| Current Path : /proc/thread-self/root/home/ift/mails/30/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //proc/thread-self/root/home/ift/mails/30/1522847088.zrspam.303972_2018_04_04 |
From arminytctfsgachilles@grebgroup.com Wed Apr 4 15:04:48 2018
Return-Path: <arminytctfsgachilles@grebgroup.com>
X-Original-To: cgabriel@ift-informatik.de
Delivered-To: cgabriel@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
id E15153D200006; Wed, 4 Apr 2018 15:04:48 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
with SpamAssassin (version 3.4.0);
Wed, 04 Apr 2018 15:04:48 +0200
From: =?UTF-8?Q?Armin_Achilles?= <arminytctfsgachilles@grebgroup.com>
To: <darjan.peric@ift-informatik.de>
Subject: *****SPAM***** =?UTF-8?Q?Wurde_bestraft_-_kein_Christkind_mehr?=
Date: Wed, 4 Apr 2018 15:03:04 +0200
Message-Id: <VULHFWA.237228966492665520@ezyersp.grebgroup.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.7 required=5.0 tests=BAYES_50,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_ONLY_12,HTML_MESSAGE,
HTML_SHORT_LINK_IMG_1,PYZOR_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,
RCVD_IN_RP_RNBL,RDNS_NONE,T_REMOTE_IMAGE,URIBL_BLOCKED,URIBL_DBL_SPAM,
URIBL_JP_SURBL,URIBL_SBL,URIBL_SBL_A autolearn=no autolearn_force=no
version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5AC4CD70.0E9C30C5"
This is a multi-part message in MIME format.
------------=_5AC4CD70.0E9C30C5
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Wurde bestraft - kein Christkind mehr: http://te7j.grebgroup.com
Ich möchte mich abmelden: http://grebgroup.com/ub.php?p=2nmk5481908kqyk9k019wttbqtx8bp4atatjp
Wurde bestraft - kein Christkind mehr [...]
Content analysis details: (13.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: grebgroup.com]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: grebgroup.com]
1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
[URIs: grebgroup.com]
1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[185.207.10.128 listed in bb.barracudacentral.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[185.207.10.128 listed in bl.score.senderscore.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?185.207.10.128>]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URIs: te7ja.grebgroup.com]
1.6 URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist
[URIs: te7ja.grebgroup.com]
0.0 HTML_MESSAGE BODY: HTML included in message
2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 T_REMOTE_IMAGE Message contains an external image
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_5AC4CD70.0E9C30C5
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from mailbox.grebgroup.com (unknown [185.207.10.128])
by ift-informatik.de (Postfix) with ESMTP id 3B1813D200005
for <darjan.peric@ift-informatik.de>; Wed, 4 Apr 2018 15:04:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=grebgroup.com;
h=Date:To:From:Message-ID:Subject:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=arminytctfsgachilles@grebgroup.com;
bh=k5Vw53OZDS2zSB4CqNB8hStEQ6o=;
b=sxjJtkhLWuTKEmmfWHEMn3iOnckOOZLUIbDubO8ArJ9+XfPXML+hzeHCMA4B2lRbPa+Lv6NRgbJ0
AMxRGqeMfJex7pDmJW6dIqvi9Ewl0X0eF42hRWBhAwj0eou2hW6rOVZ7dwwJEvcVWz4x0zZkg6EV
pUP/FdKdWY+8SRFXCiQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=grebgroup.com;
b=CcZdJFAue4xgNXOW2dc01VD+SLeS2pvUGALskQL8OQ8jk02EHJdzszoT1XUsQl07Mc43gMs+lnkO
gPaR1zirxPy4cssPg7Zy3rSVa8qmnFTZjbhLgs/MsHO/Q9rN2BKqqhRMmojmzvtIEt/SVyQBJlBA
XT1qxntxnXPM9IgE7m4=;
Date: Wed, 4 Apr 2018 15:03:04 +0200
To: <darjan.peric@ift-informatik.de>
From: =?UTF-8?Q?Armin_Achilles?= <arminytctfsgachilles@grebgroup.com>
Message-ID: <VULHFWA.237228966492665520@ezyersp.grebgroup.com>
Subject: =?UTF-8?Q?Wurde_bestraft_-_kein_Christkind_mehr?=
MIME-Version: 1.0
X-Report-Abuse: <http://grebgroup.com/aa.php?a=2nmk5481908kqyk9k019wttbqtx8bp4atatjp>
List-Unsubscribe: <http://grebgroup.com/ub.php?b=2nmk5481908kqyk9k019wttbqtx8bp4atatjp>
X-Mailer: PHPMailer 5.2.7
Content-Type: multipart/alternative; boundary=b1_pedv6tnbu6fsd-cZ64AbIcM; charset="UTF-8"
Content-Transfer-Encoding: 8bit
--b1_pedv6tnbu6fsd-cZ64AbIcM
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=0D
Wurde bestraft - kein Christkind mehr:=0D
http://te7j.grebgroup.com=0D
=0D
=0D
=0D
Ich m=C3=B6chte mich abmelden:=0D
http://grebgroup.com/ub.php?p=3D2nmk5481908kqyk9k019wttbqtx8bp4atatjp=0D
--b1_pedv6tnbu6fsd-cZ64AbIcM
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>=0D
<html>=0D
=0D
<head>=0D
</head><body>=0D
<center>=0D
Wurde bestraft - kein Christkind mehr<br /><a href=3D"http://te7j.grebgroup=
.com/2nmk5481908kqyk9k019wttbqtx8bp4atatjp"><img style=3D"border-right-colo=
r:#007700; width:auto; color:fuchsia; " src=3D"http://te7ja.grebgroup.com/0=
0.jpg" /></a>=0D
<br /><a href=3D"http://te7j.grebgroup.com/2nmk5481908kqyk9k019wttbqtx8bp4a=
tatjp" style=3D"font-style:normal; ">Im Auto: Radar-/Blitzerwarner, neuer T=
yp, mehrere Modi</a>=0D
<br /><br /><br /><br />Damit wirst nicht erwischt<br /><br /><a href=3D"ht=
tp://grebgroup.com/ub.php?xya=3D2nmk5481908kqyk9k019wttbqtx8bp4atatjp" styl=
e=3D"border-left:solid 0px #007700; border-right:inset 2px #0000cc; border-=
top:double 1px #cc0000; font-size:12px; background-color:#ffffff;">Hier a =
bmelden</a></center><br />BLECHE NICHT umsonst: verwende ihn=0D
<img src=3D"http://grebgroup.com/ob.php?p=3D2nmk5481908kqyk9k019wttbqtx8bp4=
atatjp" />=0D
</body>=0D
</html>=
--b1_pedv6tnbu6fsd-cZ64AbIcM--
------------=_5AC4CD70.0E9C30C5--