Welcome To Our Shell

Mister Spy & Souheyl Bypass Shell

From Jang@mchsi.com  Sat Sep 22 09:11:07 2018
Return-Path: <Jang@mchsi.com>
X-Original-To: cgabriel@ift-informatik.de
Delivered-To: cgabriel@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
	id 9C1A83D200A96; Sat, 22 Sep 2018 09:11:07 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
	with SpamAssassin (version 3.4.0);
	Sat, 22 Sep 2018 09:11:07 +0200
From: "Anne" <Jang@mchsi.com>
To: "Anne" <info@ift-informatik.de>
Subject: *****SPAM***** Do you make $1,120.75 a day?
Date: Sat, 22 Sep 2018 05:58:04 -0700
Message-Id: <63CF1FFF.FBD00768@mchsi.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: ***************************
X-Spam-Status: Yes, score=27.7 required=5.0 tests=BAYES_99,
	CK_HELO_DYNAMIC_SPLIT_IP,DATE_IN_FUTURE_03_06,HELO_DYNAMIC_IPADDR2,
	HTML_MESSAGE,HTML_OBFUSCATE_20_30,LOTS_OF_MONEY,MIME_BASE64_TEXT,
	MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_RP_RNBL,RDNS_DYNAMIC,
	TVD_RCVD_IP,URIBL_BLOCKED,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_SBL,URIBL_SBL_A
	autolearn=spam autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5BA5EB0B.386127A4"

This is a multi-part message in MIME format.

------------=_5BA5EB0B.386127A4
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:  Can you imagine making HUNDREDS OF THOUSANDS every month?
   Yeah, THAT would change your life just a bit, right? Raking in profits of
   $400K, $500K and more in a month, EVERY month would be EPIC! [...] 

Content analysis details:   (27.7 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.2 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: moneyforyou.su]
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: moneyforyou.su]
 1.7 URIBL_DBL_SPAM         Contains an URL listed in the DBL blocklist
                            [URIs: moneyforyou.su]
 0.1 URIBL_SBL_A            Contains URL's A record listed in the SBL blocklist
                            [URIs: moneyforyou.su]
 1.6 URIBL_SBL              Contains an URL's NS IP listed in the SBL blocklist
                            [URIs: moneyforyou.su]
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
 0.0 TVD_RCVD_IP            No description available.
 0.0 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
                            (Split IP)
 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see <http://www.spamcop.net/bl.shtml?97.64.134.100>]
 1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
                            https://senderscore.org/blacklistlookup/
                            [97.64.134.100 listed in bl.score.senderscore.com]
 1.4 RCVD_IN_BRBL_LASTEXT   RBL: No description available.
                            [97.64.134.100 listed in bb.barracudacentral.org]
 3.0 DATE_IN_FUTURE_03_06   Date: is 3 to 6 hours after Received: date
 0.7 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 2.0 HTML_OBFUSCATE_20_30   BODY: Message is 20% to 30% HTML obfuscation
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.7 MIME_BASE64_TEXT       RAW: Message text disguised using base64 encoding
 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 3.6 HELO_DYNAMIC_IPADDR2   Relay HELO'd using suspicious hostname (IP addr
                            2)
 1.0 RDNS_DYNAMIC           Delivered to internal network by host with
                            dynamic-looking rDNS
 0.0 LOTS_OF_MONEY          Huge... sums of money

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_5BA5EB0B.386127A4
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Received: from 97-64-134-100.client.mchsi.com (97-64-134-100.client.mchsi.com [97.64.134.100])
	by ift-informatik.de (Postfix) with ESMTP id 6D6503D200058
	for <info@ift-informatik.de>; Sat, 22 Sep 2018 09:11:03 +0200 (CEST)
Received: from unknown (HELO mmx09.tilkbans.com) (Sat, 22 Sep 2018 05:58:04 -0700)
	by smtp.mixedthings.net with NNFMP; Sat, 22 Sep 2018 05:58:04 -0700
Message-ID: <63CF1FFF.FBD00768@mchsi.com>
Date: Sat, 22 Sep 2018 05:58:04 -0700
Reply-To: "Anne" <Jang@mchsi.com>
From: "Anne" <Jang@mchsi.com>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Anne" <info@ift-informatik.de>
Subject: Do you make $1,120.75 a day?
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: base64

