Seems we've got another Israel based crapware company, this one is involved in the use of fake Chrome and Java sites, to push their files (all digitally signed FYI).
22.214.171.124 - AS32181 126.96.36.199/21 ASN-GIGENET - GigeNET
188.8.131.52 - AS46652 184.108.40.206/19 SERVERSTACK-ASN - ServerStack, Inc
220.127.116.11 - awstrack01.tguhost.com - 16509 18.104.22.168/17 AMAZON-02 - Amazon.com, Inc.
22.214.171.124 - AS46652 126.96.36.199/19 SERVERSTACK-ASN - ServerStack, Inc.
188.8.131.52 - AS16509 184.108.40.206/18 AMAZON-02 - Amazon.com, Inc.
Sites identified thus far;
The MD5 for the file I got served is;
However, I am aware that the MD5s appear to be different for each access, so you're going to want to detect the files on their sig instead.
2 more IPs and 2 more hostnames added.
Few more hostnames added.