Welcome To Our Shell

Mister Spy & Souheyl Bypass Shell

From Feifdiym@ertelecom.ru  Mon Oct  8 16:45:37 2018
Return-Path: <Feifdiym@ertelecom.ru>
X-Original-To: tjungblut@ift-informatik.de
Delivered-To: tjungblut@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
	id 1828C3D200016; Mon,  8 Oct 2018 16:45:37 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
	with SpamAssassin (version 3.4.0);
	Mon, 08 Oct 2018 16:45:37 +0200
From: "Martine" <Feifdiym@ertelecom.ru>
To: "Martine" <tobias.jungblut@ift-informatik.de>
Subject: *****SPAM***** Even your eyes can tell me how confident you are. 
Date: Mon, 08 Oct 2018 06:03:36 -0700
Message-Id: <DC39155F.51F8A9BA@ertelecom.ru>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: **************************
X-Spam-Status: Yes, score=26.8 required=5.0 tests=BAYES_99,
	CK_HELO_DYNAMIC_SPLIT_IP,CK_HELO_GENERIC,DKIM_ADSP_ALL,FREEMAIL_FROM,
	FR_3TAG_3TAG,HELO_DYNAMIC_IPADDR2,HTML_IMAGE_ONLY_08,HTML_MESSAGE,
	HTML_SHORT_LINK_IMG_1,MIME_BASE64_TEXT,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
	RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,
	RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_RP_RNBL,
	RCVD_IN_SORBS_DUL,RDNS_NONE,URIBL_BLOCKED,URIBL_JP_SURBL,URIBL_SBL,
	URIBL_SBL_A autolearn=spam autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5BBB6D91.49D4388A"

This is a multi-part message in MIME format.

------------=_5BBB6D91.49D4388A
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:  Want me? wanna fuck me? Ohhhh.... ok, come to me )) Here my
   foto and address, find me :) http://likemenow.su unsubscribe [...] 

Content analysis details:   (26.8 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: media.tumblr.com]
 1.2 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: likemenow.su]
 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see <http://www.spamcop.net/bl.shtml?91.144.174.87>]
 0.1 URIBL_SBL_A            Contains URL's A record listed in the SBL blocklist
                            [URIs: likemenow.su]
 1.6 URIBL_SBL              Contains an URL's NS IP listed in the SBL blocklist
                            [URIs: likemenow.su]
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
 0.0 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
                            (Split IP)
 0.2 CK_HELO_GENERIC        Relay used name indicative of a Dynamic Pool or
                            Generic rPTR
 0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [91.144.174.87 listed in dnsbl.sorbs.net]
 1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
                            https://senderscore.org/blacklistlookup/
                            [91.144.174.87 listed in bl.score.senderscore.com]
 2.4 RCVD_IN_MSPIKE_L5      RBL: Very bad reputation (-5)
                            [91.144.174.87 listed in bl.mailspike.net]
 1.4 RCVD_IN_BRBL_LASTEXT   RBL: No description available.
                            [91.144.174.87 listed in bb.barracudacentral.org]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                            (feifdiym[at]ertelecom.ru)
 0.8 DKIM_ADSP_ALL          No valid author signature, domain signs all mail
 0.7 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.7 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of words
 1.0 FR_3TAG_3TAG           RAW: Looks like 3 <e> small tags.
 1.7 MIME_BASE64_TEXT       RAW: Message text disguised using base64 encoding
 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 0.0 HTML_SHORT_LINK_IMG_1  HTML is very short with a linked image
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS
 3.6 HELO_DYNAMIC_IPADDR2   Relay HELO'd using suspicious hostname (IP addr
                            2)
 0.0 RCVD_IN_MSPIKE_BL      Mailspike blacklisted

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_5BBB6D91.49D4388A
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Received: from 91x144x174x87.static-business.kirov.ertelecom.ru (unknown [91.144.174.87])
	by ift-informatik.de (Postfix) with ESMTP id 434D13D200003
	for <tobias.jungblut@ift-informatik.de>; Mon,  8 Oct 2018 16:45:33 +0200 (CEST)
Received: from unknown (HELO relay37.vosimerkam.net) (Mon, 08 Oct 2018 06:27:48 -0700)
	by relay37.vosimerkam.net with ASMTP; Mon, 08 Oct 2018 06:27:48 -0700
Received: from qrx.quickslick.com [64.145.188.129] by mmx09.tilkbans.com with ESMTP; Mon, 08 Oct 2018 06:13:09 -0700
Received: from [97.15.49.127] by smtp.doneohx.com with ASMTP; Mon, 08 Oct 2018 06:03:36 -0700
Message-ID: <DC39155F.51F8A9BA@ertelecom.ru>
Date: Mon, 08 Oct 2018 06:03:36 -0700
Reply-To: "Martine" <Feifdiym@ertelecom.ru>
From: "Martine" <Feifdiym@ertelecom.ru>
User-Agent: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Martine" <tobias.jungblut@ift-informatik.de>
Subject: Even your eyes can tell me how confident you are. 
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: base64

PCFkb2N0eXBlIGh0bWw+DQo8aHRtbD4NCjxoZWFkPg0KPG1ldGEgY2hhcnNldD0idXRmLTgiPg0K
PC9oZWFkPg0KDQo8Ym9keT4NCjxwPjxicj48L3A+DQo8cD5XYW50IG1lPyB3YW5uYSBmdWNrIG1l
PyBPaGhoaC4uLi4gb2ssIGNvbWUgdG8gbWUgKSkgSGVyZSBteSBmb3RvIGFuZCBhZGRyZXNzLCBm
aW5kIG1lIDopIDwvcD4NCjxwPjx1bD48cD48L3A+PC91bD48L3A+DQo8YSAgIGhyZWY9Imh0dHA6
Ly9saWtlbWVub3cuc3UiIHRhcmdldD0iX2JsYW5rIiBzdHlsZT0iZm9udC13ZWlnaHQ6IG5vcm1h
bDtsZXR0ZXItc3BhY2luZzogbm9ybWFsO2xpbmUtaGVpZ2h0OiAxMDAlO3RleHQtZGVjb3JhdGlv
bjogbm9uZTtjb2xvcjogIzc3NzsiPmh0dHA6Ly9saWtlbWVub3cuc3U8L2E+DQo8cD48b2w+PC9v
bD48L3A+DQo8YSBocmVmPSJodHRwOi8vbGlrZW1lbm93LnN1Ij48aW1nIHNyYz0iaHR0cHM6Ly82
Ni5tZWRpYS50dW1ibHIuY29tLzQ4OWZiMzcyYTBjY2E3OWEwNTMxYTkyYTg1MDJlYjBhL3R1bWJs
cl9vNWJzZWVHeFhQMXVlcGY5aW8yXzUwMC5naWYiIGFsdD0iY2xpY2sgaGVyZSBhbmQgc2VlIG15
IHBob3RvIiBib3JkZXI9IjAiID48L2E+DQo8cD48bmF2PjwvbmF2PjwvcD4NCjxhIGhyZWY9Imh0
dHA6Ly9saWtlbWVub3cuc3UiPnVuc3Vic2NyaWJlPC9hPg0KPHA+PHRhYmxlIHdpZHRoPSIyNiUi
IGJvcmRlcj0iMCI+PHRib2R5Pjx0cj48dGQ+PC90ZD48dGQ+PC90ZD48L3RyPjwvdGJvZHk+PC90
YWJsZT48L3A+DQo8L2JvZHk+DQo8L2h0bWw+DQo=


------------=_5BBB6D91.49D4388A--