ShareThis

Wednesday, August 17, 2011

TrafficRevenue Review / Virus

This was an interesting read... Article credit to http://stopmalvertising.com/


I received an enquiry from Tomasz Klekot, the owner of trafficrevenue.net. Mr. Tomasz Klekot did wish to clarify that trafficrevenue.net is not a malware network and that he had recently been the victim of a hacking incident which did lead to the following malvertising report - XP Antivirus 2011 distributed by Google Adsense and Ad Igniter.

I’ve decided to make this e-mail publicly available and added some additional information. By no way the content should be treated as an accusation; the only objective is to provide as much details as possible, which were found using a search engine (e.g. Google) and various Whois services. These details are provided below so that everyone can decide for themselves whether all content from trafficrevenue.net should be treated with caution or not.
 March 21 2011
This is an enquiry e-mail via http://stopmalvertising.com/ from:
Tomasz Klekot < tom@trafficrevenue.net >

Dear Sir/Madam,
I am the owner of TrafficRevenue described by you at http://stopmalvertising.com/malvertisements/xp-antivirus-2011-distributed-by-google-adsense-and-ad-igniter/all-pages.html
I'd like to state that we are not a malware network and what happened was a hacking incident.
Generally speaking, someone has hacked our server and redirected one of our domains to server that does not belong to us.
It was fix as soon as possible, we also set up additional security to prevent this from happening in the future.

Best regards,
Tomasz Klekot
TrafficRevenue

March 22 2011

At the time of the write-up NOTHING has been fixed as seen on this network capture although Mr. Klekot said: "It was fix as soon as possible, we also set up additional security to prevent this from happening in the future."
Tomasz Klekot
Tomasz Klekot is present on Digital Point as tomksoft. It's not the first time that Mr. Klekot claims to be hacked or DDOS'ed, last year in January 2010 he had exactly the same problem.
Several of his clients don't hesitate to complain about malware coming through his advertising network and each time an incident is revealed, Mr Klekot got hacked or DDOS’ed. We all know that websites get hacked or DDOS’ed but it seems to happen very often to his network.
Back in November 2010 trafficrevenue.net was flagged by Google Safe Browsing. This time the main banner provider for adult content got hacked according to Mr Klekot ... DDos'ed a couple of days before ...
Today trafficrevenue.net is still blacklisted by Google.
Let’s put a thing straight: When you accept a dodgy advertiser or affiliate it has nothing to do with hacking.
What really bothers me in this whole story is that trekmedia.net and trafficrevenue.net share the same IP address.
The domain trekmedia.net uses NS1.TOMKSOFT.NET - NS2.TOMKSOFT.NET as name servers.

tomksoft.net - 184.154.128.186
Updated Date:16-dec-2010
Creation Date:17-nov-2009
Registrar:ENOM, INC.
Registration Service Provided By:SingleHop, Inc
Contact:sales@singlehop.com
Registrant Contact:SingleHop, Inc
Zak Boca ( sales@singlehop.com )
Fax:+1.3124472580
621 W Randolph St
3rd Floor
Chicago, IL 60661
US
Additional Information
network:IP-Network:184.154.128.184/29
network:Organization:Tomksoft S.A.
network:Street-Address:75 meters west of park
network:City:San Pablo de Heredia
network:State:Heredia
network:Postal-Code:3019
network:Country-Code:CR

When visiting tomksoft.net there is only the default website page, no real content.
tomksoftsa.com
There is no website at tomksoftsa.com. The site uses NS1.REVONE.BIZ and NS2.REVONE.BIZ as name servers and the contact details are WhoisGuard Protected. Tomksoft S.A. doesn't appear to offer webhosting and it doesn't seem to be a reseller.
The same name servers are used by the following websites too:
  • www.trafficrevenue.net - 173.236.89.195
  • pasadserver.com - 173.236.86.188
  • www.zigglesearch.com - 69.175.112.3
In the Whois details RevOne is listed as the network organization with the same street address in Poland which was used to registertrafficrevenue.net.

