This doesn't make sense to anyone that understands how web services work. PPL works with Coingate, this is a simple tool to create crypto invoices in order to accept crypto in your website with a UNIQUE token: you just need to integrate their API in your shop, and it will create a invoice with a crypto address. PPL has its own API token integrated, only one and unique.
This is how it works:
View attachment 151784
As you can see in their official docs;
Order creation
- CoinGate checks if the order is valid.
2a. If the order is valid, CoinGate responds with 200 HTTP status and returns order data. After receiving 200 HTTP status, you should redirect the shopper to payment_url address.
2b. If the order is not valid, CoinGate returns 422 (or another) error HTTP status and an error message (see Errors).
If you check the return in their docs, order data returns all the body params the site needs to continue with the payment, and you are redirected to the payment_url address.
Important here, all the params are created acording to the website private and unique API token and the params are created only once per order ID. No vulnerabilities have been found in Coingate, so basically it's impossible to redirect you to another url or create two different invoices at the same time but with different parameters without changing the code (which isn't changed).
A lot of orders have been created these days and seems like no one has been redirected to another url, and the website is not compromised so redirecting to fake urls is not possible.
You are claiming that there are 7 payments to this bitcoin address, funny thing here is that PPL Coingate creates a new invoice (with a new address and url) for every new order, theorically we would have 7 different payments to 7 different addresses, Coingate never redirects you to a same url since the order ID is unique (how would we distinguish if a order has been paid if the order ID and url is not unique?), so yeah, no sense.
If you are saying the truth (which I am sure you aren't), the only thing that can happen here is that you have been DNS Poisoned. This can happen locally in your DNS Cache or in some DNS server you or your ISP is working with. I am not going to explain this, but the important thing here is that the web server has nothing to do with DNS poisoning, so you have been spoofed locally or any of your DNS servers (barely possible), but again, not PPLs fault (maybe yours watching things you shouldn't watch :$)