013938dd stream 0 0 f3af90fc015aec45 0 0 0 /var/rpc/ncalrpc/wkssvc
f3af90fc013939a5 stream 0 0 f3af90fc015aef15 0 0 0 /var/rpc/ncacn_np/srvsvc
f3af90fc01393a6d stream 0 0 f3af90fc0159f105 0 0 0 /var/rpc/ncalrpc/srvsvc
f3af90fc01393b35 stream 0 0 f3af90fc0159f3d5 0 0 0 /var/rpc/ncalrpc/NETLOGON
f3af90fc01393bfd stream 0 0 f3af90fc0159f5b5 0 0 0 /var/rpc/ncacn_np/mdssvc
f3af90fc01393cc5 stream 0 0 f3af90fc0159f6a5 0 0 0 /var/rpc/ncacn_np/lsarpc
f3af90fc01393d8d stream 0 0 f3af90fc0159fb55 0 0 0 /var/rpc/ncalrpc/lsarpc
f3af90fc01393e55 stream 0 0 f3af90fc015215b5 0 0 0 /var/run/mDNSResponder
f3af90fc06115b95 dgram 0 0 0 f3af90fc060e8425 f3af90fc060e8425 0
f3af90fc060e8425 dgram 0 0 0 f3af90fc06115b95 f3af90fc06115b95 0
f3af90fc06115f7d dgram 0 0 0 f3af90fc06114cbd f3af90fc06114cbd 0
f3af90fc06114cbd dgram 0 0 0 f3af90fc06115f7d f3af90fc06115f7d 0
f3af90fc06114425 dgram 0 0 0 f3af90fc06114295 f3af90fc06114295 0
f3af90fc06114295 dgram 0 0 0 f3af90fc06114425 f3af90fc06114425 0
f3af90fc0613f8dd dgram 0 0 0 f3af90fc060fefe5 f3af90fc060fefe5 0
f3af90fc060fefe5 dgram 0 0 0 f3af90fc0613f8dd f3af90fc0613f8dd 0
f3af90fc04cc2fdd dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc060e8f15
f3af90fc04cc4f1d dgram 0 0 0 f3af90fc060e8fdd f3af90fc060e8fdd 0
f3af90fc060e8fdd dgram 0 0 0 f3af90fc04cc4f1d f3af90fc04cc4f1d 0
f3af90fc060e8f15 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc0613fe55
f3af90fc0611593d dgram 0 0 0 f3af90fc0613fa6d f3af90fc0613fa6d 0
f3af90fc0613fa6d dgram 0 0 0 f3af90fc0611593d f3af90fc0611593d 0
f3af90fc06115875 dgram 0 0 0 f3af90fc04cc4815 f3af90fc04cc4815 0
f3af90fc04cc4815 dgram 0 0 0 f3af90fc06115875 f3af90fc06115875 0
f3af90fc0613ff1d dgram 0 0 0 f3af90fc0613fd8d f3af90fc0613fd8d 0
f3af90fc0613fd8d dgram 0 0 0 f3af90fc0613ff1d f3af90fc0613ff1d 0
f3af90fc061144ed dgram 0 0 0 f3af90fc06114d85 f3af90fc06114d85 0
f3af90fc06114d85 dgram 0 0 0 f3af90fc061144ed f3af90fc061144ed 0
f3af90fc04cc4685 dgram 0 0 0 f3af90fc061153c5 f3af90fc061153c5 0
f3af90fc061153c5 dgram 0 0 0 f3af90fc04cc4685 f3af90fc04cc4685 0
f3af90fc061152fd dgram 0 0 0 f3af90fc04cc44f5 f3af90fc04cc44f5 0
f3af90fc04cc44f5 dgram 0 0 0 f3af90fc061152fd f3af90fc061152fd 0
f3af90fc04cc442d dgram 0 0 0 f3af90fc04cc4365 f3af90fc04cc4365 0
f3af90fc04cc4365 dgram 0 0 0 f3af90fc04cc442d f3af90fc04cc442d 0
f3af90fc01392b95 dgram 0 0 0 f3af90fc01392acd f3af90fc01392acd 0
f3af90fc01392acd dgram 0 0 0 f3af90fc01392b95 f3af90fc01392b95 0
f3af90fc060fe29d dgram 0 0 0 f3af90fc04cc45bd f3af90fc04cc45bd 0
f3af90fc04cc45bd dgram 0 0 0 f3af90fc060fe29d f3af90fc060fe29d 0
f3af90fc0611561d dgram 0 0 0 f3af90fc061150a5 f3af90fc061150a5 0
f3af90fc061150a5 dgram 0 0 0 f3af90fc0611561d f3af90fc0611561d 0
f3af90fc0613fe55 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc04cc3a05
f3af90fc04cc3a05 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc04cc4cc5
f3af90fc04cc4cc5 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc01391f15
