Monday, June 21, 2021

Fraud emails Fwd: The payment for Order: 112-8131537-7146650 has been declined.



---------- Forwarded message ----------
From: Andrey Kopelev <ansvet_99@yahoo.com>
Date: Monday, June 21, 2021
Subject: Fraud emails Fwd: The payment for Order: 112-8131537-7146650 has been declined.
To: spam@fightspam.gc.ca, "spam@uce.gov" <spam@uce.gov>, reportphishing@apwg.org, phishing-report@us-cert.gov, abuse@confluence-networks.com, emailscamalerts@gmail.com, domains.admin@broadcom.com, abuse@web.com, stephen.nuthall@broadcom.com, noc@confluence-networks.com, Nocsupport@networksolutions.com


This person IP address  67.219.250.1 repeatedly sends fraud emails with suspicious links impersonating Amazon using  Avago Technologies U.s. Inc  and Network Solutions, LLC as a platform for fraud. I did not order anything from Amazon. This person has no idea who he sends the email - there is no my name on the invoice. The email came from 
bencasnobeoungj3@HAINESSOUNRYUL.COM  - not from an official Amazon email address. I don't know this person, never gave him permission to send me emails, never revealed my email address to him, and never subscribed to his email. The email address he sends to is not listed anywhere so there is a big question how he got this email address. There is no an unsubscribe/opt-out option/instructions.  All of the above violates the CAN-SPAM Act.

This IP address has already been reported to the blacklists way too many times. 

Below is the full header of the email, his original email, and more info on domain. It is obvious that this IP address is a professional scammer. He must be stopped!  

Domain:  bencasnobeoungj3@HAINESSOUNRYUL.COM Name: Network Solutions, LLC, Hosting Provider: Confluence Networks
IP address:  67.219.250.1 owned  by Avago Technologies U.s. Inc 

 ip: "67.219.250.1"
 city: "Atlantic City"
 region: "New Jersey"
 country: "US"
 loc: "39.3642,-74.4231"
 org: "AS26282 Avago Technologies U.S. Inc."
 postal: "08404"
 timezone: "America/New_York"
 asn: Object
 asn: "AS26282"
 name: "Avago Technologies U.S. Inc."
 domain: "broadcom.com"
 route: "67.219.250.0/24"
 type: "business"



The payment for Order: 112-8131537-7146650 has been declined.

