Some associated 3rd party marketing solution may have endured a data breach of sorts over time,
which data may have been abused, resulting in such kind of malware.
An unrelated example:
https://maltiverse.com/hostname/cs9.wac.phicdn.netAs some can be further classified as FP's, one should wait for a genuine verdicht from avast team,
as they decide what their detection database will consist of.
Cloudbases may complicate matters here. Ad-tracking- & script-blocking may protect the end-user.
polonus