good research but silly hypothesis on the "conclusion". if any money was going from malware advertisers to master134 (the entity hacking wordpress blogs to make them show ads), they would show the "ads" directly without all those middle mans.
more likely the adnetwork and the resellers know very well the traffic and advertisers are malicious. but they are "partners" and want a share of this revenue. probably they even came up with the scheme, and not the bad actors.
adterra flag both the bad sites and bad ad campaigns either explicitly as criminal or via some misleading unique tag that will never be used, save to mark players in this scam.
now malware advertisers pay AdTerra and its resellers like every other advertiser. And adterra shows their ads on the tainted inventory. and pay the "owner" of the inventory, master134.
more likely the adnetwork and the resellers know very well the traffic and advertisers are malicious. but they are "partners" and want a share of this revenue. probably they even came up with the scheme, and not the bad actors.
adterra flag both the bad sites and bad ad campaigns either explicitly as criminal or via some misleading unique tag that will never be used, save to mark players in this scam.
now malware advertisers pay AdTerra and its resellers like every other advertiser. And adterra shows their ads on the tainted inventory. and pay the "owner" of the inventory, master134.