You guys are overthinking... Lets assume the worst scenario, Pandas website was hacked.
So, the client makes the order and the malware creates a Coingate invoice on the website: "Create order at CoinGate and redirect shopper to invoice (payment_url)".
Lets check the params of the invoice:
View attachment 151808
As you can see, we have some new urls here apart from the obvious payment_url.
Lets check success_url, it is created to redirect you to the order details once it is confirmed on the blockchain. It redirects you to your order details.
So, we have 3 different scenarios here:
1.- Payment_url is going to be shown until the payment is confirmed. So every time you log in to your account and then visit
Purple Panda Labs you should see your payment_url (until +1 confirmations). This is a payment_url example:
View attachment 151810
2.- Payment is confirmed and then success_url is shown (order details such as items and status)
3.- We have another one, if the order was created in a legit way but then edited manually (so easy, check this
Tutorial on youtube), when you actually try to visit
Purple Panda Labs a permission deny is shown since this order is not created in your account. This is what you see:
View attachment 151812
Just try to enter to
Purple Panda Labs a random number) , you should see that page.
I can see that you were on PPL legit site when you made the payment, the SSL certificate is there and the first order is in PPL backend. For those who don't know what a SSL certificate is, basically it provides integrity and encryption to a web server and you can actually ensure that you are communicating with the website you want to (for those who want to learn more about HTTPS
Info about HTTPS)
View attachment 151813
So even if the invoice was created by a malware, it was created on PPL site and if you actually log in to your account and visit
Purple Panda Labs you should see the second scenario and not the third.
If you see the second one, malware on Pandas site.
If you see the third one, you are lying.
Record it in a video and we will have an answer. Don't forget to show the PPL SSL certificate in live so we can check that the site was not cloned or edited by you. I can see that you are online now, easy way to prove the scam, come on.