Jump to content

Ex is Tracking me somehow...Email Header leads me here


ParanoidWannaBdeCoder
 Share

Recommended Posts

Ok, here goes...for the past three years I have been tormented personally and professionally. I've suffered significant legal, financial, and social losses due to this torment. Its clear to me that an individual/s have been intercepting my electronic communications and tracking my whereabouts. Before I found this forum I thought the leaking of my private conversations, my whereabouts, and other's knowledge of my businesses inside information were a mere coincidence. Since I found Hak5 several months back, I've been sniffing my internet traffic on my phone and pc. The problem I have is that I have no clue how to analyze all of the information that I've captured. I've tried, thru internet searches, to find a piece of data that might give me a clue as to whether these happenings are real or just some paranoid delusions. Till a few days ago, sadly, I had NOTHING! Then came a strange email from my Ex, who coincidently has benifited greatly from my recent demise. After I researched bits of the header I was lead directly to Hak5. I'm a little concerned about posting this header but here are some portions/excerpts that lead me to believe that something might be a awry. Whether there is or not, I know one thing for certain, there is nothing more that I want to do more than be like you guys! Seriously, even though I are totally clueless in this field, I am HOOKED.

Delivered-To: mxxxxx@gmail.com
Received: by 10.70.27.1 with SMTP id p1csp198900pdg;
Tue, 10 Jun 2014 22:13:07 -0700 (PDT)
X-Received: by 10.140.51.172 with SMTP id u41mr45291631qga.69.1402463586430;
Tue, 10 Jun 2014 22:13:06 -0700 (PDT)
Return-Path: <mmscadm@pixmbl.com>
Received: from mx.messaging.sprintpcs.com (smtp1a.mo.sprintpcs.com. [66.1.208.6])
by mx.google.com with ESMTP id 19si29220183qgm.95.2014.06.10.22.13.05
for <mxxxxx@gmail.com>;
Tue, 10 Jun 2014 22:13:06 -0700 (PDT)
Received-SPF: none (google.com: mmscadm@pixmbl.com does not designate permitted sender hosts) client-ip=66.1.208.6;
Authentication-Results: mx.google.com;
spf=neutral (google.com: mmscadm@pixmbl.com does not designate permitted sender hosts) smtp.mail=mmscadm@pixmbl.com
Received: from musreb17.nmcc.sprintspectrum.com (lxnsmssf5-vip.nmcc.sprintspectrum.com [10.25.157.71])
by mx.messaging.sprintpcs.com (Postfix) with ESMTP id 16CB26073
for <mxxxxx@gmail.com>; Wed, 11 Jun 2014 00:11:07 -0500 (CDT)
Resent-Date: Wed, 11 Jun 2014 05:13:05 GMT
Resent-From: mxxxxx@gmail.com
Resent-To: mxxxxx@gmail.com
Received: by pixmbl.com ; Wed, 11 Jun 2014 05:13:05 GMT
Content-Type: multipart/related;boundary=1_5397E55F_D4B138;type="text/html"
Date: Wed, 11 Jun 2014 05:13:03 GMT
To: mxxxxx@gmail.com
From: 602xxxxxxx@pm.sprint.com
Message-ID: <AHNtnLhj4yZuEUm84@musreb17.nmcc.sprintspectrum.com>
Mime-Version: 1.0

--1_5397E55F_D4B138
Content-Type: text/html;charset="UTF-8"
Content-Transfer-Encoding: base64

PEhUTUw+CiAgICAgICAgPEhFQUQ+CiAgICAgICAgICAgICAgICA8VElUTEU+PC9USVRMRT4KICAg
ICAgICA8L0hFQUQ+CiAgICAgICAgPEJPRFk+CiAgICAgICAgICAgICAgICA8UCBhbGlnbj0ibGVm
dCI+PEZPTlQgZmFjZT0iVmVyZGFuYSIgY29sb3I9IiNjYzAwMDAiIHNpemU9IjIiPlNlbnQgZnJv
bSBteSBtb2JpbGUuCiAgICAgICAgICAgICAgICA8QlI+X19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzwvRk9OVD48L1A+CgogICAgICAg
ICAgICAgICAgPFBSRT4KCgpHbiBMZXdpCgo8L1BSRT4KICAgICAgICA8L0JPRFk+CjwvSFRNTD4K

--1_5397E55F_D4B138--

Can someone tell me how I can educate myself on analyzing these email headers?

Edited by ParanoidWannaBdeCoder
Link to comment
Share on other sites

This should tell you everything you need to understand the headers.

http://kb.mediatemple.net/questions/892/Understanding+an+email+header

From looking at the sender, pixmbl.com is a service which allows you to send photos to your phone, this article says it is Virgin Mobile but the whois says Sprint

http://whois.domaintools.com/pixmbl.com

https://answers.yahoo.com/question/index?qid=20110329031423AAsLLmF

And the message just says "Sent from my mobile" and "Gn Lewi"

Link to comment
Share on other sites

When I researched the components of the header, I found this line to be the most interesting:

Return-Path: <mmscadm@pixmbl.com>

When I did a bing search on this line, I came up with a result, albeit the Hak5 Forum, that was almost identical to my email header.

Can someone please explain the correlation?

https://forums.hak5.org/index.php?/topic/30769-support-smser/page-2

Link to comment
Share on other sites

The link to the hak5 post you're referring to, is for the SMSer infusion. You read the topic you will see that yes the header info you are seeing is identical. The Sprint servers create this. I believe that you may be over paranoid and there may in fact be a simpler explanation as to how your private info is getting out there. Have you changed your password to your email, is it something that your ex could guess?

Edited by THCMinister
Link to comment
Share on other sites

Is this your private network? Are u on windows? Do u know how to use nmap?

If you are on windows you should restart your computer and then run in cmd 'netstat -nb' this will print out applications established connections... always monitor your applications out going traffic... post the output here plz... run the command every few minuts...

I'm sure if someone is spying on u. We can find it...

Or did I miss understand your post?

Edit; The chunck of data base64: can be decoded paste that chunk into a online decodér

Check google 'online base64 decoder'

Edited by i8igmac
Link to comment
Share on other sites



C:\>netstat -nb


Active Connections


Proto Local Address Foreign Address State

TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED

[vprot.exe]

TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED

[loggingserver.exe]

TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT

[cdswin.exe]

TCP 192.168.1.21:3277 74.125.192.99:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3281 74.125.227.192:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3286 74.125.227.216:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3291 74.125.227.213:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3292 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3293 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3297 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3298 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3302 192.0.80.241:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3306 72.21.91.111:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3307 74.125.227.204:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3314 31.13.66.160:443 ESTABLISHED

[chrome.exe]


C:\>

Link to comment
Share on other sites

Excellent information and suggestions so far...I'm certain she must have had access to my other laptops over the years. I just started using this one last week. I would be almost certain she has/had access to my cellular phone data as well. So while I'm doing my due diligence on my electronic devices....I want to flip the script on her and find out what's going on with her Apple iPhone 5s.

Any advice?

I need to work until 6 pm tonight,

Thanks again!

I want to get started on this right away.

Link to comment
Share on other sites


C:\>netstat -nb


Active Connections


Proto Local Address Foreign Address State

TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED

[vprot.exe]

TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED

[loggingserver.exe]

TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT

[cdswin.exe]

TCP 192.168.1.21:3277 74.125.192.99:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3281 74.125.227.192:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3286 74.125.227.216:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3291 74.125.227.213:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3292 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3293 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3297 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3298 31.13.66.160:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3302 192.0.80.241:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3306 72.21.91.111:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3307 74.125.227.204:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3314 31.13.66.160:443 ESTABLISHED

[chrome.exe]


C:\>netstat -nb


Active Connections


Proto Local Address Foreign Address State

TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED

[vprot.exe]

TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED

[loggingserver.exe]

TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT

[cdswin.exe]

TCP 192.168.1.21:3277 74.125.192.99:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3281 74.125.227.192:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3291 74.125.227.213:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3302 192.0.80.241:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3306 72.21.91.111:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3307 74.125.227.204:443 ESTABLISHED

[chrome.exe]

TCP 192.168.1.21:3332 31.13.66.128:443 ESTABLISHED

[chrome.exe


C:\>netstat -nb


Active Connections


Proto Local Address Foreign Address State

TCP 127.0.0.1:1036 127.0.0.1:7112 ESTABLISHED

[vprot.exe]

TCP 127.0.0.1:7112 127.0.0.1:1036 ESTABLISHED

[loggingserver.exe]

TCP 192.168.1.21:3106 208.83.136.19:80 CLOSE_WAIT

[cdswin.exe]

TCP 192.168.1.21:3379 31.13.66.128:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3380 31.13.66.128:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3383 31.13.66.128:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3384 31.13.66.128:443 ESTABLISHED

[FacebookMessenger.exe]

TCP 192.168.1.21:3387 192.0.80.242:443 ESTABLISHED

[chrome.exe]
Link to comment
Share on other sites

I don't get it. You're dumping all this data in here not unlike how a child that went to camp for a week dumps his dirty clothes at his parents feet assuming they'll sort this mess out for him/her.

That's not what this forum is about.

We'll help you come to grips with what you're seeing but unless you make a bit of effort to try to comprehend what it is you're doing, what the output of programs means and how you can make use of this, you're not going to achieve anything here.

From what you've posted so far, you claim that your ex has intel on you. Dude, I ditched my girlie 6 months ago and if I wanted I could make life in general complete and utter hell for her, not because I'm good at that sort of thing, but after a 6 year relationship I know what makes her tick:

- password generation and remembrance techniques

- things she would have an account on

- websites she's likely to access

- the company that she's got a long-term cell-phone contract with, her phone number and all personal details they might want to know about before they're willing to change anything

And that's not counting all the account info I already got to know about simply because half the time I did all that crap for het or looked over her shoulder as she was doing it.

If you're worried about your machine having a rootkit or a keylogger, bottom line is you don't trust that machine anymore. Solution? Reinstall. It's that simple. Format and start over. There is NO alternative.

From that point on, work your way out. Make a list of sites/fora you frequent and basically change *everything*. Your username if possible, most certainly your password and walk yourself through the 'forgot password' dialogue. For all questions posed ask yourself: would anybody other than me know this? If the answer is yes, you should try to change that info. Those common 'what's your pet's name' or 'what's your mother's maiden name' type questions. If you can't change it, drop the account. Create a new one with, I donno, a different birthdate or something. Something that's asked in the 'forgotten password' flow which someone else that knows you well enough also knows. Change it or drop it and move on.

How long has it been since you parted? How much time are you still spending on her. Is it really worth it? Move on.

Even if you get to feel like you 'got her' by getting in her face, you only end up wasting your time on that woman. If you play your cards wrong (and since you don't know what you're doing I guarantee you that you will) you could wind up in jail. Is she really worth all that trouble to you?

If you can't prevent running into her, stay calm and collected. Put yourself above the situation. Yes, I'm sure she's caused you plenty of pain and I'm sure she will feel exactly the same about you. If she gets in your face, just tell (still calm and collected) her to accept the situation and get over it, then walk away. If she keeps hounding you, tell her (calm and collected) that the only thing she's doing is proving she's still not over you, but you're not interested anymore, and walk away. Things will calm down eventually. Don't talk smack about her behind her back either. Avoid the subject, even amongst your friends. Just say to anybody that asks that that chapter in your life is over and you've moved on with your life.

If she finds someone else, GOOD, FUCK HER! Gives her someone else to focus on.

Just pick up the pieces of your life and make do. You'll be much happier way sooner than if you didn't.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...