---------- Forwarded message ----------
From: Andrey Kopelev <ansvet_99@yahoo.com>
Date: Saturday, January 15, 2022
Subject: Fraud emails with suspicious links Fwd: Your Amazon Order #10A-56461991011-4353672803937811
To: spam@fightspam.gc.ca, reportphishing@antiphishing.org, reportphishing@apwg.org, phishing-report@us-cert.gov, fraudreporting@unaids.org, contact@cyber.gc.ca, abuse@contactprivacy.com, emailscamalerts@gmail.com, stop-spoofing@amazon.com, abuse@web.com, joeyssigars@yahoo.com, domain.operations@web.com, abuse@confluence-networks.com, noc@confluence-networks.com, Nocsupport@networksolutions.com, domainabuse@cscglobal.com, domains.admin@broadcom.com, stephen.nuthall@broadcom.com, abuse@messagelabs.com, awsdns-hostmaster@amazon.com, domainabuse@tucows.com, roycewhitman.com@contactprivacy.com, eig-noc@endurance.com, abuse@hostgator.com, fashlonableheat@yahoo.com, abuse@akamai.com, abuse-spamcop#akamai.com@devnull.spamcop.net, ew9vw8hy6xn@networksolutionsprivateregistration.com, arin@fusionconnect.com, jjaritsch@anexia-it.com, domainreg@anexia-it.com, ripe@anexia.at, support@anexia.at, allgemeiner-spam@internet-beschwerdestelle.de, besonderer-spam@internet-beschwerdestelle.de, abuse@iana.org, abuse@switch.com
This person bombards me with fraud/malicious emails impersonating Amazon. I did not order anything from Amazon. My emails address is not officially listed anywhere. The only way this person could get it is from the spam list. This person isa fraud. Please block his accounts. Below is the full header, his original email, abuse reports and more info on domain and paths.
Domain: Amazon.com@KENKICHINMNMATSUOKA.COM Hosting Provider: Confluence Networks IP Address: 208.91.197.27
| canonical name | kenkichinmnmatsuoka.com. |
| aliases | |
| addresses | 208.91.197.27 |
Domain Name: KENKICHINMNMATSUOKA.COM Registry Domain ID: 2668445201_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2022-01-15T11:04:45Z Creation Date: 2022-01-15T11:03:39Z Registry Expiry Date: 2023-01-15T11:03:39Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS29.WORLDNIC.COM Name Server: NS30.WORLDNIC.COM
Registrant Email: joeyssigars@yahoo.com Registry Admin ID: Admin Name: Matsuoka, Kenkichi NMN Admin Organization: Admin Street: 7426 WORLEY AVE Admin City: CLEVELAND Admin State/Province: OH Admin Postal Code: 44105-3865 Admin Country: US Admin Phone: 2163239737
X-Originating-Ip: [67.219.247.1]
| canonical name | mail1.bemta33.messagelabs.com. |
| aliases | |
| addresses | 67.219.247.1 |
