I forgot to add that it's also a bad email address.

I also got an order with this same information on it. User attempted an XSS attack by including script within the name and address fields. IP indicates that the order was placed from a VPS in Los Angeles.

Got an order with the same info. IP is from VPS in LA. Also tried a script in address and name fields.

Also received on order with this information and XSS attack. It was placed on 08/11/2017.

Yup, just had him order something from my website, I sent him the products, they were delivered/rerouted/lost in the mail, and the financial institution took the money back from me and from paypal. SCAM.

I also got an order. Here is what the script in the address field used looks like.

Linda Juan
24 Cyprus RD">
Hiram">, OH 44234

Credit Card Type:
Visa
Name on Account:
Linda Juan
Credit Card Number:
xxxx-xxxx-xxxx-8412
Expiration Date:
10-18

This person has struck again, trying to place an order from my site with a SQL injection attack in it on 10/10/2017. I would have charitably assumed that they had a virus except for the fact that I googled their address and it was nonexistent.

Same here. No such address.

Caught this buyer today. Shipping address when you remove the script doesn't even exist.

Here is about what it looks like, with the script urls removed

Linda Juan
">
24 Cyprus RD">
Hiram">, WV 25530

Credit Card Type:
MasterCard
Name on Account:
Linda Juan
Credit Card Number:
xxxx-xxxx-xxxx-6902
Expiration Date:
08-19

I got an order from this same person on my site as well back on 9/24/17. Credit card company is trying to reclaim the funds right now. :( I had the same issue with the order being delivered/rerouted/lost in the mail.

Bill To:
Linda Juan">
">
24 Cyprus RD">
Hiram">, Ohio 44234
United States
Daytime Phone: 2162345678
juanlinda225@gmail.com

Payment Method
Visa XXXXXXXXXXXX3289

Same, just received today. The 'script' issue made me look up address. This time it was in 'Arizona'. Order not going to be completed!!

Just received an order on 12/11/2017 tried to contact email juanlinda123@gmail.com but doesn’t exist. Wondrrd why email was returned twice so googled the delivery address 24 Cyprus Rd, Hiram USA and saw all these comments

Item won’t be delivered!! Thank you for free cash!!

Had same person try this twice in past month. I have full security options turned on for Paypal (Paypal Advanced), this one had both an invalid address and invalid CSC -- yet Paypal still approved the payment for some stupid reason. Promptly cancelled and refunded money to CC.
To those that are using Paypal - don't count on them to properly filter out bad payments based on AVS and CSC verification.
To the last person who said "Thank you for free cash!!". Um... it is only free until the CC company comes back for it.

Same here. I'll cancel the order and refund. Happy that I have googled up.

Order placed 11/25/17 00:55:18 EST. Fortunately, our online merchant requests the 3-digit security code to verify the transaction. Generally, we go ahead and start the order knowing that the customer will want something they ordered "custom" but this one looked suspicious. When we emailed and called, the email was rejected and the phone number was busy. We cannot believe someone would scam us for $30 but I guess it adds up eventually. The order included src script info. The credit card ended with #4572 and expired 1/19 with the following info:
Linda Juan
juanlinda123@gmail.com
8139402930
Linda1986
24 Cyprus RD
Hiram OH 44234
U.S.

-------------------------------------------------------------------------------------------
Mousepad-CustomMousepad Custom Image 1 $18.00 $18.00

It's more devious than trying to scam you out of $30 and anything you sent would have been rejected at the post office at the time of sending as the address does not exist. You will find that what they are trying to do is inject XSS code into your fields in the hope of getting in to your financial system.

Received an order from same address/person. will not ship. Ordered a $2 item and paid $7 to ship. Looked suspicious and address non existent and phone busy. thanks

Received an order on our wholesale website which does not take money from customers as we then ask our resellers to look after the "order" and take them on board as customer. Exact same address but listed as Sydney 2000 - that address does exist in Sydney but in a suburb called St Marys. Email bounces, phone number not connected - so it is ignored.

