Typical black PR. 'I got scammed, here is zero proof'
I know a few WMZ and LR exchangers that use OKpay bank accounts as their own for receiving wires and sending funds in huge amounts and no indication they've been scammed everything biz as usual
Topic: OKPAY is scam (probably not) - page 2. (Read 14066 times)
Please explain this to me:
Quote
OKPAY.COM DNS RECORDS
Record Type TTL Priority Content
forum.okpay.com CNAME 1 hour racoon.regall.net
mail.okpay.com MX 1 hour 10 mail.regall.net
okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
okpay.com MX 1 hour 10 mail.regall.net
okpay.com NS 1 hour ns2.regall.net
okpay.com NS 1 hour ns1.regall.net
okpay.com SOA 1 hour ns.regall.net. kostya.regall.net. 2012011702 3600 7200 12960000 36000
okpay.com TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net +all
www.okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
Record Type TTL Priority Content
forum.okpay.com CNAME 1 hour racoon.regall.net
mail.okpay.com MX 1 hour 10 mail.regall.net
okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
okpay.com MX 1 hour 10 mail.regall.net
okpay.com NS 1 hour ns2.regall.net
okpay.com NS 1 hour ns1.regall.net
okpay.com SOA 1 hour ns.regall.net. kostya.regall.net. 2012011702 3600 7200 12960000 36000
okpay.com TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net +all
www.okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
v=spf1 a:mail.regall.net mx:mail.regall.net +all
+all means "everybody welcome"
I bet had he wrote the same one the forum, he would have had help getting his money back and OKpay would have been in much worst situation.
Must me some 13yo kid ... with 11000$ ? well whatever.
Must me some 13yo kid ... with 11000$ ? well whatever.
Probably from the leaked info from MT Gox last year. 
Yes, that is what happened. That is confirmed by the information provided by dexfor.
There have been other leaks as well, (e..g, pool that had its user database list stolen), so the sender might have sent to additional addresses than just the nearly 40,000 email addresses leaked durign the June 2011 Mt. Gox breach but at least this indicates that it wasn't a new breach that somehow identified specifically who is using OK Pay.
I got the same email but never had an account there. Probably from the leaked info from MT Gox last year.
Please explain this to me:
That indicates that some noob didn't set up SPF correctly, and so gmail is allowing the mail to pass normally because of the error. Quote
OKPAY.COM DNS RECORDS
Record Type TTL Priority Content
forum.okpay.com CNAME 1 hour racoon.regall.net
mail.okpay.com MX 1 hour 10 mail.regall.net
okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
okpay.com MX 1 hour 10 mail.regall.net
okpay.com NS 1 hour ns2.regall.net
okpay.com NS 1 hour ns1.regall.net
okpay.com SOA 1 hour ns.regall.net. kostya.regall.net. 2012011702 3600 7200 12960000 36000
okpay.com TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net +all
www.okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
Record Type TTL Priority Content
forum.okpay.com CNAME 1 hour racoon.regall.net
mail.okpay.com MX 1 hour 10 mail.regall.net
okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
okpay.com MX 1 hour 10 mail.regall.net
okpay.com NS 1 hour ns2.regall.net
okpay.com NS 1 hour ns1.regall.net
okpay.com SOA 1 hour ns.regall.net. kostya.regall.net. 2012011702 3600 7200 12960000 36000
okpay.com TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net +all
www.okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
Quote
REGALL.NET DNS RECORDS
Record Type TTL Priority Content
mail.regall.net A 1 hour 173.224.112.179 ()
ns1.regall.net A 1 hour 173.224.112.179 ()
ns2.regall.net A 1 hour 188.138.40.123 ()
racoon.regall.net A 1 hour 173.224.112.179 ()
regall.net A 1 hour 173.224.112.179 ()
regall.net MX 1 hour 10 mail.regall.net
regall.net NS 1 hour ns2.regall.net
regall.net NS 1 hour ns1.regall.net
regall.net SOA 1 hour ns.regall.net. kostya.regall.net. 2011102601 3600 7200 129600 36000
regall.net TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net ?all
www.regall.net CNAME 1 hour racoon.regall.net
Record Type TTL Priority Content
mail.regall.net A 1 hour 173.224.112.179 ()
ns1.regall.net A 1 hour 173.224.112.179 ()
ns2.regall.net A 1 hour 188.138.40.123 ()
racoon.regall.net A 1 hour 173.224.112.179 ()
regall.net A 1 hour 173.224.112.179 ()
regall.net MX 1 hour 10 mail.regall.net
regall.net NS 1 hour ns2.regall.net
regall.net NS 1 hour ns1.regall.net
regall.net SOA 1 hour ns.regall.net. kostya.regall.net. 2011102601 3600 7200 129600 36000
regall.net TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net ?all
www.regall.net CNAME 1 hour racoon.regall.net
Quote
Received: from okpay.com ([69.194.161.228])
by mx.google.com with SMTP id z65si2441973yhl.65.2012.04.11.06.30.35;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) client-ip=69.194.161.228;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) [email protected]
by mx.google.com with SMTP id z65si2441973yhl.65.2012.04.11.06.30.35;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) client-ip=69.194.161.228;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) [email protected]
Got this to an email address that was specifically used for MtGox and has never been used anywhere else.
