Scammed by PurplePandaLabs for $900 - GG gaslighting

I am open to it being Malware on my end but why would they go to such extremes as to alter my URL address bar, create an email address, send me an email etc? That doesn't really make sense imo.



If you can send me that same evidence via email that would be great.



Less than 20 minutes I believe.



I agree which is why I want them to look into what happened but instead they haven't provided any evidence and just labelled me a scammer from the get-go.

Those questions are still unanswered.
I agree, that part sounds wieird, which is why I also said a possibility of a spoofing attack, in which case, we will see more issues like this come up in the coming weeks.
 
Less than 20 minutes I believe
Then there is no reason for the BTC to change. After seeing the video there is no way that could have been fucked up. The money wasn't sent bro. That BTC addy is assigned to that order. And never received payment.

I agree which is why I want them to look into what happened but instead they haven't provided any evidence and just labelled me a scammer from the get-go.

Those questions are still unanswered.
There is no clerical error or anyway for a human to mingle with your order in that 20 mins man.

so I went ahead and sent the money to the BTC address that was displayed on that page (in the first screenshot).
That's not what's in the video. They don't match.
 
I agree, that part sounds wieird, which is why I also said a possibility of a spoofing attack, in which case, we will see more issues like this come up in the coming weeks.

Hopefully.

PPL or Ollie (I forget who) did mention there was multiple new accounts trying to scam recently so if those are legit new customers, hopefully they know about meso or other forums.

But again, no evidence or proof of these new scam accounts or emails have been provided - censoring dox information and posting should be fine (of course run by mods if unsure).
 
No, you are not reading what I am writing.

I placed the order on the official PPL website - nothing was done via email.

-----

When going through checkout on the PPL website it will automatically forward you to the order page where it will display the BTC address and tell you there is a 2 hour window to make the payment.

Look at the first screenshot in the first post in this thread, that is the URL address that PPL's website forwarded me to along with the BTC address. It is not a fake website, it is PPLs domain.

The URL in the screenshot is

https://www.purplepandalabs.com/shop/payment?code=041026682648504

so I went ahead and sent the money to the BTC address that was displayed on that page (in the first screenshot).

Minutes after sending the BTC, I received an email from the dodgy protonmail saying the payment was received.

-----

So to summarise, I did the entire order on the PPL website.

Instead of forwarding me to /shop/payment?code=210729020421630, I was forwarded to /shop/payment?code=041026682648504.

All of this is on PPLs domain, there is no fake website.


Yes, the BTC address tied to order 210729020421630 will be empty because I was given a different BTC address from the order URL page 041026682648504.

-----

So if PPL is unable to do segwit BTC addresses with their billing system that means it is not a bug or a simple software glitch of giving the incorrect order number.

Instead it means that someone purposefully forwarded me to that order number and then (for some weird reason) sent a fake confirmation email afterwards.


-----

So the question still remains, why has PPL or ollie not answered my questions from yesterday or given any proof that I have asked? Have they even looked into 041026682648504 order in the logs/database?

This doesn't make sense to anyone that understands how web services work. PPL works with Coingate, this is a simple tool to create crypto invoices in order to accept crypto in your website with a UNIQUE token: you just need to integrate their API in your shop, and it will create a invoice with a crypto address. PPL has its own API token integrated, only one and unique.

This is how it works:

IMG_20210807_192815.jpg

As you can see in their official docs;
Order creation
  1. CoinGate checks if the order is valid.
    2a. If the order is valid, CoinGate responds with 200 HTTP status and returns order data. After receiving 200 HTTP status, you should redirect the shopper to payment_url address.
    2b. If the order is not valid, CoinGate returns 422 (or another) error HTTP status and an error message (see Errors).
If you check the return in their docs, order data returns all the body params the site needs to continue with the payment, and you are redirected to the payment_url address.

Important here, all the params are created acording to the website private and unique API token and the params are created only once per order ID. No vulnerabilities have been found in Coingate, so basically it's impossible to redirect you to another url or create two different invoices at the same time but with different parameters without changing the code (which isn't changed).

A lot of orders have been created these days and seems like no one has been redirected to another url, and the website is not compromised so redirecting to fake urls is not possible.

You are claiming that there are 7 payments to this bitcoin address, funny thing here is that PPL Coingate creates a new invoice (with a new address and url) for every new order, theorically we would have 7 different payments to 7 different addresses, Coingate never redirects you to a same url since the order ID is unique (how would we distinguish if a order has been paid if the order ID and url is not unique?), so yeah, no sense.

If you are saying the truth (which I am sure you aren't), the only thing that can happen here is that you have been DNS Poisoned. This can happen locally in your DNS Cache or in some DNS server you or your ISP is working with. I am not going to explain this, but the important thing here is that the web server has nothing to do with DNS poisoning, so you have been spoofed locally or any of your DNS servers (barely possible), but again, not PPLs fault (maybe yours watching things you shouldn't watch :$)
 
You are claiming that there are 7 payments to this bitcoin address, funny thing here is that PPL Coingate creates a new invoice (with a new address and url) for every new order
Exactly. And when the order isn't paid... The order is deleted on user end. Along with the BTC address.
so you have been spoofed locally
That's the pot calling the kettle black.