Domain Name: MESSAGELABS.COM Registry Domain ID: 15979724_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.corporatedomains.com Registrar URL: http://cscdbs.com Updated Date: 2020-10-12T16:39:59Z Creation Date: 1999-12-24T09:45:49Z Registry Expiry Date: 2022-12-24T09:45:48Z Registrar: CSC Corporate Domains, Inc. Registrar IANA ID: 299 Registrar Abuse Contact Email: domainabuse@cscglobal.com
OrgRoutingHandle: NUTHA-ARIN OrgRoutingName: nuthall, stephen OrgRoutingPhone: +07827 232391 OrgRoutingEmail: stephen.nuthall@broadcom.com OrgRoutingRef: https://rdap.arin.net/registry/entity/NUTHA-ARIN
Resolving link obfuscation
https://www.amazon.com/gp/https://roycewhitman.com/
Percent unescape: https://roycewhitman.com/
https://www.amazon.com/<https:
Percent unescape: https://www.amazon.com/&
Percent unescape: https://www.amazon.com/&
Percent unescape: https://www.amazon.com/&
Domain Name: ROYCEWHITMAN.COM Registry Domain ID: 2668444086_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.tucows.com Registrar URL: http://www.tucows.com Updated Date: 2022-01-15T11:03:40Z Creation Date: 2022-01-15T10:44:08Z Registry Expiry Date: 2023-01-15T10:44:08Z Registrar: Tucows Domains Inc. Registrar IANA ID: 69 Registrar Abuse Contact Email: domainabuse@tucows.com Registrar Abuse Contact Phone: +1.4165350123 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1455.WEBSITEWELCOME.COM Name Server: NS1456.WEBSITEWELCOME.COM
Registrant Fax Ext: Registrant Email: roycewhitman.com@contactprivacy.com Registry Admin ID: Admin Name: Contact Privacy Inc. Customer 0163518318 Admin Organization: Contact Privacy Inc. Customer 0163518318 Admin Street: 96 Mowat Ave Admin City: Toronto Admin State/Province: ON Admin Postal Code:
| roycewhitman.com | IN | SOA |
|
Tracking link: https://www.amazon.com/gp/
Host www.amazon.com (checking ip) = 104.86.185.98Resolves to 104.86.185.98
Routing details for 104.86.185.98
[refresh/show] Cached whois for 104.86.185.98 : abuse@akamai.com
Using best contacts abuse-spamcop@akamai.com
Tracking link: https://roycewhitman.com/Clayton%20johnson/mazon/amazon/
Unescaped: https://roycewhitman.com/Host roycewhitman.com (checking ip) = 192.185.181.49
Resolves to 192.185.181.49
Routing details for 192.185.181.49
[refresh/show] Cached whois for 192.185.181.49 : abuse@hostgator.com
X-Originating-Ip: [199.119.192.66]
| canonical name | out001.apptixemail.net. |
| aliases | |
| addresses | 199.119.192.66 |
