Malvertising: clkrev.com, Green Tech Software LLC - flashupdatenow.com, noyapps.com, humipapp.com

This one was found on a suspected fraud site (still investigating that part), with the advert itself not surprisingly, making no mention of who or what it was for. Clicking the advert leads you to this bit of loveliness.

The URLs;

Ad image: hxxp://cdn1.clkrev.com/ext/ibario/27/sdp_468_60_blue-copy.png

hxxp://clkrev.com/adServe/adClick?ai=ekSUwpoewG1RqztSz2GNNmAvFl3%2F12Y4STODgPax0CFFlenAR65WJswauoBmxM8RMgDPoQIZASDS%0APY3ShTWjUt%2FoSoWLTfAWmDZOW7Ex4wD0Q4M1PVxdj89OtZZBA%2FCDHNjTwA3D5UHF7gdD8qLdlQpl%0AHSYZzardeFfUZ7KQqgQwra98siXOwYQumcnxa2Owy6nLSy3dZqY0F7EZ9iDXEObtbSQzjfTORILa%0A73hzTpI%3D&ui=lNgkyXLTwHS8PRbIHZ%2FYuyxq6YdBHXDJdJhJnQ4gLR9er1xOXGFmvkjQSYNKC18O&src=BANNER
hxxp://www.humipapp.com/download/$ncIlR5lsIQYprB0v?v=18&cid=3975&clickid=0049408576874598554&a=3&cert=grts
hxxp://www.noyapps.com/lp/codecperformer/v18/?v=18&cid=3975&clickid=0049408576874598554&a=3
hxxp://flashupdatenow.com/1/

flashupdatenow.com is hiding behind CloudFlare (it's real IP is 198.199.102.40 (AS14061 Digital Ocean)), and has no content on its homepage. Going to /l/ presents this bit of maliciousness;

The download (183378b94332558211ffa1768bcb22e0, Adware.InstallBrain) is signed using a GoDaddy certificate, and signed by Green Tech Software LLC.