| Current Path : /home/ift/mails/31/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //home/ift/mails/31/1526405480.zrspam.315793_2018_05_15 |
From pmarmneraiinrnadmm@excite.it Tue May 15 19:31:20 2018
Return-Path: <pmarmneraiinrnadmm@excite.it>
X-Original-To: tjungblut@ift-informatik.de
Delivered-To: tjungblut@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
id 352903D20004C; Tue, 15 May 2018 19:31:20 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
with SpamAssassin (version 3.4.0);
Tue, 15 May 2018 19:31:20 +0200
From: <pmarmneraiinrnadmm@excite.it>
To: <tobias.jungblut@ift-informatik.de>
Subject: *****SPAM***** Um ehrlich zu sein...
Date: Tue, 15 May 2018 06:31:16 -0600
Message-Id: <5AFAD314.6050506@excite.it>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: ***************
X-Spam-Status: Yes, score=15.4 required=5.0 tests=BAYES_50,DATE_IN_PAST_03_06,
FREEMAIL_FROM,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,HTML_MESSAGE,PYZOR_CHECK,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_RP_RNBL,
RDNS_NONE,URIBL_BLOCKED,URIBL_JP_SURBL autolearn=no autolearn_force=no
version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5AFB1968.1B2C4A4D"
This is a multi-part message in MIME format.
------------=_5AFB1968.1B2C4A4D
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hallo, wir wollten dich informieren, dass deine €13.499,45
heute Morgen in dein Bankkonto eingezahlt wurden. Guck dir dieses kurze Video
an um herauszufinden wie du an dein Geld kommst. Dein Geld kann jederzeit
ohne Verzögerung abgehoben werden. [...]
Content analysis details: (15.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: vamart.ru]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: vamart.ru]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?187.171.131.141>]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[187.171.131.141 listed in bl.score.senderscore.com]
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[187.171.131.141 listed in zen.spamhaus.org]
1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[187.171.131.141 listed in bb.barracudacentral.org]
1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(pmarmneraiinrnadmm[at]excite.it)
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.0 HTML_MESSAGE BODY: HTML included in message
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.2 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
2.0 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_5AFB1968.1B2C4A4D
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from dsl-187-171-131-141-dyn.prod-infinitum.com.mx (unknown [187.171.131.141])
by ift-informatik.de (Postfix) with ESMTP id 9B64E3D20004B
for <tobias.jungblut@ift-informatik.de>; Tue, 15 May 2018 19:31:17 +0200 (CEST)
Message-ID: <5AFAD314.6050506@excite.it>
Date: Tue, 15 May 2018 06:31:16 -0600
From: <pmarmneraiinrnadmm@excite.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: <tobias.jungblut@ift-informatik.de>
Subject: Um ehrlich zu sein...
Content-Type: multipart/alternative;
boundary="------------000102020902000000040301"
This is a multi-part message in MIME format.
--------------000102020902000000040301
Content-Type: text/plain; charset=CP-850; format=flowed
Content-Transfer-Encoding: quoted-printable
Hallo,
wir wollten dich informieren, dass deine €13.499,45 heute Morgen =
in dein Bankkonto eingezahlt wurden.
Guck dir dieses kurze Video an um herauszufinden wie du an dein Geld =
kommst.
Dein Geld kann jederzeit ohne Verzögerung abgehoben werden.
Hier findest du heraus wie es funktioniert
--------------000102020902000000040301
Content-Type: text/html; charset="CP-850"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; =
charset=3DCP-850">
</head>
<body bgcolor=3D"#FFFFFF" text=3D"#000000">
Hallo,<br>
wir wollten dich informieren, dass deine €13.499,45 heute Morgen =
in dein Bankkonto eingezahlt wurden.<br>
<a =
href=3D"http://vamart.ru/wp-includes/js/tinymce/plugins/wordpress/">Guck =
dir dieses kurze Video an </a>um herauszufinden wie du an dein Geld =
kommst.<br>
<br>
Dein Geld kann jederzeit ohne Verzögerung abgehoben werden.<br>
<br>
<a =
href=3D"http://vamart.ru/wp-includes/js/tinymce/plugins/wordpress/"><b>Hi=
er findest du heraus wie es funktioniert</a></b>
</body>
</html>
--------------000102020902000000040301--
------------=_5AFB1968.1B2C4A4D--