X-Ms-Tnef-Correlator: 
X-Starscan-Version: 9.81.3; banners=-,-,-
X-Ymailisg: NeOgI9QWLDvk4cxIJtWVg8DI1nFB2azwwz17NxWIkS8jGfpP U7GCQ9qeoUasHgkzQ02gPaSLHGW8zTaNQZUCKWndHqokdXNXOnU5cJkk6Pmb 5juVAAIR4wFraLZT7P2k6vZCxqumBQhJPEOiiFMMIBpmYM020NvEX7RmzkI1 T.2CwSa49oz.XvZDgbyaEbP.RFMLF6Alk9ZvUM3OgPVc3z2WWlHFcsIMe7fL hGsxtmHZTTUTQep9jx6LZ55WpHGxfvqRygEEe1kqFF03E8vhDaXrvlgS6Y71 4dvi7dN1ZV3wf0MuKCIYDlx2X88WUV18.EIugkgoQr_krX6SNvJGtUFVmcmo vLsET7d0PBUVn5Zw047LuslcmqpPyDrVC5ncRjYqkEO3CDLZkRIL2KEcbA_g vvulWt32jx.ADVmkCRBb8OUbV_bvLIVNE7qg7E7YpyRxcFKV97tBbrZF3LJr GA2GER71yelS3xoiXIp_je10NJqEHQ.bxUb.edBkswYX.5sN8Zjt1JdqGZ8o 07.as3yALQV.ywkD_dOHhS7hbGDXcPzif06MuhpukPsxC06ffxSbQbUHep_L wOSlfavvUAIG1Dae_j_r0lNYt0fdsb2q8MPH_AZzYRkxYa0W836sXezV_W6T w.jkX7k8V5IbpRx5sYfyAcn.DG8dLtBA0dlfQ3ZtPdp4eoRXZTJ7q41COhQR 0Br59AfPToTXO1dqjuCZD.KpNYF2Qdm7kqd6VdeH.geTp0e1zqcEuP2xoyIx c55K_tf6_1Z7JUjGbsTAD2K1.AkOAM7U0f3sE5BsxHtv.ir4iNfisH2h6CSw 05zcAGd4mJ_6TB8VS9TfGo9K4RJ1M41ZUGl1G6FerI3nP4OEmyX0OBDpcQUk 7q75XBxHq0gXbYqcgbyZnot.PHNJeIrjGzfhAWNxXayaEmTVsgR8_sgWKT9A UzgDmDkETFEnE1mTxyVptvI2bfWekWedF_mhSe2vTcA.OA5.Yn0N35Nf8vub n_aQsgLxIpBBnQ1I16oQJx_GPHXNCrG3I708l5oad2ZzZAVYmozFjLG_lVmX EHbl.UVM5ksKWQjKhiNDwdwJIgd29XHphrZC0sFz46VVmbKYCbfA89YbFXgT jTHz.rMLHS2NN3aAbNCEDi87llQb9GSBni_pBPCfCqaw6_6nMV5nP9H6UHaT ddjYkZjjTcY.F9azthghWCZGO0gYCRthnQybpL4Ut3GP.u0zdr7QtlImidD2 TtLoQUOh8iwgxWsQf.wawctQHI0Yx.vrZpuTvaSEHbgT9ZadwMlVzV5JUPrZ c2yPWgRshqYZUfry6t5sGyZKo7.Rc0MZDtecttO_wSPo66dV876FoHIFqEVD c9ak3pdUQxV2MttGaxL_egcuQEyroJ79KF0CbiZgJQ6HYxX6Ku4CG6Md4L0p 6s5GCJeO18aJ0StOhXUbmYNsXpj6b8c2FXb7qvgRp7Gpx5pRQOD19lpbdIcP G_MGBJdv02IRBtXZB03J4rRysW8D2G9n5K6NHxIvRt2UJWq0XAwch801seZ7 1pSW5Xz4GoD8FVd5OgipeVn5pckhsesFH140zfO8pxwpj6NHawu1Pb0H2hF. IZxWq9r64nQ2J3nO1EaScbHBnoO4l_jj_kitK_ItwD0_h.tUcmvh1k6w5NxR .PJeouU.op5FEtLhZtzoxw2uGJIP4yljgqgRxhfRR1h4D6pJ_Eie8MQg7Ruw 2WisbWnaQytKrUlFI7EH1JSO8FZ5CB._fizo0d0hF_jLMGjAAjXhKOJ5B9BL qAhxkbsvM8gOTHFivW2SvxsmPdfSnWcvPxy94qWQXQHubtxW43diEh854be1 xtPrfoigUlA9UioXMLo0pNQkOil4qIxB7XPnwa_iwJG2QguET091ISajOuqg VAAMOL7qswMDbputtKQHUGQCZxXkf9yXyMCgE4JbCSz2RZTuP6A4lbuqmy2J zZWlgNE0.tPQf6zVx9FdboHcbQUktPF4IGSda2hC6Ymwv_2.vzWpPwIkRszK MLnhaRNCbMW2lYMz8Q--
X-Starscan-Received: 
X-Originating-Ip: [67.219.250.1]
X-Originating-Ip: [199.119.192.82]
X-Originating-Ip: [102.89.2.81]
X-Apparently-To: ansvet_99@yahoo.com; Mon, 21 Jun 2021 11:58:12 +0000
X-Ms-Has-Attach: 
Mime-Version: 1.0
Thread-Index: AddmlJd2N+VEnCcQQzSKN0d24NshJw==
Authentication-Results: atlas108.free.mail.gq1.yahoo.com; dkim=unknown; spf=none smtp.mailfrom=hainessounryul.com; dmarc=unknown header.from=HAINESSOUNRYUL.COM;
Content-Length: 4872
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTe0yTZxTGeb9bPw1lpSh8NkOTJmxT046yzR0 2krEtcyRz7IYbcVmwQqXdoJC2DGRRusnNSuRiCVqWWikdlEvYgAmsXEbRIhcFZXMOAVdEGffL FLkpa2l07J8nv5znvM973uS8NM7tYfFoSZJKopCLY/jUZqI98dePBTXHeg/6N834wJVrqTisp t3A4Y+FdhIqOrIpWL1uImFyqZaA03V5FCyqHxGQW1KAgfF3Iw72hn4SsuxGBJPtRgIyMoYRrO kvIeiraXSk2LU4GCZOEGCsvEjCpek0HLotnST0mUYRZN04y4Kcnr9IyFnKJkE/8Bp02fspyGu PhKpv77JAf01LwrhhhYLei0MI9OlNFOhXMnCYWiknYfW4hYR5TToL6lsx6LqUi8NyQz0OwwUA XYuh0HHSD+yzl3Go/d7xAn13JoK6/j4M+hrqSDCdukWAzayj4PitSQqGalcpMNg8YPghDRptC wXpvdFQOFiHw9h8DwFN97xh4n43BlMlagwG1LMsOLdkQ1Ctv0MGD+Mhty1mVkiDbpAVotO1YR /iB0iZ/FBc0kFSOqyVxGc+lzRgLKDU6De+Bm2muZw6xGg1q5QGbaIpzh6mMrNpnb04exnjohl z8hbOe0xraiOuQbSDhczk3C5nmeD4MeX5+cjJbE44s/Qol+VkxPFmHnZWrB/FOT5M/8i5dWY4 HKa4sQd38VZm7M5j0sU7mAazHnf1y5kHF7IoV6Yn03F2hMhBHroNUboNbboNba66kLmZr6Vcv Jv54fwE7mIBc+axldhYNyBWGYJDClm0VBUrlsUIRP7+ApEoQCAKAIHo1UChOFkgFiYoBYkSpU oQIBQnKoXKI7GRMVFCuURVjRwbGxWvrqlHhZOzQivaRmP8rewgVe9BrsehuKgjUrFSGqFIiJE orehZmuYzbOyow/NUSKIlSYdlMY69f2IztDt/C5tybD6XrYwXxypl0S6rE31G90+dK8Lp4iGD Q7vWdXrJ6NC5smKHPlzX72ad+qfVVIRzCXmcXMLzYW9z3sZxxkkT5E8ve/LPriNfnhcbubm5c d3jJYpYmer//jjyoRHfix3tTHGXyVVPZxp3jIs5xi2jrjrHVYn/s3hqjFguTf1lZmfEgvJiWG v6ULauQCUKfD2v2fBVmT2QXXJZvKfj/bZ3tkcup3id5S3vqyy0D3bWGQbD0z94BZvJXjD9vX8 +5NNr9xpHMovLqsRvFK0NHvMlbbwXrbu8CkJONZeZdz5juZ4zevX29tK3FPeHWn5sa68O+Cg/ yJZ/5ejptcNzfoWW2sjOMSJg/IWvfeNNFT9lfl6S7Wn64t1NKRbN8zdfTksuMq9+sj9oN1qWW vsX48JOZIzayhu9H4UN4+Fvt8Q1X7hpSTyQgmvnhpZ/jrYEL7B9/0k8r9xXod073RHxZfODtj NBEDzdo/rmTb+XQnfMJXSFnsSE5mQip/SupbSKzSeUUrFoF65Qiv8FybEQz+IEAAA=
X-Viruschecked: Checked
Accept-Language: en-US
Thread-Topic: The payment for Order: 112-8131537-7146650 has been declined.
X-Msg-Ref: server-8.tower-327.messagelabs.com!1624276656!4989!2
X-Symc-Ess-Client-Auth: outbound-route-from=fail
Content-Type: multipart/alternative; boundary="_000_8072DB60F140D04C8874B08AB3804942D6B191AUSP01DAG0201coll_"
Received-Spf: none (domain of hainessounryul.com does not designate permitted sender hosts)
Content-Language: en-US
Received: from 10.253.230.155 by atlas108.free.mail.gq1.yahoo.com with HTTPS; Mon, 21 Jun 2021 11:58:12 +0000
Received: from 67.219.250.1 (EHLO mail1.bemta24.messagelabs.com) by 10.253.230.155 with SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Mon, 21 Jun 2021 11:58:12 +0000
Received: from [100.112.131.158] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-1.bemta.az-a.us-west-2.aws.symcld.net id 6B/E8-02927-5BE70D06; Mon, 21 Jun 2021 11:57:41 +0000
Received: (qmail 1356 invoked from network); 21 Jun 2021 11:57:39 -0000
Received: from out001.apptixemail.net (HELO out001.apptixemail.net) (199.119.192.82) by server-8.tower-327.messagelabs.com with ECDHE-RSA-AES256-SHA384 encrypted SMTP; 21 Jun 2021 11:57:39 -0000
Received: from AUSP01DAG0201.collaborationhost.net ([169.254.1.97]) by AUSP01MHUB17.collaborationhost.net ([10.2.68.42]) with mapi id 14.03.0513.000; Mon, 21 Jun 2021 07:57:19 -0400

Begin forwarded message:

Subject: The payment for Order: 112-8131537-7146650 has been declined.
Date: June 21, 2021 at 7:57:21 AM EDT


Hello,

We're writing to let you know the payment for Order: 112-8131537-7146650 has been declined. 

You can check the current status of your order, and update your payment method here


We're having trouble completing the payment for the above order. The issuing bank may have declined the charge if the name, expiration date, or ZIP Code you entered at Amazon.com does not exactly match the bank's information.

Valid payment information must be received within 24 hours, otherwise your order will be canceled. 

If paying by credit card is not an option, buy Amazon.com Gift Card claim codes with cash from authorized resellers at a store near you. Visit www.amazon.com/cashgcresellers to learn more.

We hope to see you again soon.

Best Regards,

Customer Service


No comments:

Post a Comment