Domain Name: APPTIXEMAIL.NET Registry Domain ID: 1562509702_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2021-10-06T13:27:32Z Creation Date: 2009-07-16T00:42:17Z Registry Expiry Date: 2022-07-16T00:42:17Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com
OrgAbuseHandle: IPADM564-ARIN OrgAbuseName: IP Administrator OrgAbusePhone: +1-703-890-2800 OrgAbuseEmail: arin@fusionconnect.com OrgAbuseRef: https://rdap.arin.net/registry/entity/IPADM564-ARIN
X-Originating-Ip: [131.100.2.108] IP Owner Anexia Inc
inetnum: 131.100.2.0/24 status: reallocated aut-num: N/A owner: ANEXIA Inc. ownerid: US-ANIN1-LACNIC responsible: Juergen JARITSCH address: Kamehameha HIwy, 2339, address: 96819 - Honolulu - US
nic-hdl: JUJ7 person: Juergen JARITSCH e-mail: jjaritsch@anexia-it.com address: Feldkirchnerstrasse, 140, address: 9020 - Klagenfurt - country: AT phone: +43 5 0556 [300] created: 20140717 changed: 20180717
Received: from [100.114.68.254]
NetRange: 100.64.0.0 - 100.127.255.255 CIDR: 100.64.0.0/10 NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED NetHandle: NET-100-64-0-0-1 Parent: NET100 (NET-100-0-0-0-0) NetType: IANA Special Use OriginAS: Organization: Internet Assigned Numbers Authority (IANA)
Received: from AUSP01DAG0201.collaborationhost.net ([169.254.1.171])
OrgAbuseHandle: ASABU2-ARIN OrgAbuseName: AS23005 Abuse OrgAbusePhone: +1-702-267-6602 OrgAbuseEmail: abuse@switch.com
Your Amazon Order #10A-56461991011-4353672803937811
X-Ms-Tnef-Correlator:
X-Starscan-Version: 9.81.7; banners=-,-,-
X-Ymailisg: Lk9jBvkWLDve7__70X29qG4paFZ0feiYkhRVjc513mzAQEBn RKw5KqEdRWpaoSyrxPncdSWPvxdMlFXQcNUKRSVWA.wlBR8y3IWXyVHUYnHR s8WLa.OzizOSzTuCw4cNISeuUEIl7RxLWO2oKY12dEcpwRiw23Sk1LNVOYsW qaYphXubNg_P5YDpmeuKKu3O20JPt0SIvoDKvBGYG_mI9mjR6aLbYti8aehk zaUFWYAKcLbHWWci8_eY6_VlJ0Bh5.0z8KUfNomgv7yNCElnJ6hbSzAPBMtd IPgPTgh.Zfzf4W_seovDA33512KiBPYnUSy0_GhM0rYJXMJLGw0iQUtVo6Dj YAdcK3ZoWald7Vbo3B7SpkPWbkH2Vnb8Y3yCzESLL963xqRGPmMEcw2D3Ugm v2g738YQA0bsDYdKw6UIFYna1cu3vMZSGvr8rqZ3R_Su09Cre5hmvjDxKiDz tNmmOGhYen8JJ4tkjI2lWqFUSdjWVsK31Vkf_4HmTe8yYQ_lpsiYGc0SHQQn uv9Bn2nH6UCPPeRpyHdBSxlOtFX4Adi7Z5xm8DJ7cGnmNWXvW4_XTomkMlFx 1Y4KQcUkvGxDzCBJ2k864v.35MgvOfFi7DwjEszkarFzn1D1zZ4mK1nqpq_e LvMGAgccTEJ02K5fjb54YAxQDdb7clMucDRGPaa_mwXwYw_CkKqnO2N9bo_d R9Cl2FGn70vL.8SRmvyis_c1kHgiVZ5H2V9XwnsVHFMncOw1tqLaHlUOq6OR XqWQaBqZ0uHKhXk9ZzRMJ1u3lMkSWn9.IqhM6khJaS1I7v.KUEDtoFt5djzK O3OX5mkAUE0ebF0AvXBkOiCyHWbPhMkR8OGW8Rup0xPqW2Iv503Pcgi6Mjio Eo2RaZOmQILZonpni9SfFW5.nCKgEOV6m5VtLz7.ixeY1KuqnfgILefL3ZlW fgHdxxaQBsCXuG9j45epQB0i3ceyjK2t3.nhJpRx9pVwAYlXwwOm.550KxsJ M1oPAK_YpkV1AcO0RKrGiCnqF0vjBEJnuS1Pu1HQVoIdxg2cEaLtnsogSsG4 