PCFkb2N0eXBlIGh0bWw+DQo8aHRtbD4NCjxoZWFkPg0KPG1ldGEgIGNoYXJzZXQ9InV0Zi04Ij4N
CjwvaGVhZD4NCg0KPGJvZHk+PHVsPjxwPjwvcD48L3VsPg0KPGgxPkNhbiA8VT55PC9VPm91ICBp
bWFnPFNQQU4+aW5lPC9TUEFOPiBtYWtpPEI+bjwvQj5nICBIVU5EUkVEPFNQQU4+UyBPPC9TUEFO
PkYgVEhPPFM+VTwvUz5TQU5EUyAgZXZlcjxGT05UIGNvbG9yPSM4NjY3ZWI+eSA8L0ZPTlQ+bW9u
dGg/PHA+PC9wPg0KPC9oMT48dGFibGUgd2lkdGg9IjMwJSIgYm9yZGVyPSIwIj48dGJvZHk+PHRy
Pjx0ZD48L3RkPjx0ZD48L3RkPjwvdHI+PC90Ym9keT48L3RhYmxlPg0KPHA+WWU8VT5hPC9VPmgs
ICBUSEFUIHdvdWxkIGNoYW5nZSB5b3VyIGxpZmUganVzdDxGT05UICBmYWNlPSJUaW1lcyBOZXcg
Um9tYW4iPiBhPC9GT05UPiBiaXQsIHJpZ2h0PzwvcD4NCjx0YWJsZSB3aWR0aD0iNTclIiBib3Jk
ZXI9IjAiPjx0Ym9keT48dHI+PHRkPjwvdGQ+PHRkPjwvdGQ+PC90cj48L3Rib2R5PjwvdGFibGU+
DQo8cD5SPEI+YWs8L0I+aW5nIGluIHByb2ZpdHMgIG9mICQ0MDxGT05UIGZhY2U9VGFob21hPjBL
PC9GT05UPiwgJDUwMEsgIDxFTT5hbmQ8L0VNPiAgbW9yZSAgaW4gYSAgbW9udGgsIEU8Rk9OVCAg
ZmFjZT0iTVMgU2FucyBTZXJpZiI+VkU8L0ZPTlQ+UlkgbW9udGggd291bGQ8U1RSSUtFPiA8L1NU
UklLRT5iZSBFUElDITwvcD4NCjxicj48YnI+DQo8cD5UaGUgPEZPTlQgIGNvbG9yPSM3YTU5ZjI+
bHU8L0ZPTlQ+Y2t5IGZlPFNUUk9ORz53PC9TVFJPTkc+IHVzZXJzIG88Rk9OVCBjb2xvcj0jNWEx
NmIwPmY8L0ZPTlQ+IHRoaXMgbmV3IHNvZnR3YXJlIDxFTT5hcjwvRU0+ZSBkb2luZyB0PFNUUklL
RT5oPC9TVFJJS0U+YXQgYW5kIE08U1RSSUtFPk88L1NUUklLRT5SRSE8L3A+DQo8b2w+PHA+PC9w
Pjwvb2w+DQo8aDM+PGEgaHJlZj0iaHR0cDovL21vbmV5Zm9yeW91LnN1LyIgdGFyZ2V0PSJfYmxh
bmsiICBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOiBub25lO2NvbG9yOiAjMDA4QkM2OyI+PHN0cm9u
Zz5HZXQgc3RhcnRlZCB0b2RheSE8L3N0cm9uZz48L2E+DQo8L2gzPg0KPGhlYWRlcj48L2hlYWRl
cj4NCjxwPjxhIGhyZWY9Imh0dHA6Ly9tb25leWZvcnlvdS5zdS8iIHRhcmdldD0iX2JsYW5rIj5o
dHRwOi8vbW9uZXlmb3J5b3Uuc3UvPC9hPjwvcD48dGFibGUgd2lkdGg9IjAxJSIgYm9yZGVyPSIw
Ij48dGJvZHk+PHRyPjx0ZD48L3RkPjx0ZD48L3RkPjx0ZD48L3RkPjwvdHI+PC90Ym9keT48L3Rh
YmxlPg0KPC9ib2R5Pg0KPC9odG1sPg0K


------------=_5BA5EB0B.386127A4--