Jump to content

ParanoidWannaBdeCoder

Active Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by ParanoidWannaBdeCoder

  1. C:\>netstat -nb Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED [vprot.exe] TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED [loggingserver.exe] TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT [cdswin.exe] TCP 192.168.1.21:3277 74.125.192.99:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3281 74.125.227.192:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3286 74.125.227.216:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3291 74.125.227.213:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3292 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3293 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3297 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3298 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3302 192.0.80.241:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3306 72.21.91.111:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3307 74.125.227.204:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3314 31.13.66.160:443 ESTABLISHED [chrome.exe] C:\>netstat -nb Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED [vprot.exe] TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED [loggingserver.exe] TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT [cdswin.exe] TCP 192.168.1.21:3277 74.125.192.99:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3281 74.125.227.192:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3291 74.125.227.213:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3302 192.0.80.241:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3306 72.21.91.111:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3307 74.125.227.204:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3332 31.13.66.128:443 ESTABLISHED [chrome.exe C:\>netstat -nb Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED [vprot.exe] TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED [loggingserver.exe] TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT [cdswin.exe] TCP 192.168.1.21:3379 31.13.66.128:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3380 31.13.66.128:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3383 31.13.66.128:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3384 31.13.66.128:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3387 192.0.80.242:443 ESTABLISHED [chrome.exe]
  2. Excellent information and suggestions so far...I'm certain she must have had access to my other laptops over the years. I just started using this one last week. I would be almost certain she has/had access to my cellular phone data as well. So while I'm doing my due diligence on my electronic devices....I want to flip the script on her and find out what's going on with her Apple iPhone 5s. Any advice? I need to work until 6 pm tonight, Thanks again! I want to get started on this right away.
  3. C:\>netstat -nb Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED [vprot.exe] TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED [loggingserver.exe] TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT [cdswin.exe] TCP 192.168.1.21:3277 74.125.192.99:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3281 74.125.227.192:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3286 74.125.227.216:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3291 74.125.227.213:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3292 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3293 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3297 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3298 31.13.66.160:443 ESTABLISHED [FacebookMessenger.exe] TCP 192.168.1.21:3302 192.0.80.241:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3306 72.21.91.111:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3307 74.125.227.204:443 ESTABLISHED [chrome.exe] TCP 192.168.1.21:3314 31.13.66.160:443 ESTABLISHED [chrome.exe] C:\>
  4. When I researched the components of the header, I found this line to be the most interesting: Return-Path: <mmscadm@pixmbl.com> When I did a bing search on this line, I came up with a result, albeit the Hak5 Forum, that was almost identical to my email header. Can someone please explain the correlation? https://forums.hak5.org/index.php?/topic/30769-support-smser/page-2
  5. Ok, here goes...for the past three years I have been tormented personally and professionally. I've suffered significant legal, financial, and social losses due to this torment. Its clear to me that an individual/s have been intercepting my electronic communications and tracking my whereabouts. Before I found this forum I thought the leaking of my private conversations, my whereabouts, and other's knowledge of my businesses inside information were a mere coincidence. Since I found Hak5 several months back, I've been sniffing my internet traffic on my phone and pc. The problem I have is that I have no clue how to analyze all of the information that I've captured. I've tried, thru internet searches, to find a piece of data that might give me a clue as to whether these happenings are real or just some paranoid delusions. Till a few days ago, sadly, I had NOTHING! Then came a strange email from my Ex, who coincidently has benifited greatly from my recent demise. After I researched bits of the header I was lead directly to Hak5. I'm a little concerned about posting this header but here are some portions/excerpts that lead me to believe that something might be a awry. Whether there is or not, I know one thing for certain, there is nothing more that I want to do more than be like you guys! Seriously, even though I are totally clueless in this field, I am HOOKED. Delivered-To: mxxxxx@gmail.com Received: by 10.70.27.1 with SMTP id p1csp198900pdg; Tue, 10 Jun 2014 22:13:07 -0700 (PDT) X-Received: by 10.140.51.172 with SMTP id u41mr45291631qga.69.1402463586430; Tue, 10 Jun 2014 22:13:06 -0700 (PDT) Return-Path: <mmscadm@pixmbl.com> Received: from mx.messaging.sprintpcs.com (smtp1a.mo.sprintpcs.com. [66.1.208.6]) by mx.google.com with ESMTP id 19si29220183qgm.95.2014.06.10.22.13.05 for <mxxxxx@gmail.com>; Tue, 10 Jun 2014 22:13:06 -0700 (PDT) Received-SPF: none (google.com: mmscadm@pixmbl.com does not designate permitted sender hosts) client-ip=66.1.208.6; Authentication-Results: mx.google.com; spf=neutral (google.com: mmscadm@pixmbl.com does not designate permitted sender hosts) smtp.mail=mmscadm@pixmbl.com Received: from musreb17.nmcc.sprintspectrum.com (lxnsmssf5-vip.nmcc.sprintspectrum.com [10.25.157.71]) by mx.messaging.sprintpcs.com (Postfix) with ESMTP id 16CB26073 for <mxxxxx@gmail.com>; Wed, 11 Jun 2014 00:11:07 -0500 (CDT) Resent-Date: Wed, 11 Jun 2014 05:13:05 GMT Resent-From: mxxxxx@gmail.com Resent-To: mxxxxx@gmail.com Received: by pixmbl.com ; Wed, 11 Jun 2014 05:13:05 GMT Content-Type: multipart/related;boundary=1_5397E55F_D4B138;type="text/html" Date: Wed, 11 Jun 2014 05:13:03 GMT To: mxxxxx@gmail.com From: 602xxxxxxx@pm.sprint.com Message-ID: <AHNtnLhj4yZuEUm84@musreb17.nmcc.sprintspectrum.com> Mime-Version: 1.0 --1_5397E55F_D4B138 Content-Type: text/html;charset="UTF-8" Content-Transfer-Encoding: base64 PEhUTUw+CiAgICAgICAgPEhFQUQ+CiAgICAgICAgICAgICAgICA8VElUTEU+PC9USVRMRT4KICAg ICAgICA8L0hFQUQ+CiAgICAgICAgPEJPRFk+CiAgICAgICAgICAgICAgICA8UCBhbGlnbj0ibGVm dCI+PEZPTlQgZmFjZT0iVmVyZGFuYSIgY29sb3I9IiNjYzAwMDAiIHNpemU9IjIiPlNlbnQgZnJv bSBteSBtb2JpbGUuCiAgICAgICAgICAgICAgICA8QlI+X19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzwvRk9OVD48L1A+CgogICAgICAg ICAgICAgICAgPFBSRT4KCgpHbiBMZXdpCgo8L1BSRT4KICAgICAgICA8L0JPRFk+CjwvSFRNTD4K --1_5397E55F_D4B138-- Can someone tell me how I can educate myself on analyzing these email headers?
×
×
  • Create New...