MESO-Rx

Anabolic Steroids

Scammed by PurplePandaLabs for $900 - GG gaslighting

Noli said:
You guys are overthinking... Lets assume the worst scenario, Pandas website was hacked.

So, the client makes the order and the malware creates a Coingate invoice on the website: "Create order at CoinGate and redirect shopper to invoice (payment_url)".

Lets check the params of the invoice:

View attachment 151808

As you can see, we have some new urls here apart from the obvious payment_url.

Lets check success_url, it is created to redirect you to the order details once it is confirmed on the blockchain. It redirects you to your order details.

So, we have 3 different scenarios here:

1.- Payment_url is going to be shown until the payment is confirmed. So every time you log in to your account and then visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see your payment_url (until +1 confirmations). This is a payment_url example:
View attachment 151810

2.- Payment is confirmed and then success_url is shown (order details such as items and status)

3.- We have another one, if the order was created in a legit way but then edited manually (so easy, check this Tutorial on youtube), when you actually try to visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 a permission deny is shown since this order is not created in your account. This is what you see:

View attachment 151812

Just try to enter to Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=+RANDOM NUMBER a random number) , you should see that page.

I can see that you were on PPL legit site when you made the payment, the SSL certificate is there and the first order is in PPL backend. For those who don't know what a SSL certificate is, basically it provides integrity and encryption to a web server and you can actually ensure that you are communicating with the website you want to (for those who want to learn more about HTTPS Info about HTTPS)

View attachment 151813

So even if the invoice was created by a malware, it was created on PPL site and if you actually log in to your account and visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see the second scenario and not the third.

If you see the second one, malware on Pandas site.
If you see the third one, you are lying.

Record it in a video and we will have an answer. Don't forget to show the PPL SSL certificate in live so we can check that the site was not cloned or edited by you. I can see that you are online now, easy way to prove the scam, come on.
Click to expand...
This guy sounds like he knows what he speaking about
 
dennia said:
That gave me a tear!
Sending virtual hugs to you!
Click to expand...

the same way you were willing to point out that real thought, you should keep thinking at what you wanna do, dream, achieve… remember that Fortis fortuna adiuvat… keep fighting man…

keep the fire inside you going… i met a guy some months ago, he s 60’s… he s fuckin rediculously strong, he could break a leg with a low kick, he doesnt look hes 60… and he doesnt even give a fuck about it… he s keep training and working… there is lot of time, to be spent in self improving… isnt mandatory to being super cool at 24 yo… who gives a fuck… or better, that shouldn’t put anyone down and prevent him for fighting his war
 
Noli said:
You guys are overthinking... Lets assume the worst scenario, Pandas website was hacked.

So, the client makes the order and the malware creates a Coingate invoice on the website: "Create order at CoinGate and redirect shopper to invoice (payment_url)".

Lets check the params of the invoice:

View attachment 151808

As you can see, we have some new urls here apart from the obvious payment_url.

Lets check success_url, it is created to redirect you to the order details once it is confirmed on the blockchain. It redirects you to your order details.

So, we have 3 different scenarios here:

1.- Payment_url is going to be shown until the payment is confirmed. So every time you log in to your account and then visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see your payment_url (until +1 confirmations). This is a payment_url example:
View attachment 151810

2.- Payment is confirmed and then success_url is shown (order details such as items and status)

3.- We have another one, if the order was created in a legit way but then edited manually (so easy, check this Tutorial on youtube), when you actually try to visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 a permission deny is shown since this order is not created in your account. This is what you see:

View attachment 151812

Just try to enter to Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=+RANDOM NUMBER a random number) , you should see that page.

I can see that you were on PPL legit site when you made the payment, the SSL certificate is there and the first order is in PPL backend. For those who don't know what a SSL certificate is, basically it provides integrity and encryption to a web server and you can actually ensure that you are communicating with the website you want to (for those who want to learn more about HTTPS Info about HTTPS)

View attachment 151813

So even if the invoice was created by a malware, it was created on PPL site and if you actually log in to your account and visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see the second scenario and not the third.

If you see the second one, malware on Pandas site.
If you see the third one, you are lying.

Record it in a video and we will have an answer. Don't forget to show the PPL SSL certificate in live so we can check that the site was not cloned or edited by you. I can see that you are online now, easy way to prove the scam, come on.
Click to expand...

I tried logging into my account earlier today but the password has been changed or it has been deactivated - probably when they signed in to record the videos yesterday.

Z_08920.jpg
 
FR0Z3N_B0MB3RRR said:
the same way you were willing to point out that real thought, you should keep thinking at what you wanna do, dream, achieve… remember that Fortis fortuna adiuvat… keep fighting man…

keep the fire inside you going… i met a guy some months ago, he s 60’s… he s fuckin rediculously strong, he could break a leg with a low kick, he doesnt look hes 60… and he doesnt even give a fuck about it… he s keep training and working… there is lot of time, to be spent in self improving… isnt mandatory to being super cool at 24 yo… who gives a fuck… or better, that shouldn’t put anyone down and prevent him for fighting his war
Click to expand...
Thank you man! Don't want to hijack this but anyway is not happening anything anymore until tomorrow at least.
To be fair I am dealing with some shit for some years now but it is what it is.
 
