Wednesday, August 17, 2011

TrafficRevenue Review / Virus

This was an interesting read... Article credit to

I received an enquiry from Tomasz Klekot, the owner of Mr. Tomasz Klekot did wish to clarify that is not a malware network and that he had recently been the victim of a hacking incident which did lead to the following malvertising report - XP Antivirus 2011 distributed by Google Adsense and Ad Igniter.

I’ve decided to make this e-mail publicly available and added some additional information. By no way the content should be treated as an accusation; the only objective is to provide as much details as possible, which were found using a search engine (e.g. Google) and various Whois services. These details are provided below so that everyone can decide for themselves whether all content from should be treated with caution or not.
 March 21 2011
This is an enquiry e-mail via from:
Tomasz Klekot < >

Dear Sir/Madam,
I am the owner of TrafficRevenue described by you at
I'd like to state that we are not a malware network and what happened was a hacking incident.
Generally speaking, someone has hacked our server and redirected one of our domains to server that does not belong to us.
It was fix as soon as possible, we also set up additional security to prevent this from happening in the future.

Best regards,
Tomasz Klekot

March 22 2011

At the time of the write-up NOTHING has been fixed as seen on this network capture although Mr. Klekot said: "It was fix as soon as possible, we also set up additional security to prevent this from happening in the future."
Tomasz Klekot
Tomasz Klekot is present on Digital Point as tomksoft. It's not the first time that Mr. Klekot claims to be hacked or DDOS'ed, last year in January 2010 he had exactly the same problem.
Several of his clients don't hesitate to complain about malware coming through his advertising network and each time an incident is revealed, Mr Klekot got hacked or DDOS’ed. We all know that websites get hacked or DDOS’ed but it seems to happen very often to his network.
Back in November 2010 was flagged by Google Safe Browsing. This time the main banner provider for adult content got hacked according to Mr Klekot ... DDos'ed a couple of days before ...
Today is still blacklisted by Google.
Let’s put a thing straight: When you accept a dodgy advertiser or affiliate it has nothing to do with hacking.
What really bothers me in this whole story is that and share the same IP address.
The domain uses NS1.TOMKSOFT.NET - NS2.TOMKSOFT.NET as name servers. -
Updated Date:16-dec-2010
Creation Date:17-nov-2009
Registrar:ENOM, INC.
Registration Service Provided By:SingleHop, Inc
Registrant Contact:SingleHop, Inc
Zak Boca ( )
621 W Randolph St
3rd Floor
Chicago, IL 60661
Additional Information
network:Organization:Tomksoft S.A.
network:Street-Address:75 meters west of park
network:City:San Pablo de Heredia

When visiting there is only the default website page, no real content.
There is no website at The site uses NS1.REVONE.BIZ and NS2.REVONE.BIZ as name servers and the contact details are WhoisGuard Protected. Tomksoft S.A. doesn't appear to offer webhosting and it doesn't seem to be a reseller.
The same name servers are used by the following websites too:
  • -
  • -
  • -
In the Whois details RevOne is listed as the network organization with the same street address in Poland which was used to

Additional Information
network:Street-Address:Damrota 23/1

The site is yet another advertising bureau similar to and
Right Media published a guide called Trust & Safety: Anti-Malvertising Best Practices for Media Buyers and Sellers, let's check against the guide.
Tomasz Klekot ()tomksoft@gmail.comContact email that does not match the advertiser’s corporate domain (e.g., an address that uses @yahoo, @hotmail, or @google instead of @domain_name).
+1.000000000False addresses or contact information
Fax: +1.000000000False addresses or contact information
Tomasz Klekot also owns and when we look at the FAQ we discover that Tomksoft S.A. is a joint stock company located in Costa Rica. However, support is located in Poland (GMT+1 timezone), techs team is located in the US.
Again let's check against Right Media's Guide:
A site hosted in a different country than where the company is based.
General Whois Information
Domains sharing name servers (38) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
Below are the domains we can link to Mr. Tomasz Klekot, the others have their registration name and contact information hidden by privacy services. A couple are parked domains now. - - -
Damrota 23/1
Zabrze, Silesia 41800
Poland - - - - (*) - - - - - -
Tomasz Klekot ()
Damrota 23/1
Zabrze, State 41-800

Other domains registered by Tomasz Klekot | | (NO IP) | | |
For the and domains Tomasz Klekot provided an address in the United States instead of Poland. -
Updated Date:Tomasz Klekot
Registrant Organization:N/A
Registrant Address1:19 Market St
Registrant City:San Francisco
Registrant State/Province:CA
Registrant Postal Code:94111
Registrant Country:United States
Registrant Country Code:US
Registrant Phone Number:+1.3608122720
Back in 2007 the domain was also owned by Tomasz Klekot, it's now a parked domain. He was then 15 years old and posted quite some stuff on
Tomasz Klekot got banned from the The Patriot Group with the domain on December the 29th 2007 for using a frame breaker and the extensive use of fraudulent 0-iFrames.
Trustworty advertising network or not? It's up to YOU 


Are you looking to make cash from your visitors by using popup advertisments?
In case you do, did you try using Propeller Ads?

If you're looking for a good contextual advertising network, I recommend you take a peek at Chitika.

Post a Comment