PayPerInstaller
Junior Member
- Feb 16, 2015
- 187
- 63
This is in response to Alex Kos's post : http://www.blackhatworld.com/blackh...-networks-not-responding-all.html#post8438162
First I'd like to point out that you are not tech savvy and you might not understand any of this. Your claim that we should not use Amonetize because they bundle a bitcoin miner is ridiculous. Bitcoin stopped being mined by CPU back in 2010. If you had 100,000 quad core (i7 920) CPUs, hashing full time, it would take over 100 days to mine 1btc. Bitcoin is mined by ASICs, not CPU/GPU.
Anyway, back to your network InstallMonster.ru / Insterra.com
Our installer, when executed, pings back home (via http, lets call the file exe1.php) so we know when an execution is successful. The installer only runs with admin privileges, it wont execute under normal user privs. It runs on both 32bit and 64bit operating systems.
This is the first screen user sees :
Click on NEXT takes it here :
...click on install starts a download & execute code - which cant be aborted by the user. It queries our webserver for dla1.php which contains a direct download link to installmonster.ru installer (via a 302 redirect).
At this point InstallMonster installer is executed (our installer stays stuck like this - it cant be closed, it waits for installmonster.ru installer to finish whatever it is doing).
These are the IPs (sorted by IP, last part obfuscated for privacy reasons) that executed your installer :
18 executions, IP addresses that you performed tests from (RU and UA) have been removed from this list.
Out of 18 executions only 6 turned into conversions which is VERY LOW. Was it AV that stopped your installer ? Maybe. In our experience this is a clear sign of heavy SHAVING.
For comparison, our execution/conversion ratio at Amonetize is 40%($1.70/US - fixed), 70% on VisiBay(Avg. $1, we will soon publish a detailed review don't start sending traffic just yet).
On top of heavy shaving your rates are TERRIBLE - 6 conversions (US) = $2.03 ($0.338 per conversion)
Conclusion : Stay away!
We need more PPI affiliates to use their own installers, networks are using the current browser blocking issues to literally steal our money! There is no better way to check how much a network shaves then by counting executions.
First I'd like to point out that you are not tech savvy and you might not understand any of this. Your claim that we should not use Amonetize because they bundle a bitcoin miner is ridiculous. Bitcoin stopped being mined by CPU back in 2010. If you had 100,000 quad core (i7 920) CPUs, hashing full time, it would take over 100 days to mine 1btc. Bitcoin is mined by ASICs, not CPU/GPU.
Anyway, back to your network InstallMonster.ru / Insterra.com
Our installer, when executed, pings back home (via http, lets call the file exe1.php) so we know when an execution is successful. The installer only runs with admin privileges, it wont execute under normal user privs. It runs on both 32bit and 64bit operating systems.
This is the first screen user sees :

Click on NEXT takes it here :

...click on install starts a download & execute code - which cant be aborted by the user. It queries our webserver for dla1.php which contains a direct download link to installmonster.ru installer (via a 302 redirect).

At this point InstallMonster installer is executed (our installer stays stuck like this - it cant be closed, it waits for installmonster.ru installer to finish whatever it is doing).
These are the IPs (sorted by IP, last part obfuscated for privacy reasons) that executed your installer :
Code:
50.183.54.* - - [23/Nov/2015:11:17:07 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
50.27.30.* - - [23/Nov/2015:11:59:02 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
50.73.225.* - - [23/Nov/2015:11:45:04 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
65.27.153.* - - [23/Nov/2015:12:03:40 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
69.166.87.* - - [23/Nov/2015:12:17:30 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
70.126.119.* - - [23/Nov/2015:11:53:36 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
70.197.196.* - - [23/Nov/2015:11:13:11 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
72.176.192.* - - [23/Nov/2015:11:27:42 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
73.165.127.* - - [23/Nov/2015:11:52:19 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
76.113.210.* - - [23/Nov/2015:12:05:49 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
98.112.194.* - - [23/Nov/2015:12:11:16 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
99.33.72.* - - [23/Nov/2015:11:34:05 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
107.146.207.* - - [23/Nov/2015:12:18:17 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
108.33.39.* - - [23/Nov/2015:11:48:07 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
162.228.93.* - - [23/Nov/2015:11:41:45 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
174.22.67.* - - [23/Nov/2015:11:21:45 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
174.58.251.* - - [23/Nov/2015:11:27:40 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
198.233.31.* - - [23/Nov/2015:12:09:00 +0100] "GET /download/dla1.php HTTP/1.1" 302 649 "http://www.download.com" "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0"
Out of 18 executions only 6 turned into conversions which is VERY LOW. Was it AV that stopped your installer ? Maybe. In our experience this is a clear sign of heavy SHAVING.
For comparison, our execution/conversion ratio at Amonetize is 40%($1.70/US - fixed), 70% on VisiBay(Avg. $1, we will soon publish a detailed review don't start sending traffic just yet).
On top of heavy shaving your rates are TERRIBLE - 6 conversions (US) = $2.03 ($0.338 per conversion)
Conclusion : Stay away!
We need more PPI affiliates to use their own installers, networks are using the current browser blocking issues to literally steal our money! There is no better way to check how much a network shaves then by counting executions.