This talk focuses on an open-source software tool, webXray, which detects the presence of third-party data flows on the web and attributes such flows to the corporations which receive user data. The talk will first describe the challenges, dead ends, and solutions encountered in developing the software so that developers and novices in the audience may understand the nature of the problem domain. Second, the talk will cover how to use the tool to analyze targeted populations of web pages with an emphasis on scaling and cost considerations. Third, the talk will describe findings in three areas: tracking found on medical websites, Chinese websites, and newspaper websites including measures of user exposure to malware-hosting domains embedded in ostensibly trusted websites. The talk will conclude with a theoretical discussion of how those seeking to leverage ad networks to deliver malware may pick the best networks suited to their objectives.