After seeing the backend all this hinges on one screenshot that doesn't match actual video evidence. It is an edit.

And to say "hey what's going on with my order did you guys get hacked?"..... Lol I think laying out the groundwork that early didn't help the scheme any.
 
Hopefully.

PPL or Ollie (I forget who) did mention there was multiple new accounts trying to scam recently so if those are legit new customers, hopefully they know about meso or other forums.

But again, no evidence or proof of these new scam accounts or emails have been provided - censoring dox information and posting should be fine (of course run by mods if unsure).
There’s no mods here.
 
Widely… 3 people.. and none of those 3 has any willing to fuck with useless stuff…
I have NOT shared these videos with anyone @Gdawg , and obviously I am not allowed to attach them here for all to see. I will keep any info in strict confidence as that’s how I work.

sorry this became a total shitshow.
 
This doesn't make sense to anyone that understands how web services work. PPL works with Coingate, this is a simple tool to create crypto invoices in order to accept crypto in your website with a UNIQUE token: you just need to integrate their API in your shop, and it will create a invoice with a crypto address. PPL has its own API token integrated, only one and unique.

This is how it works:

View attachment 151784

As you can see in their official docs;
Order creation
  1. CoinGate checks if the order is valid.
    2a. If the order is valid, CoinGate responds with 200 HTTP status and returns order data. After receiving 200 HTTP status, you should redirect the shopper to payment_url address.
    2b. If the order is not valid, CoinGate returns 422 (or another) error HTTP status and an error message (see Errors).
If you check the return in their docs, order data returns all the body params the site needs to continue with the payment, and you are redirected to the payment_url address.

Important here, all the params are created acording to the website private and unique API token and the params are created only once per order ID. No vulnerabilities have been found in Coingate, so basically it's impossible to redirect you to another url or create two different invoices at the same time but with different parameters without changing the code (which isn't changed).

A lot of orders have been created these days and seems like no one has been redirected to another url, and the website is not compromised so redirecting to fake urls is not possible.

You are claiming that there are 7 payments to this bitcoin address, funny thing here is that PPL Coingate creates a new invoice (with a new address and url) for every new order, theorically we would have 7 different payments to 7 different addresses, Coingate never redirects you to a same url since the order ID is unique (how would we distinguish if a order has been paid if the order ID and url is not unique?), so yeah, no sense.

If you are saying the truth (which I am sure you aren't), the only thing that can happen here is that you have been DNS Poisoned. This can happen locally in your DNS Cache or in some DNS server you or your ISP is working with. I am not going to explain this, but the important thing here is that the web server has nothing to do with DNS poisoning, so you have been spoofed locally or any of your DNS servers (barely possible), but again, not PPLs fault (maybe yours watching things you shouldn't watch :$)

Thanks for the explanation.

Like I said i'm open to the possibility it's malware on my end but none of it makes sense - It was more than just a simple BTC address swap on a webpage.

I would have asked PPL/ollie if there have been any unpaid invoices that have similar amounts to what was paid into that BTC wallet but they will say no either way.

Exactly. And when the order isn't paid... The order is deleted on user end. Along with the BTC address.

That's the pot calling the kettle black.

After seeing the backend all this hinges on one screenshot that doesn't match actual video evidence. It is an edit.

And to say "hey what's going on with my order did you guys get hacked?"..... Lol I think laying out the groundwork that early didn't help the scheme any.

I promise you it is not an edit. The only thing I did was censor the firefox bookmarks bar and the task bar to stop from doxing myself.

I have NOT shared these videos with anyone @Gdawg , and obviously I am not allowed to attach them here for all to see. I will keep any info in strict confidence as that’s how I work.

sorry this became a total shitshow.

I appreciate that and yeah it has been a total shit show.
 
Im going to explain this with an example, if the police has evidence that a guy is a thief, and the evidence totally proves it, the evidence can be shown on the newspapers since it has been proved.

This totally proves this guy was a scammer, it was the only way of proving it and he knew about it, we could have posted about it on the open forum but I preferred to send it to some guys instead, why? Because ven tho he’s a scammer i need to follow the rules.
This totally proves he is a scammed in YOUR opinion.
 
From what I can tell from the posts...

A BTC address was assigned to the order.
No payment has been paid to this particular address.

This does not prove he is a scammer.
This does not prove he has no malware.
This does not prove the Website hasn't been hacked.
This does not prove foul play by someone working for the website.
 
The distinct thing about this thread that annoys me is you have the Gdawg, who has not once resorted to insults and has held their composure, and then you have PPL, who very quickly got defensive, angry, and kneejerk shoved some collective ego up in everyone's asses. I don't care the issue, but if you can't handle business in a more dignified manner and not be open to there being an actual issue, then I have zero interest in doing business with them in the future. Sure, no skin off their ass, but it was very similar with the "remailer" incident. Come at it with some fucking humility and professionalism, and you'd earn way more respect and future business. I don't give a fuck if he's a scammer or not. You have had issues in the past, which proves you are anything but secure, and coming off as cocky with your opsec really might not be the best way to approach it.
 
I promise you it is not an edit. The only thing I did was censor the firefox bookmarks bar and the task bar to stop from doxing myself.
At any point did you see two BTC addresses? Because what you're saying is you placed the order. Brought to the URL with the BTC address directly afterwards....

What was with the email then to send payment? Did you place the order and then proceed to click the link in the email to send the BTC?
 
FWIW I still haven't seen anything that shows @Gdawg is scamming. Personally the way he's handling it I think he may have truly gotten scammed (Not saying it was PPL) but idk by who. It seems like @OllieJacobs handled this terribly though regardless. His reaction is that OP is a scammer instead of saying he would look into it. Just bad CS in my opinion. Doesn't give anyone else a lot of comfort that if they had a problem it would be looked into. Then you think that to "prove" something you have the guy who would be held liable (Panda) "show" you what happened. If he was hacked he wouldn't tell you. That would be a huge blow to his business and cost him a lot more than $900. You took this personally and went into it %100 sure OP was scamming instead of open minded. I mean even if this was a scam you handled it terribly by accusing and jumping to conclusions. Then you send this "proof" to people of your choosing?? Really? Well of course they'll jump on your bandwagon. You are saying the invoice wasn't paid? Well no shit the OP is saying the invoice he was sent was paid not the one you are showing people. (Op states he was sent different addy) Obviously if he had sent coin to that address we wouldn't be having this convo. But at the end of the day you sent personal info to people without the OPs permission. For that you should be banned! No questions asked IDGAF your "justification". I mean his info would have been posted if someone hadn't LITERALLY told mind not to. I've been looking at getting trest from you for about a week as it's hard to find. Now I have to keep looking because I would NEVER use you due to the way this was handled. The dox was enough for me. Hope you learn!! Gl @Gdawg if you truly aren't scamming
 
FWIW I still haven't seen anything that shows @Gdawg is scamming. Personally the way he's handling it I think he may have truly gotten scammed (Not saying it was PPL) but idk by who. It seems like @OllieJacobs handled this terribly though regardless. His reaction is that OP is a scammer instead of saying he would look into it. Just bad CS in my opinion. Doesn't give anyone else a lot of comfort that if they had a problem it would be looked into. Then you think that to "prove" something you have the guy who would be held liable (Panda) "show" you what happened. If he was hacked he wouldn't tell you. That would be a huge blow to his business and cost him a lot more than $900. You took this personally and went into it %100 sure OP was scamming instead of open minded. I mean even if this was a scam you handled it terribly by accusing and jumping to conclusions. Then you send this "proof" to people of your choosing?? Really? Well of course they'll jump on your bandwagon. You are saying the invoice wasn't paid? Well no shit the OP is saying the invoice he was sent was paid not the one you are showing people. (Op states he was sent different addy) Obviously if he had sent coin to that address we wouldn't be having this convo. But at the end of the day you sent personal info to people without the OPs permission. For that you should be banned! No questions asked IDGAF your "justification". I mean his info would have been posted if someone hadn't LITERALLY told mind not to. I've been looking at getting trest from you for about a week as it's hard to find. Now I have to keep looking because I would NEVER use you due to the way this was handled. The dox was enough for me. Hope you learn!! Gl @Gdawg if you truly aren't scamming
That’s what it sounds like, it sounds like he’s been the victim of some type of spoofing attack, in which case we will be hearing more cases coming soon.
 
@Gdawg go to this thread MESO-Rx Sponsor - Dragon Ordnance and start reading. Is a similar case in a way.
More than likely this guy ain't trying to scam anybody he has some malware or something or Panda hired again some doubtful guys. Panda and Dragon what they have in common is that they are cousins and probably use the same guys as they share the same warehouse.
Do some reading and digging and maybe you will find something in his story
 
From what I can tell from the posts...

A BTC address was assigned to the order.
No payment has been paid to this particular address.

This does not prove he is a scammer.
This does not prove he has no malware.
This does not prove the Website hasn't been hacked.
This does not prove foul play by someone working for the website.
From what I can tell.....the source and/or the reps are highly unprofessional and rude as hell. What a way to handle an issue like this. Jeez. That's worse for the source's reputation than OP's thread in my eyes. If the site did get compromised in any way it's the source's responsibility.

I love how there's an identical thread listed under "similar threads" here with another guy having the same problem. I didn't look at it though.
 
That’s what it sounds like, it sounds like he’s been the victim of some type of spoofing attack, in which case we will be hearing more cases coming soon.
I'm sure it'll be the remailer again somehow...

"It wasn't me! It was the one-armed man!"

Maybe they brought Sciroxx on as a consultant.
 
From what I can tell.....the source and/or the reps are highly unprofessional and rude as hell. What a way to handle an issue like this. Jeez. That's worse for the source's reputation than OP's thread in my eyes. If the site did get compromised in any way it's the source's responsibility.

I love how there's an identical thread listed under "similar threads" here with another guy having the same problem. I didn't look at it though.
Pretty sure that idiot just took too long to pay.. it was resolved easily.. without his thread.. or maybe that was another guy.
 
Back
Top