GARY LE
24 Cyprus RD>
Sydney, New South Wales 2000
Australia
Phone: 0482737472
Email: juanlinda888@gmail.com
Company: Linda1986

Further - I googled the address and this badbuyerlist came up as first results. I recommend to always google addresses when things don't add up like matching post code / zip code / city / suburb, etc... Another common scam I have encountered is the use of vacant properties for delivery addresses where the fraudster waits for the delivery at the vacant property, receives the item and goes.

Received an order from the same person with Sydney address, phone is disconnected and email bounced back.

Thank you to all of you have listed above. I just got an order from them today and Googled their address and this page popped up, so I won't be sending the goods. Thnx. :-)

Our turn today. Visa ended in 2375. Thanks to everyone above.

Same thing here:

Order Number #52439
Order Date January 15, 2018
Shipping Address
Linda Juan">
Linda1986
24 Cyprus RD">
Hiram, OH 44234
Phone: 813-940-2930
Email: juanlinda666@gmail.com
Billing Address
Linda Juan">
Linda1986
24 Cyprus RD">
Hiram, OH 44234
Phone: 813-940-2930
Email: juanlinda666@gmail.com

Payment Details
Visa ************8590 $200.04

Also had an order from "linda Juan" that looked like an attack.
BE CAREFUL

Just got an order from them today online for $23.74....would never have known other than the address did not compute on the shipping system. Thank you for this website!!!!!!!!!!!!!!!!!!!!!!!!!!!

Got an order from Linda Juan- same story - no such address or phone.
First Transaction failed (badcard)
2nd one succeeded - money is in the bank $74.26 (so far) ...
Interesting that gateway processed the transaction w/o correct address or ZIP - neiter one matched - I thought this would not happen???

CC# xxxxxxxxxxxx0629

Still happening. Order came in and went through bank January 18. Shipped and returned from USPS - "No such address". I expect the bank will get their funds back soon. Need to check on the script though - if it infected the website or went for the banks.

Got an order last night. Last four digits 2322. Strange script was inserted into their name. Thank you so much for reporting this, it is helpful!

ship to:
Linda Juan
Linda1986
24 Cyprus RD
Hiram, Ohio 44234

billing:

KEN FRANCIS
Linda1986
5695 VISTA LUNA DR
SPARKS, Nevada 89436

Item returned back to me for bad address, phone number is busy (8139402930) and email bounces back (juanlinda678@gmail.com). Code also included in billing and shipping fields. Charge blocked the first time by credit card company for failing street and zip check (tried using the Hiram, OH address). Passed the second try using the Nevada address.

So lucky to find those information here, got an order like this:
Linda Juan
24 Cyprus RD"__script src=//zs.mk/b__/script_
Hiram, OH 44234
United States

Paid by Credit card, ignore it.

Thank you for all reports.

Mike

This is the second time this has been attempted thru our website. This time the e-mail address used is: juanlinda666@gmail.com

Received the same XSS attack, name, address here, with a different non-functioning email. Thanks to these comments I cancelled the order and informed the credit card issuer.

Also received an Order for a Linda Juan. Billing address was 24 Cyprus Rd, Ohio and Shipping address was 24 Cyprus Rd, NSW however order was placed from Hong Kong. We have received the money but have not been contacted as to how to proceed.

Same order. Same code attack. 24 Cyprus RD.

We sent an order to Linda Juan, 24 Cyrus Rd, Ohio 44234 a month ago which was just returned as the address does not exist... Should have googled the address went it came up weird in our system.

5th order of ShortSniffer electrical short circuit locator in 3 months. We are using BrainTree order processing.

Linda Juan">
Linda1986
24 Cyprus RD">
OCCIDENTAL, CA 95465
8139402930
2juanlinda666@gmail.com

Same here, uses these emailadresses:

juanlinda123 gmail com
juanlinda124 gmail com
2juanlinda666 gmail com

Just got an order from this person and Googled the address because of the script, it was incomprehensible. I am so glad I found this. Order cancelled.

Same as above, tried to purchase a gift card for $25, phone # disconnected and email bounced back, juanlinda123@gmail.com. Address search brought up this page, 24 Cyprus Road Hiram, OH 44234. Order not processed.

