| Current Path : /proc/thread-self/root/home/ift/mails/36/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //proc/thread-self/root/home/ift/mails/36/1539995738.zrspam.368090_2018_10_20 |
From Melcherlrup@ertelecom.ru Sat Oct 20 02:35:38 2018
Return-Path: <Melcherlrup@ertelecom.ru>
X-Original-To: tjungblut@ift-informatik.de
Delivered-To: tjungblut@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
id 683C93D200020; Sat, 20 Oct 2018 02:35:38 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
with SpamAssassin (version 3.4.0);
Sat, 20 Oct 2018 02:35:38 +0200
From: "Gabriele" <Melcherlrup@ertelecom.ru>
To: "Gabriele" <tobias.jungblut@ift-informatik.de>
Subject: *****SPAM***** Exactly what I wanted!
Date: Fri, 19 Oct 2018 22:47:23 -0700
Message-Id: <25F0BEA7.C298928D@ertelecom.ru>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: ************************
X-Spam-Status: Yes, score=24.6 required=5.0 tests=BAYES_99,
CK_HELO_DYNAMIC_SPLIT_IP,CK_HELO_GENERIC,DKIM_ADSP_ALL,FREEMAIL_FROM,
HELO_DYNAMIC_IPADDR2,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_OBFUSCATE_10_20,
HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_RP_RNBL,
RDNS_NONE,TVD_RCVD_SPACE_BRACKET,T_REMOTE_IMAGE,UNPARSEABLE_RELAY,
URIBL_BLOCKED,URIBL_JP_SURBL,URIBL_SBL,URIBL_SBL_A autolearn=spam
autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5BCA785A.F33C5486"
This is a multi-part message in MIME format.
------------=_5BCA785A.F33C5486
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi! I know you real man! Can you fu**ck me tonight? Maybe
tomorrow? here is my phone and private photo, save it and call at any time
http://hotgirlshere.su/vip/ [...]
Content analysis details: (24.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: media.tumblr.com]
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: hotgirlshere.su]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URIs: hotgirlshere.su]
1.6 URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist
[URIs: hotgirlshere.su]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?92.255.236.166>]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 TVD_RCVD_SPACE_BRACKET No description available.
0.0 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or
Generic rPTR
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[92.255.236.166 listed in bl.score.senderscore.com]
2.4 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[92.255.236.166 listed in bl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(melcherlrup[at]ertelecom.ru)
0.8 DKIM_ADSP_ALL No valid author signature, domain signs all mail
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation
1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[92.255.236.166 listed in bb.barracudacentral.org]
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
0.0 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
2)
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.0 T_REMOTE_IMAGE Message contains an external image
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_5BCA785A.F33C5486
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from 92x255x236x166.static-business.kirov.ertelecom.ru (unknown [92.255.236.166])
by ift-informatik.de (Postfix) with ESMTP id 2A9FA3D200005
for <tobias.jungblut@ift-informatik.de>; Sat, 20 Oct 2018 02:35:28 +0200 (CEST)
Received: from mtu67.syds.piswix.net ([Fri, 19 Oct 2018 23:19:41 -0700])
by external.newsubdomain.com with ASMTP; Fri, 19 Oct 2018 23:19:41 -0700
Received: from mtu67.syds.piswix.net ([149.200.37.169]) by group21.345mail.com with ESMTP; Fri, 19 Oct 2018 23:07:45 -0700
Received: from [190.178.229.53] by mailout.endmonthnow.com with ESMTP; Fri, 19 Oct 2018 22:55:40 -0700
Received: from unknown (HELO relay-x.misswldrs.com) (Fri, 19 Oct 2018 22:47:23 -0700)
by snmp.otwaloow.com with ASMTP; Fri, 19 Oct 2018 22:47:23 -0700
Message-ID: <25F0BEA7.C298928D@ertelecom.ru>
Date: Fri, 19 Oct 2018 22:47:23 -0700
Reply-To: "Gabriele" <Melcherlrup@ertelecom.ru>
From: "Gabriele" <Melcherlrup@ertelecom.ru>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US) AppleWebKit/85 (KHTML, like Gecko) Safari/85
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Gabriele" <tobias.jungblut@ift-informatik.de>
Subject: Exactly what I wanted!
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: base64
PCFkb2N0eXBlICBodG1sPg0KPGh0bWw+DQo8aGVhZD4NCjxtZXRhIGNoYXJzZXQ9InV0Zi04Ij4N
CjwvaGVhZD4NCg0KPGJvZHk+DQo8aHI+DQpIaSEgSSBrbm93PEZPTlQgY29sb3I9I2M0NjA4Mz4g
eTwvRk9OVD5vdSByZWFsIG1hbiEgQ2FuICB5b3UgZnUqKmNrIG1lICB0b25pZ2h0PyBNYXliZSAg
PEZPTlQgZmFjZT0iTVMgIFNhbnMgU2VyaWYiPnRvPC9GT05UPm1vcnJvdz88b2w+PC9vbD4NCmhl
cmUgIGlzIG15IHBob25lIGFuZCAgcHJpdmF0ZSBwaG90bywgIHNhdmUgaXQgIGFuZDxTUEFOPiBj
YWxsIGF0ICBhbjwvU1BBTj55ICB0aW1lDQo8dGFibGUgd2lkdGg9IjQyJSIgYm9yZGVyPSIwIj48
dGJvZHk+PHRyPjx0ZD48L3RkPjx0ZD48L3RkPjx0ZD48L3RkPjx0ZD48L3RkPjx0ZD48L3RkPjwv
dHI+PC90Ym9keT48L3RhYmxlPg0KPGEgICAgIGhyZWY9Imh0dHA6Ly9ob3RnaXJsc2hlcmUuc3Uv
dmlwLyIgdGFyZ2V0PSJfYmxhbmsiIHN0eWxlPSJmb250LXdlaWdodDogbm9ybWFsO2xldHRlci1z
cGFjaW5nOiAgbm9ybWFsO2xpbmUtaGVpZ2h0OiAxMDAlO3RleHQtZGVjb3JhdGlvbjogIG5vbmU7
Y29sb3I6ICAjNzc3OyI+aDxTUEFOPnR0cDovL2hvdGc8L1NQQU4+aXJsc2hlcjxGT05UIGNvbG9y
PSMgNmYzMzc+ZTwvRk9OVD4uc3UvdmlwLzwvYT4NCjxocj4NCjxhIGhyZWY9Imh0dHA6Ly9ob3Rn
aXJsc2hlcmUuc3UvdmlwLyI+PGltZyAgc3JjPSJodHRwczovLzY2Lm1lZGlhLnR1bWJsci5jb20v
YjUwY2U0MTI3NjIxMzIwMDBjYmEyNjZkOTllZDI2YzEvdHVtYmxyX25vczVuclkzNG4xdGF1YXM2
bzFfNTAwLmdpZiIgYWx0PSJJZiB5b3UgY2xpY2sgaGVyZSwgIHlvdSAgY2FuIHNlZSBteSAgcGhv
dG8iIGJvcmRlcj0iMCIgPjwvYT4NCjxicj4NCjwvYm9keT4NCjwvaHRtbD4NCg==
------------=_5BCA785A.F33C5486--