VF5AlhND09VL9y.koyJknV9i1JQU46MSh7SCndfH_JPc5DWTHW6WXfD_Bama D1PofR8zXYeuWa_UCep3YQ1OaapwjbudrXbYZY2E092Fp93MkmKDha.pplLD 31F4OMiC07yPwnC__la9F_qNREzf3f.s4ysZ8dPK2JwoL27Bx51arhbRCGG_ 8ugDlzrhLx1Zc6ZwOMqRO_5qp8hN_r0KLmeS.WPdhKsOv3a8EfDj3ZV.1CGG lDHDvGuEgAjgpQb36jv4xya.Hg1tVbXRkL_T2_C_lKGP0U7SbDCEwoY6Dqad jqKrNSMcZp.FHNUEMBOTSd31NyaXD8h6kgxX0vJ9vAdd_BpEkHM2Tm26jup7 ws67oTt7jV0yI7mo9Q6Cmnu6OK0CRWZFOi1jhU4wLa9qoSeXteDlj0damZf1 qjWagkz_3nQiVZfK1JL7PkJyGMzbqBrACg_h2rnkZ9v1_FbS2XafBTwCr6t9 uNUVKDboic2R1HGnW81QrhxZYQoA.g1gnXYv6f4PlLT7FyflKr2b4Ha4KcTF PZBguz68kRJNms6b0nohq2ZtcfBwddJf8xd3VZxJ1xbGByGWAG1X9jQ7MSB5 cwYVOJ7G49KCqDZuS.eyf3XHbMdMNIOjhgwSvRl4IB80h_KZRaKy4EH6f_nD SejYUxHzwx0FmcnQpIjex5E7OqcnuHT2W1kKsy0uXfJZycV_zinrt23RmsiZ PyfS_C5AkRBkO3DglP2OvQmSu6AQGgmdYLpaVbyaE3NES27XXk8X7JtallGS OV4tC8NNhSRCy8ej3_r6SwORA8p_HvkSXSbINh7xHVX7SN_7B2X74g2QC9gc nZMFo.TtD1rA8k7yWc7Yunx1jWhdMPb.Xq7G_gYyN7lT61wEqKM6FXhIqqMl OQh.jFLYwQ--
X-Starscan-Received:
Return-Path: <Amazon.com@kenkichinmnmatsuoka.com >
X-Originating-Ip: [67.219.247.1]
X-Originating-Ip: [199.119.192.66]
X-Originating-Ip: [131.100.2.108]
X-Apparently-To: ansvet_99@yahoo.com; Sat, 15 Jan 2022 11:34:49 +0000
X-Ms-Has-Attach:
Mime-Version: 1.0
Thread-Index: AdgKAzrJBFithkZMTDSFc+fibZnMQw==
Authentication-Results: atlas312.free.mail.ne1.yahoo.com ; dkim=unknown; spf=none smtp.mailfrom=kenkichinmnmatsuoka.com ; dmarc=unknown header.from=KENKICHINMNMATSUOKA.COM ;
Content-Length: 3589
X-Env-Sender: Amazon.com@KENKICHINMNMATSUOKA.COM
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTe0xTdxTH+fV3b3th1NUicAFnIsbEzbRrHbj jtmTOjERilpAFt2VsygUqlEdlfQgsMVaFCXVh1aFjJZXyEJRBtQURxBcU5SECK6LCqISCGQLy EJTJ5tgtnY79880n53t+55GcH4WFTl4gJUtXy5QKJjmY60W0pF3fJgq1OBnJ+C0hVC86CThdM UmAuX2AhPnJIwgqc3p4cK+iF8ElQwMXjhaX82Dsvo6A/ra7GKqNfqDTlWCYXXTwYCjHgaEqrx FBnaOFA9WjTzgw0nqMgIMNrSSUjmdjKC4vxDCqjwJj8yIXTjUf54L1xiMEzvqTGJ5d7SCgb+w xAdfsN0jomugjYGLyIQmmticITEcLeJC/UITh19xuAk4eHuPCrH4Yg+W3QR5cuTTFgfp7fQgW rh7iwsC0gQcD2mYSsi/oSdB22tiY6S4X2icOYjAb2JjO7iDh+8lzGG5evsgD680qAgaKFrhQN VHDgTxbLwm2zlq2sr4EwZWicGhxsms3NZRzoSifHeBO3jMEZ+f+JKEj+w7easHbDQYbJwJ9Sc oVMXvTo8mE7GoHTs1and7aXMDRovMBOuRFCQUWRJ/45Q+uDnlSXEEo3V+bzXGxj+ADenR6eIl XCT6iTfZ65GYxPftdDs/FhGA9bdb9QLiYL/iCttpqlhgJ/Oj59sqlt1jgT/ePFC4xLRDQpZe7 sJt96UfDf5NuXkvn1/6I3fkKWp+/SLprrqTbfh4h9GiFYVkpw7I0w7I0d1xCT3UWYjdvpMuKx v/lt2nL3G20PG5CvAr0XoxSHp+gTmHkySKpRCKSSkNEm0NE70jEzLciRqxRiWSMSi3aJGbSVG KZSiVWZaTEJseJFTK1FbEnG6fcuqYO1VY8FzehAIoT7MvvmhhihCti9sZlJDCqhN1KTbJM1YR WU1QwzR+udDLClUpZvCx9jzyZPfyXNk15B6/inzGzNl+VyqSo5PFuqx3JKf0jYzGmtC9OsXrL YXLpA5fOVJSyOrek80taanFpX9NpVkearGWYGs98XoeFRLySyQj05+eeZxsIXA0SNIpX7V9+P Tt6I9CHjzw8PITeqTJlilz9f38M+VMo2Ifv5ariLVeoX005xi7AYRd4/NcD1wJq5j8rUMuJvu YfuxGTPy14Zmi8Gz2PfPz7/rMzERLfE8aGRK/uF355Efsin50J373mfWvbjsrLh2oMIklQTlA GPRWfmfRmwf2LC0n1D7d095WHbI/OTHwtqnhzY0Bp2OseO/ZF6ddGDmvp1q8++VTa7X99xzpz 4OxU5GeaJ8TOsI71dq3UPJM2uK33G+P0mdAOKqu45Nh0pe3AhajhpFDySGqgd3FRTOZgjzY33 NQ/r4nwdo7iSseGw0GLinOXnn6o3fX83YKdoy+UqeFnjYdiu4Z4AU1P11m/Ljsu3SMPC9o1Hp aV2ONpDD2/5UDWtU0jvLpRpRgfj51Jb/9cs78iJut2pzN8Q5XO0x5MqBIY6VtYqWL+AWlt2kD 1BAAA
X-Viruschecked: Checked
Accept-Language: en-US
Thread-Topic: Your Amazon Order #10A-56461991011-4353672803937811
X-Msg-Ref: server-20.tower-707.messagelabs.com !1642246449!66128!2
X-Symc-Ess-Client-Auth: outbound-route-from=fail
Content-Type: multipart/alternative; boundary="_000_7C9BA98E50FA9F4FA30AA736CA91F208A2BC9BAUSP01DAG0201coll_"
Received-Spf: none (domain of kenkichinmnmatsuoka.com does not designate permitted sender hosts)
Content-Language: en-US
Received: from 10.217.136.92 by atlas312.free.mail.ne1.yahoo.com with HTTPS; Sat, 15 Jan 2022 11:34:49 +0000
Received: from 67.219.247.1 (EHLO mail1.bemta33.messagelabs.com) by 10.217.136.92 with SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Sat, 15 Jan 2022 11:34:49 +0000
Received: from [100.114.68.254] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-1.bemta.az-a.us-east-2.aws.ess.symcld.net id 9A/5E-20622-631B2E16; Sat, 15 Jan 2022 11:34:14 +0000
Received: (qmail 12798 invoked from network); 15 Jan 2022 11:34:13 -0000
Received: from out001.apptixemail.net (HELO out001.apptixemail.net) (199.119.192.66) by server-20.tower-707.messagelabs.com with ECDHE-RSA-AES256-SHA384 encrypted SMTP; 15 Jan 2022 11:34:13 -0000
Received: from AUSP01DAG0201.collaborationhost.net ([169.254.1.171]) by AUSP01MHUB11.collaborationhost.net ([::1]) with mapi id 14.03.0513.000; Sat, 15 Jan 2022 06:31:53 -0500
Begin forwarded message:Subject: Your Amazon Order #10A-56461991011-4353672803937811 Date: January 15, 2022 at 6:31:52 AM ESTHello Users,Due to a problem with the payment method you provided, we couldn't charge your account for your order (#10A-56461991011- 4353672803937811).'We may attempt to reprocess payment for your order now using the payment method you provided.Please follow the below link to make sure that the payment information for your account is correct, and so that we have a valid payment method for your future orders:
No comments:
Post a Comment