It's from the MtGox hack. Similar emails have been sent to that list before.
It's from the MtGox hack. Similar emails have been sent to that list before.
Please explain this to me:
Quote
OKPAY.COM DNS RECORDS
Record Type TTL Priority Content
forum.okpay.com CNAME 1 hour racoon.regall.net
mail.okpay.com MX 1 hour 10 mail.regall.net
okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
okpay.com MX 1 hour 10 mail.regall.net
okpay.com NS 1 hour ns2.regall.net
okpay.com NS 1 hour ns1.regall.net
okpay.com SOA 1 hour ns.regall.net. kostya.regall.net. 2012011702 3600 7200 12960000 36000
okpay.com TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net +all
www.okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
Record Type TTL Priority Content
forum.okpay.com CNAME 1 hour racoon.regall.net
mail.okpay.com MX 1 hour 10 mail.regall.net
okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
okpay.com MX 1 hour 10 mail.regall.net
okpay.com NS 1 hour ns2.regall.net
okpay.com NS 1 hour ns1.regall.net
okpay.com SOA 1 hour ns.regall.net. kostya.regall.net. 2012011702 3600 7200 12960000 36000
okpay.com TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net +all
www.okpay.com A 1 hour 67.227.182.219 (Wilmington, DE, US)
Quote
REGALL.NET DNS RECORDS
Record Type TTL Priority Content
mail.regall.net A 1 hour 173.224.112.179 ()
ns1.regall.net A 1 hour 173.224.112.179 ()
ns2.regall.net A 1 hour 188.138.40.123 ()
racoon.regall.net A 1 hour 173.224.112.179 ()
regall.net A 1 hour 173.224.112.179 ()
regall.net MX 1 hour 10 mail.regall.net
regall.net NS 1 hour ns2.regall.net
regall.net NS 1 hour ns1.regall.net
regall.net SOA 1 hour ns.regall.net. kostya.regall.net. 2011102601 3600 7200 129600 36000
regall.net TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net ?all
www.regall.net CNAME 1 hour racoon.regall.net
Record Type TTL Priority Content
mail.regall.net A 1 hour 173.224.112.179 ()
ns1.regall.net A 1 hour 173.224.112.179 ()
ns2.regall.net A 1 hour 188.138.40.123 ()
racoon.regall.net A 1 hour 173.224.112.179 ()
regall.net A 1 hour 173.224.112.179 ()
regall.net MX 1 hour 10 mail.regall.net
regall.net NS 1 hour ns2.regall.net
regall.net NS 1 hour ns1.regall.net
regall.net SOA 1 hour ns.regall.net. kostya.regall.net. 2011102601 3600 7200 129600 36000
regall.net TXT 1 hour v=spf1 a:mail.regall.net mx:mail.regall.net ?all
www.regall.net CNAME 1 hour racoon.regall.net
Quote
Received: from okpay.com ([69.194.161.228])
by mx.google.com with SMTP id z65si2441973yhl.65.2012.04.11.06.30.35;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) client-ip=69.194.161.228;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) [email protected]
by mx.google.com with SMTP id z65si2441973yhl.65.2012.04.11.06.30.35;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) client-ip=69.194.161.228;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) [email protected]
the question is: where did they got my email from (ok thats not that hard): but how did they know i have a login there?
maybe its just a pissed employee
maybe its just a pissed employee
I got the email too and don't have an OKPAY account. Maybe it was sent to every address from the MtGox and/or Intersango email list leaks.
Here's how my copy looked. It was CC'ed to me, and sent to [email protected].
Code:
Received: by 10.112.1.41 with SMTP id 9csp144016lbj;
Wed, 11 Apr 2012 06:30:37 -0700 (PDT)
Received: by 10.101.72.11 with SMTP id z11mr4048862ank.25.1334151036931;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Return-Path:
Received: from okpay.com ([69.194.161.228])
by mx.google.com with SMTP id z65si2441973yhl.65.2012.04.11.06.30.35;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) client-ip=69.194.161.228;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) [email protected]
Message-ID:
Date: Wed, 11 Apr 2012 14:09:34 +0100
Reply-To: "OKPAY"
From: "OKPAY"
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.14) Gecko/20080421 Thunderbird/2.0.0.14
X-Accept-Language: en-us
MIME-Version: 1.0
To: "AOL Users"
Cc: "AOL Users"
Subject: OKPAY is SCAM!
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hello,
I want to warn you that OKPay is scam payment processor.
They were fine while I was making small transfers, but as soon as my
balance reached 11000 USD, they blocked it.
And it's blocked since August last year.
Stay away from OKPAY!
