Update from: https://forum.avast.com/index.php?topic=166805.msg1187222#msg1187222

Blacklisted and suspicious: http://killmalware.com/theadservingclub.com/
Detected: https://www.virustotal.com/en/url/1495160d0202e41e1579d2d229c3a01c909277c65454f8dff065c80602100295/analysis/#additional-info
4 instances: Severity: Malicious
Reason: Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Malicious obfuscated JavaScript threat - view code attached
Bad web rep: Severity: Malicious
Reason: Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Malicious obfuscated JavaScript threat

IDS and Blacklist alertsd here: http://urlquery.net/report.php?id=1429647266035
See: http://doc.emergingthreats.net/bin/view/Main/2018053

ISSUE DETECTED DEFINITION INFECTED URL
Website Malware mwjs-iframe-injected691?v24 htxp://theadservingclub.com/script/wbo_performance_rnat_v2.2
Website Malware mwjs-iframe-injected691?v24 htxp://theadservingclub.com/script/wreport.js
Website Malware mwjs-iframe-injected691?v24 htxp://www.theadservingclub.com/script/xtcore.js
Website Malware mwjs-iframe-injected691?v24 htxp://theadservingclub.com
Website Malware mwjs-iframe-injected691?v24 htxp://theadservingclub.com/404javascript.js
Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v24
document.write(‘’);

External link to http://www.google.mk/safebrowsing/diagnostic?site=mebel-centro.ru/

polonus