This lovely bit of flashy badness came up whilst I was looking for the latest version of an Android VM. This time it's not an image ad, but a flash advert (I have Flash and ActiveX disabled in the shells I use for most things, only noticed this one because I loaded the site in Opera, which is the only one I allow flash to load on (and even then, it's restricted)).
This time, the advert was served from content.yieldmanager.edgesuite.net;
Clicking this fake plugin missing ad, takes you to;
Which takes you to the actual download at (and disappointingly, detection for this is woefully pathetic);
Installing the crap that comes with the installer, gives your machine the rubbish that is, Performersoft LLC (performersoft.com, 220.127.116.11).
You'll not be surprised to hear, this one is owned by appround.biz. It's housed on;
18.104.22.168 (redirector1.dynect.net) (without www. prefix)
22.214.171.124 (redirector2.dynect.net) (without www. prefix)
www(.)softologicsa.com lives on 126.96.36.199 (ibbalancer.com) and without the www prefix, it resides on the same dynect.net IPs as the above.
ibariocorp.com are the ones responsible for InstallBrain, and I'd strongly recommend you blackhole their IPs.
The severely ethical lacking ad company responsible, is Israel based;
DSNR Media Group
Feel free to shout at them.