Many detections here on communicating files: https://www.virustotal.com/#/domain/zz.bdstatic.com
Read background info: https://blog.malwarebytes.com/detections/adware-graftor/
Where we stumbled upon it: https://urlquery.net/report/ae9c51be-4ca2-4156-b8c5-5b2f79823269
and detected adware: https://privacyscore.org/site/119231/
Consider: -https://zz.bdstatic.com/linksubmit/push.js -. content see: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=enouYiNzdHx0W14uXl1tYGxbbmtzdWJtW3RgcHVzaC5qcw%3D%3D~enc
Security vulneralbilties 6 threats found: https://webscan.upguard.com/#/https://zz.bdstatic.com
Re: https://www.cvedetails.com/cve/CVE-2018-19540/ (through excessive server info proliferation vulnerability)
and SPDY protocol 3 vuln: https://support.f5.com/csp/article/K14059
Re: https://webhint.io/scanner/0edc96fb-df5b-431b-8c5c-708ff32e9f5b

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Part of this problem is existing server software mono-cultures in countries like Mainland China and Indonesia for instance.
The phishing platforms involved are more of a USA problem - as prizeforyouhere dot com was PHISHING.
Re: https://whois.domaintools.com/104.201.35.243

“Do not wear all your precious eggs in one and the same basket, as you tend to break them more easily”.

But is not only these two countries that may come affected by Graftor Ad-PUP:

Example: https://www.superantispyware.com/malwarefiles/SOSOIM4.EXE.html

polonus