Seems we've got another Israel based crapware company, this one is involved in the use of fake Chrome and Java sites, to push their files (all digitally signed FYI).
184.108.40.206 - AS32181 220.127.116.11/21 ASN-GIGENET - GigeNET
18.104.22.168 - AS46652 22.214.171.124/19 SERVERSTACK-ASN - ServerStack, Inc
126.96.36.199 - awstrack01.tguhost.com - 16509 188.8.131.52/17 AMAZON-02 - Amazon.com, Inc.
184.108.40.206 - AS46652 220.127.116.11/19 SERVERSTACK-ASN - ServerStack, Inc.
18.104.22.168 - AS16509 22.214.171.124/18 AMAZON-02 - Amazon.com, Inc.
Sites identified thus far;
The MD5 for the file I got served is;
However, I am aware that the MD5s appear to be different for each access, so you're going to want to detect the files on their sig instead.
2 more IPs and 2 more hostnames added.
Few more hostnames added.