| Current Path : /proc/thread-self/root/home/ift/mails/13/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //proc/thread-self/root/home/ift/mails/13/1475869283.zrspam.132325_2016_10_07 |
From cmdbenl-villederepentigny@ifz-goettingen.de Fri Oct 7 21:41:23 2016
Return-Path: <cmdbenl-villederepentigny@ifz-goettingen.de>
X-Original-To: tjungblut@ift-informatik.de
Delivered-To: tjungblut@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
id 49DE7375227B9; Fri, 7 Oct 2016 21:41:23 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
with SpamAssassin (version 3.4.0);
Fri, 07 Oct 2016 21:41:23 +0200
From: "Sparkasse-Center" <cmdbenl-villederepentigny@ifz-goettingen.de>
To: <tobias.jungblut@ift-informatik.de>
Subject: *****SPAM***** Sparkasse - Wichtiges Sicherheitsupdate
Date: Fri, 7 Oct 2016 15:34:37 -0400
Message-Id: <002501d220d2$be7511d0$18d1beed@JUNIORn2k>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.4 required=5.0 tests=BAYES_00,FORGED_OUTLOOK_HTML,
FSL_HELO_BARE_IP_2,HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY,
NORMAL_HTTP_TO_IP,PYZOR_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,
RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_SORBS_WEB,
RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_NONE,TVD_RCVD_IP,TVD_RCVD_IP4,
T_FRT_CONTACT,URIBL_BLOCKED,URIBL_JP_SURBL,URIBL_PH_SURBL,URIBL_SBL,
URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_57F7FA63.1F53810A"
This is a multi-part message in MIME format.
------------=_57F7FA63.1F53810A
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Sparkasse Sehr geehrte Sparkassen-Kunden, leider kam es in
letzter Zeit vermehrt zu sicherheitsrelevanten Problemen in Verbindung mit
Sparkassen-Kundendaten. Daher bitten wir Sie Ihr System auf den neuesten
Stand zu bringen und sich kurz unserer Sicherheitsüberprüfung zu unterziehen.
[...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: sparkasse-sicherheit.ru]
0.6 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: sparkasse-sicherheit.ru]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sparkasse-sicherheit.ru]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URIs: sparkasse-sicherheit.ru]
1.6 URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist
[URIs: sparkasse-sicherheit.ru]
0.0 TVD_RCVD_IP4 No description available.
0.0 TVD_RCVD_IP No description available.
1.2 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
0.0 T_FRT_CONTACT BODY: ReplaceTags: Contact
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[177.1.204.238 listed in zen.spamhaus.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[177.1.204.238 listed in psbl.surriel.com]
2.4 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[177.1.204.238 listed in bl.mailspike.net]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?177.1.204.238>]
0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[177.1.204.238 listed in bb.barracudacentral.org]
0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[177.1.204.238 listed in dnsbl.sorbs.net]
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
1.5 FSL_HELO_BARE_IP_2 No description available.
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_57F7FA63.1F53810A
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from 177.1.204.238 (unknown [177.1.204.238])
by ift-informatik.de (Postfix) with SMTP id A036F375227B9
for <tobias.jungblut@ift-informatik.de>; Fri, 7 Oct 2016 21:41:16 +0200 (CEST)
Received: from unknown (HELO n2k) ([24.209.190.237])
by 177-1-204-238.doce-ms-a1k-01.e.brasiltelecom.net.br with ESMTP; Fri, 7 Oct 2016 15:41:43 -0400
Message-ID: <002501d220d2$be7511d0$18d1beed@JUNIORn2k>
From: "Sparkasse-Center" <cmdbenl-villederepentigny@ifz-goettingen.de>
To: <tobias.jungblut@ift-informatik.de>
Subject: Sparkasse - Wichtiges Sicherheitsupdate
Date: Fri, 7 Oct 2016 15:34:37 -0400
MIME-Version: 1.0
Content-Type: text/html;
format=flowed;
charset="iso-8859-2";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- If you delete this meta tag, Half Life 3 will never be released. -->
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Sparkasse</title>
<link rel="stylesheet" type="text/css" href="http://185.86.148.100/mail/stylesheets/email.css" />
</head>
<body bgcolor="#FFFFFF">
<!-- HEADER -->
<table class="head-wrap" bgcolor="#F00">
<tr>
<td></td>
<td class="header container"
<div class="content">
<table bgcolor="#F00">
<tr>
<td><img src="http://185.86.148.100/mail/img/logo.png"/></td>
</tr>
</table>
</div>
</td>
<td></td>
</tr>
</table><!-- /HEADER -->
<!-- BODY -->
<table class="body-wrap">
<tr>
<td></td>
<td class="container" bgcolor="#FFFFFF">
<div class="content">
<table>
<tr>
<td>
<h3>Sehr geehrte Sparkassen-Kunden,</h3>
<p>leider kam es in letzter Zeit vermehrt zu sicherheitsrelevanten Problemen in Verbindung mit Sparkassen-Kundendaten. Daher bitten wir Sie Ihr System auf den neuesten Stand zu bringen und sich kurz unserer Sicherheitsüberprüfung zu unterziehen.<br>
</p>
<p>
Wir bedanken uns für Ihr Verständnis.
</p>
<!-- Callout Panel -->
<p class="callout">
Bitte klicken Sie folgenden Direktlink um zur Sicherheitsüberprüfung zu gelangen:<br>
<a href="http://sparkasse-sicherheit.ru/">Hier klicken! »</a>
<p>
Dies ist eine automatisch generierte Nachricht, bitte antworten Sie nicht an diese E-Mail-Adresse.
</p>
</p><!-- /Callout Panel -->
</td>
</tr>
</table>
</div><!-- /content -->
</td>
<td></td>
</tr>
</table><!-- /BODY -->
<!-- FOOTER -->
<table class="footer-wrap">
<tr>
<td></td>
<td class="container">
<!-- content -->
<div class="content">
<table>
<tr>
<td align="left">
<div class="footText">
<p>
<a href="#">Hilfe</a> |
<a href="#">Sicherheit</a> |
<a href="#">Kontakt</a>
</p>
</div>
</td>
</tr>
<tr>
<td align="left">
<div class="footText">
<p>
Sparkassen-Finanzportal GmbH<br>
Friedrichstraße 50<br>
10117 Berlin<br>
vertreten durch die Geschäftsführer<br>
Stefan Roesler<br>
Sebastian Garbe<br>
Norbert Feldhaus<br>
</p>
<p>
Handelsregister Amtsgericht Charlottenburg, Berlin<br>
Handelsregisternr. HRB 91513B<br>
USt-ID DE 214205098<br>
</p>
</div>
</td>
</tr>
</table>
</div><!-- /content -->
</td>
<td></td>
</tr>
</table><!-- /FOOTER -->
</body>
</html>
------------=_57F7FA63.1F53810A--