This extension is designed for research purposes to discover a scam network
Note: The network has updated its code and included the actual dom in a cross-origin frame. As a workaround, go to that frame url directly instead of dealing with it in a frame.
Came across this FAKE SCAM website today: http://onlymoney.club/ which is affiliated with a series of similar fake websites, but I am really amazed by the con skills these guys possess!
SPOILER - Technical Analysis Ahead Upon registration, it does not verify your email, and it directly logs you in after registration. After becoming a user, it shows you that the rate per captcha has increased to 10 cents, which is a great incentive to make 6$ in 1 minute!
It then requests that you reach a minimum amount of money before withdrawing your "hard-earned" money :P
I was able to exploit the website and generate 2500$ in under 2 minutes which made me discover the tricks quickly...
This is the tool I used to generate that amount of money, it's a chrome extension.
So after you get that amount, they give you a referral link, they say that you should make 40 people join their website, you will get 50% of what your referrals make.
Instead of getting the referrals and waiting for people to join, they give you the option to pay (in Bitcoin) some of their active users so that they "share" with you some referrals, prices range from 10$ to 20$ for 40-100 referrals.
Another exploit and I got 41 active referrals (although that took 30 mins :P )
So you get the referrals and you're now ready to click "withdraw"!!!
A message box appears and it goes like this: "You're account is not verified, it will take 2-3 months to verify your account. Pay 10$ in bitcoin and you will receive your money in 5-10 mins."
I wish the story ends here :P
I go to the support section where it claims instant publishing of your post (and where you have a lot of satisfied "workers" who were able to withdraw thousands of dollars"), so I publish a message about them being scammers and to my astonishment, my message indeed gets published instantly without moderation!!
Opening a different browser session (incognito mode, without logging in, and all cookies and cache cleared) also shows that the message is published!!!
Changing the IP and starting a new session shows that the message is actually bound to the user's IP address... now isn't that brilliant?!!
I finally write them this message and publish my findings here...
"LOL so you attach the review to the IP address so that it looks to the publisher as if it is directly published without moderation and convince users that you are not scammers.... Professional con skills... Expect someone to get to you soon ;)"