The domain justimpression.com has been fingered as part of the malware chain, registered to the infamous "Private person" of:
Registrant:That email address is pretty well known for malware distribution.
Armand Gregori (firstname.lastname@example.org)
Federicsshopen via 3
Creation Date: 17-Dec-2009
Expiration Date: 17-Dec-2010
Domain servers in listed order:
The site is hosted on 18.104.22.168 along with a site called impressionclub.com. "Impression Club" claims to be a Pennsylvania based company that has been in business for four year, except the domain was only registered in January 2010 with anonymous contact details, and Russian nameservers.
You can probably count impressionclub.com as a rogue ad network and one to avoid.
The FarmTown developers have a forum thread about the problem (one poster identifies an ad for greetingcards.com as the culprit) and there are several threads on Facebook about this      which also point at the following domains as being part of the chain
All these domains are registered with apparently false details, there are probably a bunch more but I'm having difficult resolving the IPs at the moment.
This could be a fairly big deal, Quantcast reports that justimpression.com has a traffic rank of 6,227 and pulled in 329,000 US visitors during February.
This is another good reason to block Facebook in corporate enviroments, and also a useful warning that you need to be very, very careful when selling ad space!