Mail server distributing advance fee fraud (‘419’) spam thanks to a compromised password.
rusloterei.ru. 3600 IN A 151.248.120.89
===================================================================================
Return-Path: <info@rusloterei.ru>
Received: from rusloterei.ru (HELO rusloterei.ru) (151.248.120.89)
by x (x) with (AES256-SHA encrypted) ESMTPS; Thu, 13 Jan 2022 xx:xx:xx +0000
Received: from 42-233-24-185.static.servebyte.com ([185.24.233.42] helo=User)
by rusloterei.ru with esmtpa (Exim 4.63)
(envelope-from <info@rusloterei.ru>)
id x; Thu, 13 Jan 2022 xx:xx:xx +0400
Reply-To: mazinhussein747@janitorsolutions.com
From: Mazin Hussein <info@divsinfotech.com>
Subject: Can you supply your products
Date: Thu, 13 Jan 2022 xx:xx:xx -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset=»Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <x@rusloterei.ru>
Dear Supplier,
I am contacting you to take part in the ongoing rebuilding of our great
country Iraq, after many years of conflicts by supplying your products
here in Iraq.
We are determined to purchase your products in large quantities. A
consideration also is that your quotation must be CIF Port of Umm Qasr.
Get back to me with your products name and prices.
Regards,
Mazin Hussein