Wed, 11 Apr 2012 06:30:37 -0700 (PDT)
Received: by 10.101.72.11 with SMTP id z11mr4048862ank.25.1334151036931;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Return-Path:
Received: from okpay.com ([69.194.161.228])
by mx.google.com with SMTP id z65si2441973yhl.65.2012.04.11.06.30.35;
Wed, 11 Apr 2012 06:30:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) client-ip=69.194.161.228;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 69.194.161.228 as permitted sender) [email protected]
Message-ID:
Date: Wed, 11 Apr 2012 14:09:34 +0100
Reply-To: "OKPAY"
From: "OKPAY"
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.14) Gecko/20080421 Thunderbird/2.0.0.14
X-Accept-Language: en-us
MIME-Version: 1.0
To: "AOL Users"
Cc: "AOL Users"
Subject: OKPAY is SCAM!
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hello,
I want to warn you that OKPay is scam payment processor.
They were fine while I was making small transfers, but as soon as my
balance reached 11000 USD, they blocked it.
And it's blocked since August last year.
Stay away from OKPAY!
Actually, because of that +all, it says that all mail servers are valid senders for okpay.com. NEVER put +all in your spf record. That alone says that you should avoid OKPAY at all costs, since their security is likely just as bad.
Now that you point it out, that is very lame. + is only for testing, and as you noted it allows all senders. They should be using - or ~ which either fails hard or fails soft respectively. Someone should email them and tell them they are doing it wrong. Got it also, from [email protected].
The email wording made it sound like someone who was pissed about the account being frozen, but it's very possible it was frozen for legitimate reasons. And definitely hacking their email server is not cool... so I'd reserve judgement either way in this case.
Not hacked, just impersonating. If they have a good SPF record, most filters will catch it and delete it.The email wording made it sound like someone who was pissed about the account being frozen, but it's very possible it was frozen for legitimate reasons. And definitely hacking their email server is not cool... so I'd reserve judgement either way in this case.
Code:
> okpay.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
okpay.com text =
"v=spf1 a:mail.regall.net mx:mail.regall.net +all"
>
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
okpay.com text =
"v=spf1 a:mail.regall.net mx:mail.regall.net +all"
>
^That tells mail server to ignore email purporting to be from okpay.com, UNLESS it comes from "mail.regall.net". However, many servers ignore this option, since it was tacked on to the protocol after SMTP was initially created.
Whoever wrote it certainly didn't lend themselves any credibility by faking the return address.
The weal thing is the email comes off as just trollish.
Sending something which looked like it came from a govt agency regarding freezing accounts owned by OKPAY and money laundering charges would have done more damage.
Lucky for OKPAY the idiot who wrote it comes off as less legit than a nigerian scammer.
Sending something which looked like it came from a govt agency regarding freezing accounts owned by OKPAY and money laundering charges would have done more damage.
Lucky for OKPAY the idiot who wrote it comes off as less legit than a nigerian scammer.
Got it also, from [email protected].
The email wording made it sound like someone who was pissed about the account being frozen, but it's very possible it was frozen for legitimate reasons. And definitely hacking their email server is not cool... so I'd reserve judgement either way in this case.
Not hacked, just impersonating. If they have a good SPF record, most filters will catch it and delete it.The email wording made it sound like someone who was pissed about the account being frozen, but it's very possible it was frozen for legitimate reasons. And definitely hacking their email server is not cool... so I'd reserve judgement either way in this case.
Code:
> okpay.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
okpay.com text =
"v=spf1 a:mail.regall.net mx:mail.regall.net +all"
>
^That tells mail server to ignore email purporting to be from okpay.com, UNLESS it comes from "mail.regall.net". However, many servers ignore this option, since it was tacked on to the protocol after SMTP was initially created.
Got it also, from [email protected].
The email wording made it sound like someone who was pissed about the account being frozen, but it's very possible it was frozen for legitimate reasons. And definitely hacking their email server is not cool... so I'd reserve judgement either way in this case.
The email wording made it sound like someone who was pissed about the account being frozen, but it's very possible it was frozen for legitimate reasons. And definitely hacking their email server is not cool... so I'd reserve judgement either way in this case.
Got it also. I love the occasional spam from my leaked e-mail. I never get anything as interesting from anything else.
got it too.. oh joy all we're on the bitcoin scam spam list :/
Got it too. Never used OKPay, but my e-mail was on the compromized gox list.
Besides, if they're trying to discredit OKPay, there should've been some more details to back up their claims.
Besides, if they're trying to discredit OKPay, there should've been some more details to back up their claims.
I got it; my email was on the MtGox list; I've never used OKPAY.
Every time I get another scam/phishing email to this address it's just another reminder of why it's perfectly reasonable to not trust Mt.Gox with sensitive information like, say, a scan of your passport.
Every time I get another scam/phishing email to this address it's just another reminder of why it's perfectly reasonable to not trust Mt.Gox with sensitive information like, say, a scan of your passport.
Has anyone received this email who was NOT on the mtgox leaked emails list?
ME ! I was not a user of MtGox (In other words, I was not signed up on MtGox) when the leak happened and still got the OKPay Is a Scam email :/ maby OkPay got leaked
Jump to: