Casino phish from ovh
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 27 Dec 2024 14:22:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tRHlh-000000002Ev-02dq
for dave@doctor.nl2k.ab.ca;
Fri, 27 Dec 2024 14:21:13 -0700
Resent-From: The Doctor
Resent-Date: Fri, 27 Dec 2024 14:21:12 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail.optimails.info ([57.128.219.178]:33503 helo=vps-2096059c.vps.ovh.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1tRHX7-000000001ZX-2kFk
for root@doctor.nl2k.ab.ca;
Fri, 27 Dec 2024 14:06:15 -0700
Received: from optimails.info (vps-2096059c.vps.ovh.net [57.128.219.178])
by vps-2096059c.vps.ovh.net (Postfix) with ESMTPSA id AB46B3077303
for; Fri, 27 Dec 2024 21:04:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=optimails.info;
s=default; t=1735333465;
bh=KeeRqQopjVPbaFWMnnCwVaCyGyi1u9GAcRkepH8Wl9I=; h=Subject:From:To;
b=VU8CuOdv6cxtQl7p5BnAeoqqCcHQLtQ4aMG4TezfdeN2EqurmW4ClCa+Kpgj/10ph
Qd7mC4X0EtFRhEI8fl0skWff+6HvIDlSQlnQACI7lvwj2QIwyX+MytrWeObTV2VQ6Y
4spQOO3blrlt8KoGiprES1reElOYM31PZ/NQsaYXLuDd2fCCE92ZmN8ixvxXLkaOAp
9jmK7TwchuL5w2cZ2/4MkGygsn8VYirQjbEUoeMR6hZe5ygdLgC2ET0aOvz3viGnhH
9D3fwAMXoNjC4iLwRckpf2l7Vk3VJfwugxDDeXA1ulrxrxIDbdEf9IwIeKrlGj9bRe
btlEP0BMmdKGQ==
Authentication-Results: vps-2096059c.vps.ovh.net;
spf=pass (sender IP is 57.128.219.178) smtp.mailfrom=vyutrhsdgsgsagf@optimails.info smtp.helo=optimails.info
Received-SPF: pass (vps-2096059c.vps.ovh.net: connection is authenticated)
Message-ID:
Date: Fri, 27 Dec 2024 21:04:25 +0000
Subject: 3,000 USDT Casino Cashback Bonus!
From: Ubet
Reply-To: Ubet
To: "root@doctor.nl2k.ab.ca"
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_1735333465_da1a2345e73d148418d5c3b0bf552547_=_"
X-Report-Abuse: https://optimails.info/index.php/campaigns/bw421ghroj3ec/report-abuse/jf619wq2wrb51/nd4339wbn2fb7
x-job: bw421ghroj3ec
X-EBS: https://optimails.info/index.php/lists/block-address
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe:,
List-Id: jf619wq2wrb51
Feedback-ID: bw421ghroj3ec:nd4339wbn2fb7:jf619wq2wrb51:ks531ferkb96b
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: View online here Unsubscribe Here [https://optimails.info/index.php/campaigns/bw421ghroj3ec/track-url/nd4339wbn2fb7/0d683208b81c05f8c5399d8fdb421cbb0b123219]
Hey! Claim my 100% deposit match bonus and get 50 free spins on me. Let’s
have some fun! UBET | Casino & Sports Betting UBET | Casino & Sports Betting
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
[57.128.219.178 listed in dnsbl.ahbl.org]
[57.128.219.178 listed in dnsbl.ahbl.org]
[57.128.219.178 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: optimails.info]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[57.128.219.178 listed in sa-trusted.bondedsender.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[57.128.219.178 listed in sa-accredit.habeas.com]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[57.128.219.178 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[57.128.219.178 listed in bl.score.senderscore.com]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: optimails.info]
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.5 SARE_SUB_CASINO Subject contains spammer subject - gambling
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.3 LONGWORD BODY: Uses overlong words
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
0.8 IMG_ONLY_FM_DOM_INFO HTML image-only message from .info domain
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} 3,000 USDT Casino Cashback Bonus!
--_=_swift_1735333465_da1a2345e73d148418d5c3b0bf552547_=_
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
View online here
Unsubscribe Here
[https://optimails.info/index.php/=
campaigns/bw421ghroj3ec/track-url/nd4339wbn2fb7/0d683208b81c05f8c5399d8fdb4=
21cbb0b123219]
Hey! Claim my 100% deposit match bonus and get 50 free =
spins on me.
Let=E2=80=99s have some fun! UBET | Casino & Sports Betting =
UBET | Casino &
Sports Betting
--_=_swift_1735333465_da1a2345e73d148418d5c3b0bf552547_=_
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
=093,000 USDT Casino Cashback Bonus!
