Last Seen:

Posted on:

Job Spammer: Prutha Siri - Javelin Systems

Report Back to Forum Back to All Forums

This one is a bit different. Someone at Javelin Systems has sent out a mass email for an SAP position in Tennessee. The interesting part is that this person has used his AWS hosted domain, bzm.mobi, to send the the mail through Zoniac.

The owner information bzm.mobi is:

Prutha Siri
Prutha Inc
1185 RR Road
El Cajon, CA 92020

Up until recently, I haven't seen too many mails coming through Zoniac. Zoniac claims to be compliant with the CAN-SPAM act, however, I don't think they can honestly do this. One of the features of their product, just like Job Diva, is the ability for a recruiter to search for resumes across many different sources, and directly email that list of potential candidates.  

Sounds innocent enough, but if this tool is wielded by someone who doesn't know what they are doing, you end up with a mass email, as shown above. This guy Prutha probably "works" for Javelin Systems, a recruiter and staffer for IT related candidates and positions. Judging by the whois record, he is probably trying to break out on his own, hence the company name of "Prutha Inc" in the company field of the whois record. However, since he is broke, he is using Javelin sponsored resources to get lists of positions and candidates, while emailing from his AWS-hosted script.

The address given in the whois record doesn't appear to exist.  The nearest similar street name is Railroad Avenue in El Cajon, CA, which is actually a vacant lot.

Javelin Systems - you might want to check this out. I've included the mail header for your information.

Delivered-To: xxxxx@xxxxx.xxx
Received: by with SMTP id i4csp3309674uaa;
        Sun, 10 Sep 2017 00:01:17 -0700 (PDT)
X-Google-Smtp-Source: ADKCNb6pjjzHvzjaN0hBriHbB7/jp2Rg206k7ujr+5dIwQS0ettDHTuBL67Pum8COyLBzBsc/4NS
X-Received: by with SMTP id 88mr9507942plc.138.1505026877534;
        Sun, 10 Sep 2017 00:01:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1505026877; cv=none;
        d=google.com; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of javelinn2s@bzm.mobi designates as permitted sender) smtp.mailfrom=javelinn2s@bzm.mobi
Return-Path: <javelinn2s@bzm.mobi>
Received: from zoniac1.nmsrv.com (zoniac1.nmsrv.com. [])
        by mx.google.com with ESMTPS id w23si4694665plk.177.2017.
        for <xxxxx@xxxxx.xxx>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 10 Sep 2017 00:01:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of javelinn2s@bzm.mobi designates as permitted sender) client-ip=;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of javelinn2s@bzm.mobi designates as permitted sender) smtp.mailfrom=javelinn2s@bzm.mobi
Received: (qmail 9869 invoked from network); 10 Sep 2017 07:01:16 -0000
Received: from ec2-184-73-225-255.compute-1.amazonaws.com (HELO ip-10-45-81-14.ec2.internal) (javelinn2s@bzm.mobi@
  by zoniac1.nmsrv.com with ESMTPA; 10 Sep 2017 07:01:16 -0000
Date: Sun, 10 Sep 2017 07:01:00 +0000 (UTC)
From: Javelin Systems <reqs@javelinsys.com>
Reply-To: reqs@javelinsys.com
To: xxxxx@xxxxx.xxx
Message-ID: <1505026860488.2674750361960869.reqs@javelinsys.com>
Subject: SAP Basis with BW / BI Integration in TN
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_2520678_305134628.1505026860489"
Importance: Normal
X-Mailer: Zoniac Mailer System
X-Zoniac-TrackerID: 7d2e232c23299c730073e048f92f790c6df771666bf7a83f56eaf109c7f506e3410468aae1dfaa71df8c927a09fb124c

You must be logged in order to post a reply.

Code Links