Additional Information
network:Organization:RevOne
network:Street-Address:Damrota 23/1
network:City:Zabrze
network:State:Silesia
network:Postal-Code:41800
network:Country-Code:PL

RevOne
The site revone.biz is yet another advertising bureau similar to www.trafficrevenue.net and www.popads.net.
 
www.trafficrevenue.net
Right Media published a guide called Trust & Safety: Anti-Malvertising Best Practices for Media Buyers and Sellers, let's check www.trafficrevenue.net against the guide.
Tomasz Klekot ()tomksoft@gmail.comContact email that does not match the advertiser’s corporate domain (e.g., an address that uses @yahoo, @hotmail, or @google instead of @domain_name).
+1.000000000False addresses or contact information
Fax: +1.000000000False addresses or contact information
www.popads.net
Tomasz Klekot also owns www.popads.net and when we look at the FAQ we discover that Tomksoft S.A. is a joint stock company located in Costa Rica. However, support is located in Poland (GMT+1 timezone), techs team is located in the US.
Again let's check against Right Media's Guide:
A site hosted in a different country than where the company is based.
General Whois Information
Domains sharing name servers (38)
amateurgaytube.net | amateurgirlstube.net | bderleta.klasae.com | bhtraffic.net | blackamateurtube.com | buycheaptoys.net | celebritiestube.org | deltasearch.net | domainstat.net | earthseek.net | ebaycoupon.us | hyperfind.net | idisearch.com | indexofdownload.com | indexofdownload.net | klasae.com | lesbiansvideos.org | lowest-air-fare.com | megapowersearch.com | moisearch.net | mp3indexdl.com | mp3musicdl.info | pasadserver.com | popads.net | popadscdn.net | professionalindemnity-insurance.net | revone.biz | searchc.net | searchnfind.org | searchoo.net | sexpublic.net | teensvideos.org | tomksoft.biz | tomksoftsa.com | tubeanal.net | visitorsfind.com | youyupi.com | zigglesearch.com
Below are the domains we can link to Mr. Tomasz Klekot, the others have their registration name and contact information hidden by privacy services. A couple are parked domains now.

amateurgaytube.net - blackamateurtube.com - lesbiansvideos.org - tubeanal.net
BHTraffic
Damrota 23/1
Zabrze, Silesia 41800
Poland

bderleta.klasae.com - bhtraffic.net - domainstat.net - earthseek.net - ebaycoupon.us (*) - klasae.com - megapowersearch.com - moisearch.net - popads.net - searchc.net - searchoo.net
Tomasz Klekot ()
Damrota 23/1
Zabrze, State 41-800
PL

Other domains registered by Tomasz Klekot
www.pokergoldmine.com | redir.su | unblock.su (NO IP) | credit-score-blog.com | clickfeed.net | debtdebtrelief.com
For the ebaycoupon.us and textop.us domains Tomasz Klekot provided an address in the United States instead of Poland.
ebaycoupon.us - textop.us
Updated Date:Tomasz Klekot
Registrant Organization:N/A
Registrant Address1:19 Market St
Registrant City:San Francisco
Registrant State/Province:CA
Registrant Postal Code:94111
Registrant Country:United States
Registrant Country Code:US
Registrant Phone Number:+1.3608122720
Registrant Email:tomksoft@gmail.com
www.tomksoft.com
Back in 2007 the domain www.tomksoft.com was also owned by Tomasz Klekot, it's now a parked domain. He was then 15 years old and posted quite some stuff on www.techblog.tomksoft.com.
Tomasz Klekot got banned from the The Patriot Group with the domain tomksoft.com on December the 29th 2007 for using a frame breaker and the extensive use of fraudulent 0-iFrames.
Trustworty advertising network or not? It's up to YOU 


2 comments:

Are you looking to make cash from your visitors by using popup advertisments?
In case you do, did you try using Propeller Ads?

If you're looking for a good contextual advertising network, I recommend you take a peek at Chitika.

Post a Comment