/bw421ghroj3ec/track-url/nd4339wbn2fb7/80427e51a125b8f180d24cc7d52fcc1ba78c=
78e6">View online here

/543778ec9918ac578e52525d2b59cbfb/WELCOME_OFFER_-1.jpg" style=3D"height: 11=
34px; width: 600px;" />
Unsubscribe
s.info/index.php/campaigns/bw421ghroj3ec/track-url/nd4339wbn2fb7/0d683208b8=
1c05f8c5399d8fdb421cbb0b123219">Here
or:transparent;">Hey! Claim my 100% deposit match bonus and get 50 free spi=
ns on me. Let=E2=80=99s have some fun! UBET | Casino & Sports Betting UBET =
| Casino & Sports Betting
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 27 Dec 2024 14:22:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tRHlh-000000002Ev-02dq
for dave@doctor.nl2k.ab.ca;
Fri, 27 Dec 2024 14:21:13 -0700
Resent-From: The Doctor
Resent-Date: Fri, 27 Dec 2024 14:21:12 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail.optimails.info ([57.128.219.178]:33503 helo=vps-2096059c.vps.ovh.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tRHX7-000000001ZX-2kFk
for root@doctor.nl2k.ab.ca;
Fri, 27 Dec 2024 14:06:15 -0700
Received: from optimails.info (vps-2096059c.vps.ovh.net [57.128.219.178])
by vps-2096059c.vps.ovh.net (Postfix) with ESMTPSA id AB46B3077303
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=optimails.info;
s=default; t=1735333465;
bh=KeeRqQopjVPbaFWMnnCwVaCyGyi1u9GAcRkepH8Wl9I=; h=Subject:From:To;
b=VU8CuOdv6cxtQl7p5BnAeoqqCcHQLtQ4aMG4TezfdeN2EqurmW4ClCa+Kpgj/10ph
Qd7mC4X0EtFRhEI8fl0skWff+6HvIDlSQlnQACI7lvwj2QIwyX+MytrWeObTV2VQ6Y
4spQOO3blrlt8KoGiprES1reElOYM31PZ/NQsaYXLuDd2fCCE92ZmN8ixvxXLkaOAp
9jmK7TwchuL5w2cZ2/4MkGygsn8VYirQjbEUoeMR6hZe5ygdLgC2ET0aOvz3viGnhH
9D3fwAMXoNjC4iLwRckpf2l7Vk3VJfwugxDDeXA1ulrxrxIDbdEf9IwIeKrlGj9bRe
btlEP0BMmdKGQ==
Authentication-Results: vps-2096059c.vps.ovh.net;
spf=pass (sender IP is 57.128.219.178) smtp.mailfrom=vyutrhsdgsgsagf@optimails.info smtp.helo=optimails.info
Received-SPF: pass (vps-2096059c.vps.ovh.net: connection is authenticated)
Message-ID:
Date: Fri, 27 Dec 2024 21:04:25 +0000
Subject: 3,000 USDT Casino Cashback Bonus!
From: Ubet
Reply-To: Ubet
To: "root@doctor.nl2k.ab.ca"
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_1735333465_da1a2345e73d148418d5c3b0bf552547_=_"
X-Report-Abuse: https://optimails.info/index.php/campaigns/bw421ghroj3ec/report-abuse/jf619wq2wrb51/nd4339wbn2fb7
x-job: bw421ghroj3ec
X-EBS: https://optimails.info/index.php/lists/block-address
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe:
List-Id: jf619wq2wrb51
Feedback-ID: bw421ghroj3ec:nd4339wbn2fb7:jf619wq2wrb51:ks531ferkb96b
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: View online here Unsubscribe Here [https://optimails.info/index.php/campaigns/bw421ghroj3ec/track-url/nd4339wbn2fb7/0d683208b81c05f8c5399d8fdb421cbb0b123219]
Hey! Claim my 100% deposit match bonus and get 50 free spins on me. Let’s
have some fun! UBET | Casino & Sports Betting UBET | Casino & Sports Betting
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
[57.128.219.178 listed in dnsbl.ahbl.org]
[57.128.219.178 listed in dnsbl.ahbl.org]
[57.128.219.178 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[57.128.219.178 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
[57.128.219.178 listed in will-spam-for-food.eu.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: optimails.info]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[57.128.219.178 listed in sa-trusted.bondedsender.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[57.128.219.178 listed in sa-accredit.habeas.com]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[57.128.219.178 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[57.128.219.178 listed in bl.score.senderscore.com]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: optimails.info]
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.5 SARE_SUB_CASINO Subject contains spammer subject - gambling
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.3 LONGWORD BODY: Uses overlong words
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
0.8 IMG_ONLY_FM_DOM_INFO HTML image-only message from .info domain
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} 3,000 USDT Casino Cashback Bonus!
--_=_swift_1735333465_da1a2345e73d148418d5c3b0bf552547_=_
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
View online here
Unsubscribe Here
[https://optimails.info/index.php/=
campaigns/bw421ghroj3ec/track-url/nd4339wbn2fb7/0d683208b81c05f8c5399d8fdb4=
21cbb0b123219]
Hey! Claim my 100% deposit match bonus and get 50 free =
spins on me.
Let=E2=80=99s have some fun! UBET | Casino & Sports Betting =
UBET | Casino &
Sports Betting
--_=_swift_1735333465_da1a2345e73d148418d5c3b0bf552547_=_
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
=09
/bw421ghroj3ec/track-url/nd4339wbn2fb7/80427e51a125b8f180d24cc7d52fcc1ba78c=
78e6">View online here
/543778ec9918ac578e52525d2b59cbfb/WELCOME_OFFER_-1.jpg" style=3D"height: 11=
34px; width: 600px;" />
Unsubscribe
s.info/index.php/campaigns/bw421ghroj3ec/track-url/nd4339wbn2fb7/0d683208b8=
1c05f8c5399d8fdb421cbb0b123219">Here
or:transparent;">Hey! Claim my 100% deposit match bonus and get 50 free spi=
ns on me. Let=E2=80=99s have some fun! UBET | Casino & Sports Betting UBET =
| Casino & Sports Betting
igns/bw421ghroj3ec/track-opening/nd4339wbn2fb7" alt=3D"" />
--_=_swift_1735333465_da1a2345e73d148418d5c3b0bf552547_=_--