This one was found on a suspected fraud site (still investigating that part), with the advert itself not surprisingly, making no mention of who or what it was for. Clicking the advert leads you to this bit of loveliness.
Ad image: hxxp://cdn1.clkrev.com/ext/ibario/27/sdp_468_60_blue-copy.png
flashupdatenow.com is hiding behind CloudFlare (it's real IP is 18.104.22.168 (AS14061 Digital Ocean)), and has no content on its homepage. Going to /l/ presents this bit of maliciousness;
The download (183378b94332558211ffa1768bcb22e0, Adware.InstallBrain) is signed using a GoDaddy certificate, and signed by Green Tech Software LLC.