Update: The whois listing for the cc domain looks pretty odd. It's a person in Thailand, using a personal gmail address. Which would be odd contact details for a California company's domain. Possible of course, but unlikely.

See: $ whois -h whois.dynadot.com netflame.cc | grep Registrant

Hmm. Perhaps not what I thought. Looks hacked and shady, but perhaps this isn't it.

Yeah, looks like a compromised ad/stats provider. That would also explain the intermittent nature of the bad download. I'd hope that the article gets updated with the facts...other companies might be vulnerable to this as well.