[Declude.JunkMail] This is a strange one (a pair actually)

[Matt]

These are both from different RR mail servers, obviously from zombies, 
but there's no payload.  This is unlikely to be an error in the 
spamware's output, and that makes me think that they might just be doing 
this to cause problems with spamtrap connected RBL's (a rapidly growing 
problem).

   http://www.dnsstuff.com/tools/ip4r.ch?ip=65.24.5.135
   http://www.dnsstuff.com/tools/ip4r.ch?ip=24.29.99.227
Note that I'm scanning currently on up to 4 hops, so both zombies are 
yet to be detected.  Strange.

Matt



Received: from ms-smtp-01-eri0.ohiordc.rr.com [65.24.5.135] by mx2.mailpure.com 
with ESMTP
 (SMTPD32-8.05) id A184A2F014E; Tue, 10 Feb 2004 17:56:04 -0500
Received: from CPE-24-160-230-167.wi.rr.com (cpe-024-033-226-226.neo.rr.com 
[24.33.226.226])
        by ms-smtp-01-eri0.ohiordc.rr.com (8.12.10/8.12.7) with SMTP id i1AMu0MV027728
        for <[EMAIL PROTECTED]>; Tue, 10 Feb 2004 17:56:01 -0500 (EST)
Received: from [76.55.112.100] by CPE-24-160-230-167.wi.rr.com id HlGYCp76a25a; Tue, 
10 Feb 2004 23:44:58 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Ralph" <[EMAIL PROTECTED]>
Reply-To: "Ralph" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: sup yo hikfkzy fx
Date: Tue, 10 Feb 04 23:44:58 GMT
X-Mailer: AOL 7.0 for Windows US sub 118
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="C59AC11CE_2_0_3BD2315"
X-Priority: 1
X-MSMail-Priority: High
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-MailPure: ==================================================================
X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records (weight 0).
X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected (weight 0).
X-MailPure: BADHEADERS: Failed, non-RFC compliant headers [8014000e] (weight 4).
X-MailPure: SNIFFER-WHITE: Passed, listed in the White Rules category (weight 0).
X-MailPure: ==================================================================
X-MailPure: Spam Score: 4
X-MailPure: Scan Time: 17:56:14 on 02/10/2004
X-MailPure: Spool File: D61840a2f014e4875.SMD
X-MailPure: Server Name: ms-smtp-01-eri0.ohiordc.rr.com
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From: ms-smtp-01-smtplb.ohiordc.rr.com [65.24.5.135]
X-MailPure: ==================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure: ==================================================================
X-Declude-Date: 02/10/0004 23:44:58 [-1386160468]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: R
X-UIDL: 371067083
--C59AC11CE_2_0_3BD2315
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
hey, call merdbwg m

--C59AC11CE_2_0_3BD2315--



------=_NextPart_000_0020_01C3F081.B69AEDC0
Content-Type: message/rfc822;
        name="sup yo d urroehofdq .eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
        filename="sup yo d urroehofdq .eml"
Received: from nycsmtp4out-eri0.rdc-nyc.rr.com [24.29.99.227] by mx2.mailpure.com with ESMTP
 (SMTPD32-8.05) id AE769EE014E; Tue, 10 Feb 2004 17:43:02 -0500
Received: from CPE-24-160-230-167.wi.rr.com (24-29-123-187.nyc.rr.com [24.29.123.187])
	by nycsmtp4out-eri0.rdc-nyc.rr.com (8.12.10/8.12.7) with SMTP id i1AMgxU3001606
	for <[EMAIL PROTECTED]>; Tue, 10 Feb 2004 17:43:00 -0500 (EST)
Received: from (HELO deb86ut) [185.103.48.82] by CPE-24-160-230-167.wi.rr.com id <6082246-78750> for <[EMAIL PROTECTED]>; Tue, 10 Feb 2004 15:40:58 -0700
Message-ID: <[EMAIL PROTECTED]>
From: "Ralph" <[EMAIL PROTECTED]>
Reply-To: "Ralph" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: sup yo d urroehofdq 
Date: Tue, 10 Feb 04 15:40:58 GMT
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="__F54A011EA4B9F__"
X-Priority: 1
X-MSMail-Priority: High
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-MailPure: ==================================================================
X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records (weight 0).
X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected (weight 0).
X-MailPure: BADHEADERS: Failed, non-RFC compliant headers [8010000e] (weight 4).
X-MailPure: SNIFFER-WHITE: Passed, listed in the White Rules category (weight 0).
X-MailPure: GIBBERISH: Message failed GIBBERISH test (line 398, weight 3) (weight capped at 3).
X-MailPure: ==================================================================
X-MailPure: Spam Score: 7
X-MailPure: Scan Time: 17:43:13 on 02/10/2004
X-MailPure: Spool File: D5e7609ee014e5c65.SMD
X-MailPure: Server Name: nycsmtp4out-eri0.rdc-nyc.rr.com
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From: nycsmtp4out-eri0.rdc-nyc.rr.com [24.29.99.227]
X-MailPure: ==================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure: ==================================================================
X-Declude-Date: 02/10/0004 15:40:58 [-1386160455]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: R
X-UIDL: 371067082

--__F54A011EA4B9F__
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
hey, call mepzwvtrm
vdcsnc gcxngkdzpty bdphvwmvpqg
a edk
--__F54A011EA4B9F__--



------=_NextPart_000_0020_01C3F081.B69AEDC0--











--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.