Noli said:
You guys are overthinking... Lets assume the worst scenario, Pandas website was hacked.

So, the client makes the order and the malware creates a Coingate invoice on the website: "Create order at CoinGate and redirect shopper to invoice (payment_url)".

Lets check the params of the invoice:

View attachment 151808

As you can see, we have some new urls here apart from the obvious payment_url.

Lets check success_url, it is created to redirect you to the order details once it is confirmed on the blockchain. It redirects you to your order details.

So, we have 3 different scenarios here:

1.- Payment_url is going to be shown until the payment is confirmed. So every time you log in to your account and then visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see your payment_url (until +1 confirmations). This is a payment_url example:
View attachment 151810

2.- Payment is confirmed and then success_url is shown (order details such as items and status)

3.- We have another one, if the order was created in a legit way but then edited manually (so easy, check this Tutorial on youtube), when you actually try to visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 a permission deny is shown since this order is not created in your account. This is what you see:

View attachment 151812

Just try to enter to Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=+RANDOM NUMBER a random number) , you should see that page.

I can see that you were on PPL legit site when you made the payment, the SSL certificate is there and the first order is in PPL backend. For those who don't know what a SSL certificate is, basically it provides integrity and encryption to a web server and you can actually ensure that you are communicating with the website you want to (for those who want to learn more about HTTPS Info about HTTPS)

View attachment 151813

So even if the invoice was created by a malware, it was created on PPL site and if you actually log in to your account and visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see the second scenario and not the third.

If you see the second one, malware on Pandas site.
If you see the third one, you are lying.

Record it in a video and we will have an answer. Don't forget to show the PPL SSL certificate in live so we can check that the site was not cloned or edited by you. I can see that you are online now, easy way to prove the scam, come on.
Click to expand...
One big thing here, you’re assuming it was a coin gate generated address, when they’ve used a btc format not even supported by most wallets..
 
Cashton said:
One big thing here, you’re assuming it was a coin gate generated address, when they’ve used a btc format not even supported by most wallets..
Click to expand...
I don't think Blockchain.com handle the new address types yet as that's where I have my wallet.
 
Cashton said:
One big thing here, you’re assuming it was a coin gate generated address, when they’ve used a btc format not even supported by most wallets..
Click to expand...

It must be CoinGate with a spoofed token since it's the only one included in the website to create urls and invoices there, remember that a invalid address created by a non CoinGate method would give a error status and not a real invoice page
 
Noli said:
You guys are overthinking... Lets assume the worst scenario, Pandas website was hacked.

So, the client makes the order and the malware creates a Coingate invoice on the website: "Create order at CoinGate and redirect shopper to invoice (payment_url)".

Lets check the params of the invoice:

View attachment 151808

As you can see, we have some new urls here apart from the obvious payment_url.

Lets check success_url, it is created to redirect you to the order details once it is confirmed on the blockchain. It redirects you to your order details.

So, we have 3 different scenarios here:

1.- Payment_url is going to be shown until the payment is confirmed. So every time you log in to your account and then visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see your payment_url (until +1 confirmations). This is a payment_url example:
View attachment 151810

2.- Payment is confirmed and then success_url is shown (order details such as items and status)

3.- We have another one, if the order was created in a legit way but then edited manually (so easy, check this Tutorial on youtube), when you actually try to visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 a permission deny is shown since this order is not created in your account. This is what you see:

View attachment 151812

Just try to enter to Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=+RANDOM NUMBER a random number) , you should see that page.

I can see that you were on PPL legit site when you made the payment, the SSL certificate is there and the first order is in PPL backend. For those who don't know what a SSL certificate is, basically it provides integrity and encryption to a web server and you can actually ensure that you are communicating with the website you want to (for those who want to learn more about HTTPS Info about HTTPS)

View attachment 151813

So even if the invoice was created by a malware, it was created on PPL site and if you actually log in to your account and visit Purple Panda Labs https://www.purplepandalabs.com/shop/payment?code=041026682648504 you should see the second scenario and not the third.

If you see the second one, malware on Pandas site.
If you see the third one, you are lying.

Record it in a video and we will have an answer. Don't forget to show the PPL SSL certificate in live so we can check that the site was not cloned or edited by you. I can see that you are online now, easy way to prove the scam, come on.
Click to expand...

And there’s no way for someone, anyone (even computer code) to go in and change an order and associate it with a different invoice and then delete that new invoice or anything.
 