f3af90fc01391f15 dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc01392f7d
f3af90fc013915b5 dgram 0 0 0 f3af90fc0139167d f3af90fc0139167d 0
f3af90fc0139167d dgram 0 0 0 f3af90fc013915b5 f3af90fc013915b5 0
f3af90fc013914ed dgram 0 0 0 f3af90fc013918d5 f3af90fc013918d5 0
f3af90fc013918d5 dgram 0 0 0 f3af90fc013914ed f3af90fc013914ed 0
f3af90fc013922fd dgram 0 0 0 f3af90fc013923c5 f3af90fc013923c5 0
f3af90fc013923c5 dgram 0 0 0 f3af90fc013922fd f3af90fc013922fd 0
f3af90fc0139261d dgram 0 0 0 f3af90fc013926e5 f3af90fc013926e5 0
f3af90fc013926e5 dgram 0 0 0 f3af90fc0139261d f3af90fc0139261d 0
f3af90fc013927ad dgram 0 0 0 f3af90fc01392875 f3af90fc01392875 0
f3af90fc01392875 dgram 0 0 0 f3af90fc013927ad f3af90fc013927ad 0
f3af90fc0139293d dgram 0 0 0 f3af90fc01392a05 f3af90fc01392a05 0
f3af90fc01392a05 dgram 0 0 0 f3af90fc0139293d f3af90fc0139293d 0
f3af90fc01392ded dgram 0 0 0 f3af90fc01392eb5 f3af90fc01392eb5 0
f3af90fc01392eb5 dgram 0 0 0 f3af90fc01392ded f3af90fc01392ded 0
f3af90fc01392f7d dgram 0 0 0 f3af90fc01393fe5 0 f3af90fc01393f1d
f3af90fc01393045 dgram 0 0 0 f3af90fc0139310d f3af90fc0139310d 0
f3af90fc0139310d dgram 0 0 0 f3af90fc01393045 f3af90fc01393045 0
f3af90fc0139329d dgram 0 0 0 f3af90fc01393365 f3af90fc01393365 0
f3af90fc01393365 dgram 0 0 0 f3af90fc0139329d f3af90fc0139329d 0
f3af90fc01393f1d dgram 0 0 0 f3af90fc01393fe5 0 0
f3af90fc01393fe5 dgram 0 0 f3af90fc0137f1f5 0 f3af90fc04cc2fdd 0 /private//var/run/syslog
Registered kernel control modules
id flags pcbcount rcvbuf sndbuf name
1 9 0 131072 8192 com.apple.flow-divert
2 1 1 16384 2048 com.apple.nke.sockwall
3 9 0 524288 524288 com.apple.content-filter
4 9 0 8192 2048 com.apple.packet-mangler
5 1 2 65536 65536 com.apple.net.necp_control
6 9 1 524288 524288 com.apple.net.utun_control
7 1 0 65536 65536 com.apple.net.ipsec_control
8 0 13 8192 2048 com.apple.netsrc
9 18 0 8192 2048 com.apple.network.statistics
a 5 0 8192 2048 com.apple.network.tcp_ccdebug
Active kernel event sockets
Proto Recv-Q Send-Q vendor class subcla
kevt 0 0 1 1 2
kevt 0 0 1 6 1
kevt 0 0 1 6 1
kevt 0 0 1 1 1
kevt 0 0 1 1 10
kevt 0 0 1001 5 11
kevt 0 0 1 1 2
kevt 0 0 1 6 1
kevt 0 0 1 6 1
kevt 0 0 1 6 1
kevt 0 0 1 6 1
kevt 0 0 1 6 1
kevt 0 0 1 6 1
kevt 0 0 1 6 1
kevt 0 0 1 1 2
kevt 0 0 1 6 1
kevt 0 0 1 1 0
Active kernel control sockets
Proto Recv-Q Send-Q unit id name
kctl 0 0 1 2 com.apple.nke.sockwall
kctl 0 0 1 5 com.apple.net.necp_control
kctl 0 0 2 5 com.apple.net.necp_control
kctl 0 0 1 6 com.apple.net.utun_control
kctl 0 0 1 8 com.apple.netsrc
kctl 0 0 2 8 com.apple.netsrc
kctl 0 0 3 8 com.apple.netsrc
kctl 0 0 4 8 com.apple.netsrc
kctl 0 0 5 8 com.apple.netsrc
kctl 0 0 6 8 com.apple.netsrc
kctl 0 0 7 8 com.apple.netsrc
kctl 0 0 8 8 com.apple.netsrc
kctl 0 0 10 8 com.apple.netsrc
kctl 0 0 11 8 com.apple.netsrc
kctl 0 0 12 8 com.apple.netsrc
kctl 0 0 13 8 com.apple.netsrc
kctl 0 0 20 8 com.apple.netsrc
dhcp-164-107-230-209:~ michaelvieth$
Thanks in advance!!
MacBook Pro, OS X Yosemite (10.10.1)
