Last Seen:

Posted on:

Job Spammer: Prutha Siri - Javelin Systems

Report Back to Forum Back to All Forums

This one is a bit different. Someone at Javelin Systems has sent out a mass email for an SAP position in Tennessee. The interesting part is that this person has used his AWS hosted domain,, to send the the mail through Zoniac.

The owner information is:

Prutha Siri
Prutha Inc
1185 RR Road
El Cajon, CA 92020

Up until recently, I haven't seen too many mails coming through Zoniac. Zoniac claims to be compliant with the CAN-SPAM act, however, I don't think they can honestly do this. One of the features of their product, just like Job Diva, is the ability for a recruiter to search for resumes across many different sources, and directly email that list of potential candidates.  

Sounds innocent enough, but if this tool is wielded by someone who doesn't know what they are doing, you end up with a mass email, as shown above. This guy Prutha probably "works" for Javelin Systems, a recruiter and staffer for IT related candidates and positions. Judging by the whois record, he is probably trying to break out on his own, hence the company name of "Prutha Inc" in the company field of the whois record. However, since he is broke, he is using Javelin sponsored resources to get lists of positions and candidates, while emailing from his AWS-hosted script.

The address given in the whois record doesn't appear to exist.  The nearest similar street name is Railroad Avenue in El Cajon, CA, which is actually a vacant lot.

Javelin Systems - you might want to check this out. I've included the mail header for your information.

Received: by with SMTP id i4csp3309674uaa;
        Sun, 10 Sep 2017 00:01:17 -0700 (PDT)
X-Google-Smtp-Source: ADKCNb6pjjzHvzjaN0hBriHbB7/jp2Rg206k7ujr+5dIwQS0ettDHTuBL67Pum8COyLBzBsc/4NS
X-Received: by with SMTP id 88mr9507942plc.138.1505026877534;
        Sun, 10 Sep 2017 00:01:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1505026877; cv=none;; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816;
ARC-Authentication-Results: i=1;;
       spf=pass ( domain of designates as permitted sender)
Return-Path: <>
Received: from ( [])
        by with ESMTPS id w23si4694665plk.177.2017.
        for <>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 10 Sep 2017 00:01:17 -0700 (PDT)
Received-SPF: pass ( domain of designates as permitted sender) client-ip=;
       spf=pass ( domain of designates as permitted sender)
Received: (qmail 9869 invoked from network); 10 Sep 2017 07:01:16 -0000
Received: from (HELO ip-10-45-81-14.ec2.internal) (
  by with ESMTPA; 10 Sep 2017 07:01:16 -0000
Date: Sun, 10 Sep 2017 07:01:00 +0000 (UTC)
From: Javelin Systems <>
Message-ID: <>
Subject: SAP Basis with BW / BI Integration in TN
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_2520678_305134628.1505026860489"
Importance: Normal
X-Mailer: Zoniac Mailer System
X-Zoniac-TrackerID: 7d2e232c23299c730073e048f92f790c6df771666bf7a83f56eaf109c7f506e3410468aae1dfaa71df8c927a09fb124c

You must be logged in order to post a reply.

Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers