| Current Path : /proc/thread-self/root/home/ift/mails/35/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //proc/thread-self/root/home/ift/mails/35/1537487548.zrspam.353732_2018_09_21 |
From Derkwtjwg@ono.com Fri Sep 21 01:52:28 2018
Return-Path: <Derkwtjwg@ono.com>
X-Original-To: tjungblut@ift-informatik.de
Delivered-To: tjungblut@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
id 3FCCC3D200A53; Fri, 21 Sep 2018 01:52:28 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
with SpamAssassin (version 3.4.0);
Fri, 21 Sep 2018 01:52:28 +0200
From: "Monique" <Derkwtjwg@ono.com>
To: "Monique" <tobias.jungblut@ift-informatik.de>
Subject: *****SPAM***** ACTIVATE your $12,000 membership inside
Date: Thu, 20 Sep 2018 15:01:45 -0700
Message-Id: <A0EF6BA2.8A18073B@ono.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: ******************************
X-Spam-Status: Yes, score=30.7 required=5.0 tests=BAYES_99,FROM_LOCAL_NOVOWEL,
HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,HTML_OBFUSCATE_20_30,LOTS_OF_MONEY,
MIME_BASE64_TEXT,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PBL,
RCVD_IN_RP_RNBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,TVD_RCVD_IP,URIBL_BLOCKED,
URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_SBL,URIBL_SBL_A autolearn=spam
autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5BA432BC.B88FA76D"
This is a multi-part message in MIME format.
------------=_5BA432BC.B88FA76D
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Can you imagine making HUNDREDS OF THOUSANDS every month?
Yeah, THAT would change your life just a bit, right? Raking in profits of
$400K, $500K and more in a month, EVERY month would be EPIC! [...]
Content analysis details: (30.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: moneyforyou.su]
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: moneyforyou.su]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URIs: moneyforyou.su]
1.6 URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist
[URIs: moneyforyou.su]
1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
[URIs: moneyforyou.su]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?82.158.168.147>]
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[82.158.168.147 listed in zen.spamhaus.org]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 0.9986]
3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
IP)
0.0 TVD_RCVD_IP No description available.
0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[82.158.168.147 listed in dnsbl.sorbs.net]
2.4 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[82.158.168.147 listed in bl.mailspike.net]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[82.158.168.147 listed in bl.score.senderscore.com]
1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[82.158.168.147 listed in bb.barracudacentral.org]
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 HTML_OBFUSCATE_20_30 BODY: Message is 20% to 30% HTML obfuscation
