Table of Contents Nettop Google Transparency Report: Safe Browsing Tool Netstat Flowtop Nettop Assuming an unknown/suspicious output (i.e., no chat client is being used, but random chat domain appeared: vmp.boldchat.com) is spotted from a DNS monitoring such as in previous post titled - Sniff DNS queries: Under macOS, the nettop util provides list of sockets and routes in details that help to trace down the process that established the connection to the unknown domain:

Table of Contents List of online and web-based tools Text-mode based Utility VirusTotalApi List of online and web-based tools https://www.virustotal.com: by VirusTotal, a subsidiary of Google https://exchange.xforce.ibmcloud.com: by IBM http://safeweb.norton.com: by Norton, Symantec http://www.avgthreatlabs.com/ww-en/website-safety-reports: by AVG ThreatLabs https://cymon.io: by https://eSentire.com http://www.reputationauthority.org: by WatchGuard Technologies http://isitphishing.org: by https://vadesecure.com Text-mode based Utility VirusTotalApi $ git clone https://github.com/doomedraven/VirusTotalApi.git It is an utility to search on VirusTotal databases [1] for malicious URLs and hashes of known malware.

My examples are in JS, on PhantomJS headless browser, it could be easily adapted to other languages. The script traverses a webpage and harvests all the URLs therein to check for malware/malicious sites through the Google Safe Browsing API. 192.168.1.9:~$ phantomjs chk-malinks.js http://some.malware.site 1: hshd.io 2: sourceforge.net 3: popup.taboola.com 4: www.geeksvip.com 5: my.hear.com ... 159: nba1001.net 160: www.pressroomvip.com 161: tracking.lifestylejournal.com 162: dsct2.com 163: www.historynut.com 164: www.buro247.my gsafe response json:{ "matches": [ { "threatType": "MALWARE", "platformType": "ANY_PLATFORM", "threat": { "url": "nba1001.