It started innocently on Telegram.
“Watch a YouTube video. Like it. Send a screenshot. We’ll pay you $6.”
Seemed harmless. Easy money, right?
But then… they asked me to sign up on a shady website:avevastore.com
That’s when the alarms started ringing.
🧠 What They Didn’t Know?
I’m not the average victim. I’m a cybersecurity engineer.
So I did what I do best:
👉 I investigated.
👉 I analyzed.
👉 I hacked their fake site and exposed everything.
📺 Watch the Full Breakdown (Video)
🔍 Step 1: The Telegram Trap
The scam started with small psychological tricks:
- They offered small payment tasks to build trust.
- They led victims to a fake eCommerce site (avevastore.com).
- Then came the ask: “Pay a small deposit to unlock earnings.”
Classic phishing setup, targeting beginners on social media.
🕵️ Step 2: Inspecting the Fake Site
The first clue? The source code was a mess.
I used browser dev tools to check:
- Poorly obfuscated JavaScript
- Exposed API endpoints
- Login forms that sent data without encryption
I also ran a quick WHOIS lookup and discovered:
- The domain was recently registered
- No SSL certificate in some environments
- Registered under fake credentials
This wasn’t just shady… it was careless.
🚨 What I Found Inside Will Shock You
Inside the database:
- Hundreds of Telegram usernames
- Transaction logs (fake payouts)
- Scripts to simulate “reward credits” for user trust
- PHP files with backdoor uploaders for controlling victim browsers
They were building a fake affiliate empire using Telegram, small payments, and a front-end illusion.
🧠 Key Lessons for Everyone
✅ Don’t trust get-rich-quick tasks online
✅ Never share credentials or deposit money on unknown sites
✅ Use browser dev tools to inspect site behavior
✅ Basic cybersecurity skills can save you and others
🧰 Tools I Used:
| Tool | Purpose |
|---|---|
| WHOIS | Domain info |
| Burp Suite | Intercept form data |
| dirsearch | Directory brute-forcing |
| Linux shell | Code inspection & automation |
| GitHub | Payloads |
✋ Final Words
This isn’t just about one scam. It’s a pattern we all must watch out for.
Whether you’re a DevOps learner or cybersecurity enthusiast, your skills can protect people—sometimes even before they realize they’re in danger.