Holy shit. Just ordered something from my site that I do not even offer anymore. The page was still valid but it is in a subfolder that is not linked from the site. No clue how they found it. Plus this is exactly how the data appeared on the receipt. Had a problem with the address and found this page. Guess I ain't shipping anything.
Billing Information
Name: Linda Juan">
Address: 24 Cyprus RD">
SOLANA BEACH, CA 92075
United States
Payment By: MasterCard
CC Number: ************7122
Expiration: 31/08/18 (D/M/Y)
Status: APPROVED - 082929
Day Phone: (813) 940-2930
Night Phone: (813) 940-2930
Email: 2juanlinda666@gmail.com

We shipped an order to this "customer" (whoops)
Linda Juan
24 Cyprus RD
NEW ORLEANS, LA 70115
juanlinda123@gmail.com
813-948-2638

Luckily FedEx notified us of the bad address, so we will get our +$200 product back.

My hit was for $14.95. Not only was it free freight, but I sent an employee to the post office to buy a $6.99 padded envelope and postage to ship it.

Fast forward 5/15/18: The charge was disputed and the bank charged me an additional $15, total $29.95 and reversed the charge.
I tracked the package as undeliverable and returned to sender (us). The package, however, was never received by us.

I researched her address and phone number and found this site. Thanks for the costly lesson!

I'm telling you this in the event you see something weird like this from your clients. Maybe it's best to call all of the orders that come in to confirm/verify validity as well as address. We should have checked it out when the address was encrypted:

Linda Juan">
24 Cyprus RD">
Hiram, Ohio, 44234
United States
T: 8139402930

I doubt I will see the product or the money at this point...

This buyer is still at it on 6/18

Billing Address:

Linda Juan
24 Cyprus Rd
">
Hiram OH 44234
813-947-2738
juanlinda678@gmail.com

ip address: 45.63.48.18

Shipping address contained another script:

Any ideas on what the script does? The script they tried to include in the order through my site was jb[dot] gy/9

Report them to ICE under the cyber crime category.

Just received an order from her/them?? The email address given was 2juanlinda666@gmail.com Billing was to Linda Juan">
24 Cyprus RD Hiram, FL 44234

received an order from this person/ address on 07/16/2018. We didn't know this is a fake address until the mail got returned to back due to address does not exist. Order placed by 2juanlinda666@gmail.com, address as below:

Mr. Linda Juan">
, 24 Cyprus RD">
Hiram, OH, 44234, United States of America

I also got an order with this same information on it. User attempted an XSS attack by including script within the name and address fields. IP indicates that the order was placed from a VPS in Los Angeles. http://123dressupgames.net/halloween-dress-up-games.html

I'm telling you this in the event you see something weird like this from your clients. Maybe it's best to call all of the orders that come in to confirm/verify validity as well as address. We should have checked it out when the address was encrypted https://123gamesfree.com/game-free-motorcycle/

Got an order on 12/26 from the 'customer' below:
Linda Juan
24 Cyprus RD
Hiram, OH 44234

Each field in the address had "">

They’re back! Received this order today from them.
Order Details - Order Date:12/08/20

Customer Name: Linda LindaJuan
Customer Email: juanlinda555@hotmail.com
Customer Phone: 761251354
Billing Address:
24 Cyprus RD">

Attleborough
Norfolk
NR17 2DY
United Kingdom

Delivery Address:

Customer Comment:
'">
*********** Payment Details ***********

Payment Method: Cheque Card No/Ref:
Start Date: End Date:
Security No: 46 Issue No:
Currency Used: CAD

She also uses this email address: juanlinda777@hotmail.com

Linda Juan">
444 Rollins St"> '"> Missoula
Montana
59801
United States
Telephone: 3059707467
juanlinda666@hotmail.com

Did not get past PayPal paywall.

^ same info ^
just ordered a bottle of wine from my winery... Billing address was 3263 Parks Ave Tulare, CA 93274

This attack is still doing the rounds, my site was attempted to hack today from this IP in Hong Kong 47.240.73.196

Same pseudo script crap in the address fieldfrom Linda Juan ">