Noli said:
It must be CoinGate with a spoofed token since it's the only one included in the website to create urls and invoices there, remember that a invalid address created by a non CoinGate method would give a error status and not a real invoice page
Click to expand...
You can spoof a pay and include any address and QR code, coinbase just happens to be who hosts India’s payments, and that address would be on the original page.
 
Noli said:
It must be CoinGate with a spoofed token since it's the only one included in the website to create urls and invoices there, remember that a invalid address created by a non CoinGate method would give a error status and not a real invoice page
Click to expand...

Nobody can login to coin gate if they were somehow able to get the login info?
 
Cashton said:
No, that’s totally possible, just unlikely in my opinion.
Click to expand...

Do you know that PPL has a big warehouse, with keypad coded doors, maybe a fence around it and an employee check-in shack? Maybe next to the warehouse is a 4 story office building with tinted-windows where the mainframe is located and the executives in suits discuss market-share and various strategies. When he says “warehouse” I’m sure most of us like to imagine something like that but I’m guessing it’s more like the Chinese equivalent of a few U-Store-it storage units. I’m not sure how sophisticated the operations really are.
 
BigBaldBeardGuy said:
Do you know that PPL has a big warehouse, with keypad coded doors, maybe a fence around it and an employee check-in shack? Maybe next to the warehouse is a 4 story office building with tinted-windows where the mainframe is located and the executives in suits discuss market-share and various strategies. When he says “warehouse” I’m sure most of us like to imagine something like that but I’m guessing it’s more like the Chinese equivalent of a few U-Store-it storage units. I’m not sure how sophisticated the operations really are.
Click to expand...
Nono.. bbbg.. you’re being silly now.. I know you have no real way to know this, but I know how Chinese “warehouse” and “wholesale supply” works.
 
BigBaldBeardGuy said:
And there’s no way for someone, anyone (even computer code) to go in and change an order and associate it with a different invoice and then delete that new invoice or anything.
Click to expand...

Cashton said:
You can spoof a pay and include any address and QR code, coinbase just happens to be who hosts India’s payments, and that address would be on the original page.
Click to expand...

Yeah those ones can happen, but again, not without leaving a trace on the server side (and there is no trace about that)

BigBaldBeardGuy said:
Nobody can login to coin gate if they were somehow able to get the login info?
Click to expand...

CoinGate offers a 2-FA login with Google Authenticator which Panda uses, so the hacker would also need access to Pandas phone... Barely possible
 
Noli said:
It must be CoinGate with a spoofed token since it's the only one included in the website to create urls and invoices there, remember that a invalid address created by a non CoinGate method would give a error status and not a real invoice page
Click to expand...
So then that leave the possibility CoinGate was compromised somehow to put in a spoofed token. Hmmmm...another rabbit hole...
 
I'm a little confused as to why this has to involve Coingate. In my mind the redirect preempted anything sent to or received from Coingate. For the sake of theory, let's say an alternate "malicious" page is served up at random. Everything looks fine, but instead of the addresses or QR code coming from Coingate, it is pulled from elsewhere. And further on this exercise, once the test is deemed successful, the page is pulled from rotation along with whatever triggered it... to be used at a later date.
 
MindlessWork said:
So then that leave the possibility CoinGate was compromised somehow to put in a spoofed token. Hmmmm...another rabbit hole...
Click to expand...
The token is not placed on CoinGate, it is placed on the server side (as you know since you are a experienced IT). Again, no traces about this one on the server side. So no, no holes here.
 
BeefNewton said:
I'm a little confused as to why this has to involve Coingate. In my mind the redirect preempted anything sent to or received from Coingate. For the sake of theory, let's say an alternate "malicious" page is served up at random. Everything looks fine, but instead of the addresses or QR code coming from Coingate, it is pulled from elsewhere. And further on this exercise, once the test is deemed successful, the page is pulled from rotation along with whatever triggered it... to be used at a later date.
Click to expand...
This is what happens when there's a 3rd party server that is not under the control of Panda being used as that brings about risks of its own.
 
Noli said:
The token is not placed on CoinGate, it is placed on the server side (as you know since you are a experienced IT). Again, no traces about this one on the server side. So no, no holes here.
Click to expand...
Still this is a 3rd party server not under the control of Panda...
 
You must log in or register to reply here.

Similar threads

Gemanardine
Gemanardine Laboratoire
Replies
13
Views
2K
poolshockguy
poolshockguy
Avexshop
  • Sticky
MESO-Rx Sponsor Avexshop.to - official distributor of Avex Pharma brand.
2
Replies
39
Views
6K
Avexshop
Avexshop
M
Problem with QSC
Replies
6
Views
2K
Qingdao Sigma Chemicals
Qingdao Sigma Chemicals
EuPharmaqo
  • Sticky
MESO-Rx Sponsor EuPharmaqo - EU DOMESTIC
73 74 75
Replies
1K
Views
129K
ran_the_man
R
C
  • Question
Pharmaqo Labs
Replies
1
Views
886
Smela
S

Sponsors

Latest posts

Top