I found a really suspicious traffic on my Mac, the process 'com.apple.photomoments' sending a strange traffic to a very suspicious server: com.apple 379 4u IPv4 0x52332f3f383fb82d 0t0 TCP 10.10.1.100:49170->18.104.22.168.broad.nc.sc.dynamic.163data.com.cn:http (ESTABLISHED) com.apple 379 6u IPv4 0x52332f3f383fb82d 0t0 TCP 10.10.1.100:49170->22.214.171.124.broad.nc.sc.dynamic.163data.com.cn:http (ESTABLISHED) Then I found out it is the 'com.apple.photomoments' process: sh-3.2# ps -Al | grep 379 501 379 1 4004 0 4 0 2486088 17912 - Ss 0 ?? 0:00.17 /System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Frameworks/PhotoLibraryServices.framework/Versions/A/XPCServices/com.apple.photomoments.xpc/Contents/MacOS/com.apple.photomoments Does anyone know about this 'com.apple.photomoments' process? Why does it send internet traffic if it is for photo related? And Why does it send the traffic to this very suspicious server? I found out that server is located in China's Telecom ISP datacenter. I suspect Chinese government somehow hijacked the DNS server query or tampered the DNS server, or my Mac simply was hacked by Chinese government hackers? Anyone? Please help!