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.0 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_5BA432BC.B88FA76D
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from 82.158.168.147.dyn.user.ono.com (82.158.168.147.dyn.user.ono.com [82.158.168.147])
by ift-informatik.de (Postfix) with ESMTP id EDCE63D200005
for <tobias.jungblut@ift-informatik.de>; Fri, 21 Sep 2018 01:52:25 +0200 (CEST)
Received: from mail.naihautsui.co.kr ([162.55.80.226]) by mxs.perenter.com with NNFMP; Thu, 20 Sep 2018 15:33:27 -0700
Received: from unknown (26.155.222.89)
by mail.naihautsui.co.kr with ESMTP; Thu, 20 Sep 2018 15:20:39 -0700
Received: from public.micromail.com.au ([117.178.16.77]) by relay37.vosimerkam.net with LOCAL; Thu, 20 Sep 2018 15:12:40 -0700
Received: from unknown (HELO webmail.halftomorrow.com) (Thu, 20 Sep 2018 15:01:45 -0700)
by relay-x.misswldrs.com with NNFMP; Thu, 20 Sep 2018 15:01:45 -0700
Message-ID: <A0EF6BA2.8A18073B@ono.com>
Date: Thu, 20 Sep 2018 15:01:45 -0700
Reply-To: "Monique" <Derkwtjwg@ono.com>
From: "Monique" <Derkwtjwg@ono.com>
User-Agent: Rodriquezmail v9.8
MIME-Version: 1.0
To: "Monique" <tobias.jungblut@ift-informatik.de>
Subject: ACTIVATE your $12,000 membership inside
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: base64
PCFkb2N0eXBlICBodG1sPg0KPGh0bWw+DQo8aGVhZD4NCjxtZXRhIGNoYXJzZXQ9InV0Zi04Ij4N
CjwvaGVhZD4NCg0KPGJvZHk+PGhyPg0KPGgxPkNhbiA8U1RSSUtFPnk8L1NUUklLRT5vdSAgaW1h
Z2luPFU+ZTwvVT4gbWFraW5nIEhVTkRSRURTIDxTUEFOPk9GIDwvU1BBTj5USDxTVFJJS0U+Tzwv
U1RSSUtFPlVTQU5EUyBldmVyeSAgPFNQQU4+bW9udDwvU1BBTj5oPzxoZWFkZXI+PC9oZWFkZXI+
DQo8L2gxPjxkaXY+PC9kaXY+DQo8cD5ZZWE8VT5oPC9VPiwgVEhBVCAgd291bGQgY2hhbmdlIDxG
T05UIGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+eW88L0ZPTlQ+dXIgbGlmZSBqPEZPTlQgY29sb3I9
IzU5M2U4Mj51czwvRk9OVD50ICBhIGJpdCwgPFNQQU4+cmlnaDwvU1BBTj50PzwvcD4NCjxicj48
YnI+DQo8cD5SYWtpbmcgIGluPFNUUklLRT4gPC9TVFJJS0U+cHJvZml0cyBvZiAkNDAwSywgICQ1
MDBLICBhbmQgbW9yZSAgaW4gYSBtb250aCwgRVZFUlkgIG1vbnRoIHdvdWxkICBiZSAgRVBJQyE8
L3A+DQo8dWw+PHA+PC9wPjwvdWw+DQo8cD5UPFNUUklLRT5oPC9TVFJJS0U+ZSAgbHVja3kgZmV3
ICB1c2U8ST5yczwvST4gIG88U1BBTj5mIHRoaXM8L1NQQU4+IG5ldyBzb2Z0d2FyZSA8U1BBTj5h
cmU8L1NQQU48U1BBTj4+IGRvaW5nIDwvU1BBTj50aGF0PFNUUk9ORz4gYTwvU1RST05HPm5kIE1P
UkUhPC9wPg0KPHRhYmxlICB3aWR0aD0iMzYlIiBib3JkZXI9IjAiPjx0Ym9keT48dHI+PHRkPjwv
dGQ+PHRkPjwvdGQ+PHRkPjwvdGQ+PHRkPjwvdGQ+PHRkPjwvdGQ+PC90cj48L3Rib2R5PjwvdGFi
bGU+DQo8aDM+PGEgaHJlZj0iaHR0cDovL21vbmV5Zm9yeW91LnN1LyIgdGFyZ2V0PSJfYmxhbmsi
IHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246ICBub25lO2NvbG9yOiAjMDA4QkM2OyI+PHN0cm9uZz5H
PFNQQU4+ZXQgc3RhcjwvU1BBTj50PEZPTlQgY29sb3I9IzMxNzUgZT5lZDwvRk9OVD4gdG9kYXkh
PC9zdHJvbmc+PC9hPg0KPC9oMz4NCjxocj4NCjxwPjxhIGhyZWY9Imh0dHA6Ly9tb25leWZvcnlv
dS5zdS8iIHRhcmdldD0iX2JsYW5rIj5odHRwOi8vbW9uPEZPTlQgZmFjZT1UYWhvbWE+ZXk8L0ZP
TlQ+Zm9yPFNQQU4+eW91LnN1PC9TUEFOPi88L2E+PC9wPjx1bD48L3VsPg0KPC9ib2R5Pg0KPC9o
dG1sPg0K
------------=_5BA432BC.B88FA76D--