36 Security Levels

We maintain a list of over 25 known temporary email domains (tempmail.com, guerrillamail.com, 10minutemail.com, etc.). If anyone attempts to register with these email addresses, their registration is automatically rejected.

For each registration, we save the IP address. If more than three accounts are created from the same IP address, the fourth is automatically blocked.

When you register, we create a unique fingerprint of your browser/device. This is a combination of your browser, operating system, screen resolution, installed plugins, and other parameters. If the same device attempts to register a new account, it will be blocked.

We use Cloudflare Turnstile, a next-generation captcha that analyzes mouse and keyboard behavior invisibly. It doesn't require clicking on images. If it detects a bot, registration is blocked.

During registration, you set up an app like Google Authenticator or Authy. Each time you log in, you'll need to enter your email address, password, and a 6-digit code that changes every 30 seconds.

Each incorrect password increments a counter. After 5 consecutive errors, the account is temporarily locked for 15 minutes. After this time, it is automatically unlocked.

The authentication token is stored in a cookie with the "httpOnly" flag, meaning it cannot be read by JavaScript. This protects your token even if a malicious site tries to steal it.

For each login, we generate a signed JWT token containing your user ID, user type, and expiration date. After 7 days, the token expires and you must log in again.

Before each video, we check the IP address using vpnapi.io. If a VPN is detected, a message appears, "Disable VPN to watch videos." The results are cached for 24 hours for efficiency.

If the IP address is from a data center rather than a residential connection, "Use a residential connection" appears. We also block Tor connections.

Before starting each video, you must complete an invisible Cloudflare Turnstile captcha that analyzes your behavior in real time. If you fail, you can't watch the video.

For each video, we create a unique session with ID, start time, IP address, device, and requested video duration. This allows us to verify that the video has actually been watched.

During the video, your browser sends a signal to the server every 10 seconds. If the signals stop, the video is considered abandoned. If they arrive too quickly, it's suspicious and the video is invalidated.

We compare the actual time elapsed with the video duration. If 60 seconds of video are "watched" in 10 real seconds, it's fraud. We tolerate a maximum 30% discrepancy.

At the end of the video, you must answer 1 to 4 questions (Base on length: SHORT, MEDIUM, LONG, EXTENDED). You have 3 attempts for each question. If you get the same question wrong 3 times, the video will not be paid.

If you fail a Quiz, the "failed" status is saved in the database. Any future attempts for that campaign are automatically rejected. You can never earn money from that campaign again.

We count the videos completed in the last hour. If you reach 10, it says "You've reached the hourly limit. Try again in X minutes."

We count videos from midnight. If you reach 50, it says "You've reached your daily limit. Come back tomorrow."

When you start a video, we check if you already have active sessions. If you already have a video in progress, "Complete current video first" appears.

When you complete a video, we save the user + campaign pair. If you try to rewatch it, that campaign will no longer appear in your list.

If someone on your WiFi has already viewed that campaign, it won't appear for you. We check the IP associated with each completed view.

The device fingerprint is saved with each view. If the same device tries to view a previously viewed campaign with a different account, it will be blocked.

You cannot withdraw less than $10. This limit is necessary to cover blockchain fees and make the system sustainable.

Even if you're already logged in, you must enter the 2FA code from your phone to confirm each withdrawal. Without the correct code, the withdrawal will be rejected.

After a withdrawal, we save the timestamp. If you try to withdraw again within 24 hours, "Wait X hours" appears.

Campaigns are paid in stablecoins (USDC / USDT) via crypto Wallet on the Base network. Payment is confirmed On-Chain before the campaign is activated, ensuring that the budget is real and immediately available for payments to Viewer.

Each campaign has a "Report" button. Users can indicate the reason for reporting. All reports are collected and analyzed.

The system constantly monitors campaign quality. If an ad receives at least five reports and exceeds a 15% negativity rate in terms of views, it is immediately frozen (status: under_review) and notified to administrators for a thorough review.

We limit requests to prevent abuse: Registration 3/day per IP, Login 5 every 15 minutes per IP, Videos 10/hour and 50/day per user, Email verification 3/hour.

Every request to protected pages is verified. We check that the JWT token is valid and that the user has permissions for that page. If not authorized, a redirect to the login is issued.

All communications are encrypted with SSL/TLS. Redirection from HTTP to HTTPS is automatic. Data in transit is unreadable by third parties.