IP emitting advance fee fraud (‘419’) spam, probably thanks to a compromised password.
mail.pdf-books.org. 300 IN A 206.81.8.224
==================================================================
Return-Path: <info@bapco.com>
Received: from server.pdf-books.org (unknown [206.81.8.224])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by x (Postfix) with ESMTPS id x
for <x>; Mon, 14 Feb 2022 xx:xx:xx +0100 (CET)
Received: from User (unknown [45.87.63.117])
by server.pdf-books.org (Postfix) with ESMTPA id x;
Mon, 14 Feb 2022 xx:xx:xx +0000 (UTC)
Reply-To: etalib2@yahoo.com
From: Ebrahim Talib <info@bapco.com>
Subject: Opened For Business !!!
Date: Mon, 14 Feb 2022 xx:xx:xx +0100
MIME-Version: 1.0
Content-Type: text/html;
charset=»Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Hello, I have a project plan to discuss with you, which might interest you,
It’s about a project worth the sum of $25M. Please reply back to this message
for further details.