Anyone else get that annoying PM?

[paulr33]

Haha thats funny as (the register article). I got an email from skylines downunder saying that I had just recieved a PM from some goonie regarding ultimaterally and the usual blah blah. From address was [email protected] which appears to be one of his bullshit domains. I then checked our work server logs for any emails from ultimatereally and kimble.org and found two emails that bounced as he rctp'd to people who didnt exist. The email came from H=(plesk7.trendax.net) [207.218.248.46] which is a linux host runing sendmail. The box is hosting by ez1 or evs1 servers somewhere overseas. The host trendax doesnt exist but trendax.com does and its one of his ventures that went belly up. The servers for the site are in one subnet at ev1servers.net and it looks like the mailhosts are in another subnet at a similar location.

traceroute to plesk6.trendax.com (69.57.154.2), 30 hops max, 40 byte packets

1 FastEthernet6-0.civ-service1.Canberra.telstra.net (203.50.1.65) 0.254 ms 0.175 ms 0.162 ms

2 GigabitEthernet3-0.civ-core2.Canberra.telstra.net (203.50.10.129) 0.846 ms 0.815 ms 0.776 ms

3 GigabitEthernet2-2.dkn-core1.Canberra.telstra.net (203.50.6.126) 0.93 ms 1.021 ms 0.941 ms

4 Pos4-0.ken-core4.Sydney.telstra.net (203.50.6.121) 5.148 ms 5.123 ms 5.035 ms

5 10GigabitEthernet3-0.pad-core4.Sydney.telstra.net (203.50.6.86) 5.189 ms 5.28 ms 4.709 ms

6 GigabitEthernet2-2.syd-core01.Sydney.net.reach.com (203.50.13.38) 5.476 ms 5.319 ms 5.16 ms

7 i-12-2.wil-core01.net.reach.com (202.84.144.25) 153.613 ms 153.555 ms 153.498 ms

8 i-2-0.dal-core01.net.reach.com (202.84.143.66) 185.473 ms 185.175 ms 185.241 ms

9 i-3-1.dal01.net.reach.com (202.84.142.82) 185.718 ms 185.628 ms 185.73 ms

10 * * *

11 dllstx1wcx3-pos13-2-oc48.wcg.net (64.200.105.65) 185.763 ms 185.776 ms 185.741 ms

12 hstntx1wcx3-pos1-0-oc192.wcg.net (64.200.210.66) 190.461 ms 190.41 ms 190.521 ms

13 hstntx1wcx1-pos9-0-oc48.wcg.net (65.77.93.213) 190.718 ms 190.741 ms 190.645 ms

14 hstntx1wce2-everyonesinternet-gige.wcg.net (65.77.93.54) 200.094 ms 200.172 ms 200.288 ms

15 ivhou-207-218-245-27.ev1.net (207.218.245.27) 202.547 ms 202.384 ms 225.868 ms

16 ivhou-207-218-245-113.ev1.net (207.218.245.113) 202.512 ms 202.528 ms 202.483 ms

traceroute to 207.218.248.46 (207.218.248.46), 30 hops max, 40 byte packets

1 FastEthernet6-0.civ-service1.Canberra.telstra.net (203.50.1.65) 0.27 ms 0.177 ms 0.211 ms

2 GigabitEthernet3-0.civ-core2.Canberra.telstra.net (203.50.10.129) 0.856 ms 0.723 ms 0.707 ms

3 GigabitEthernet2-2.dkn-core1.Canberra.telstra.net (203.50.6.126) 1.021 ms 1.011 ms 0.95 ms

4 Pos4-1.ken-core4.Sydney.telstra.net (203.50.6.69) 5.077 ms 5.074 ms 5.005 ms

5 10GigabitEthernet3-0.pad-core4.Sydney.telstra.net (203.50.6.86) 5.281 ms 5.273 ms 5.169 ms

6 GigabitEthernet2-2.syd-core01.Sydney.net.reach.com (203.50.13.38) 5.28 ms 5.312 ms 5.292 ms

7 i-6-1.wil-core02.net.reach.com (202.84.249.201) 153.244 ms 153.384 ms 153.425 ms

8 i-2-0.dal-core01.net.reach.com (202.84.143.66) 185.327 ms 185.315 ms 185.347 ms

9 i-3-1.dal01.net.reach.com (202.84.142.82) 185.677 ms 185.872 ms 185.73 ms

10 * * *

11 dllstx1wcx3-pos13-2-oc48.wcg.net (64.200.105.65) 185.877 ms 185.778 ms 185.822 ms

12 hstntx1wcx3-pos1-0-oc192.wcg.net (64.200.210.66) 319 ms 197.289 ms 190.306 ms

13 hstntx1wcx1-pos9-0-oc48.wcg.net (65.77.93.213) 190.709 ms 190.593 ms 190.756 ms

14 hstntx1wce2-everyonesinternet-gige.wcg.net (65.77.93.54) 200.054 ms 200.207 ms 200.156 ms

15 ivhou-207-218-245-27.ev1.net (207.218.245.27) 202.481 ms 202.191 ms 202.287 ms

16 ivhou-207-218-223-108.ev1.net (207.218.223.108) 215.299 ms 215.346 ms 215.377 ms

17 londes.innohost.com (207.218.248.46) 215.133 ms 216.06 ms 215.229 ms

17 ev1s-69-57-154-2.ev1servers.net (69.57.154.2) 202.675 ms 202.557 ms 202.604 ms

https://plesk7.trendax.com:19638/

brings up a web portal that throws a 500 error

None of the above hosts are in mail-abuse or maps or any of the blacklists including spamcop.

It sounds like he's found a cheap shot way to signup forum users then randomly PM people junk (sau and sdu for starters).

He's just picking random car forums to spam his bullshit rally competition. Are all these PM's coming from the same IP's or a broad range of IP's?

Either way you should post them so others can block them and also send them off to spamcop and other maps if they aren't already in there.

That way if the same hosts are mass mailing junk it will be blocked as well (better than nothing).

[paulr33]

and his stupid site doesnt even do anything check out http://www.ultimaterally.com/cgi-bin/application

all it does it give you a page saying thank you, it doesn't even do validation or actually use the values. also the secure login page where it asks for user/pass is just a .swf that doesnt actually do anything and it always returns invalid login regardless of what you enter

very dodgy

i dont get the point of it all?

[paulr33]

Found

The document has moved .

---

Apache/2.0.46 (Red Hat) Server at www.ultimaterally.com Port 80

[carlo]

yeah he has been doing this for a while. He did it to a m3 forum last year, they ripped him a new one. I guess thats why he uses fake names now

[GoldZilla]

I just got one now from JaquesvD, but strangely enough it was from SDU, not here.

I haven't been back to SDU since Christian ("Prank") opened up this site, but I haven't removed my details from there either. Oh well, I'll go there now to see if there's a similar thread that I can post to...

Strangely enough, I got the email notification of a PM from SDU, and then I got a copy of the email from the d1ckhead himself (through SDU), listed as [email protected]. Furthermore, it lists Kimble's name at the bottom of the email.

Is this how everyone else is getting theirs?

Nick T

[PHATR32]

i just copped 3 emails from this prick

[PSIKO]

Mine was Gumballer6

Also got an email about it from [email protected] at the end of last month

At least it was a one-off ... isn't too hard to just delete it

Once you start getting them everyday is when it'd get a bit annoying