~What i find suspicious is each time you reload the page, the request has different parameter value.~
Inspecting the index page, it showsCode:
<script type="text/javascript"><!--
document.write("<img src='//counter*yadro*ru/hit?t45.11;r"+
escape(document.referrer)+((typeof(screen)=="undefined")?"":
";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?
screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+
";"+Math.random()+
"' alt='' title='LiveInternet' "+
"border='0' width='1' height='1'>")
//--></script>
[1] https://answers.microsoft.com/en-us/protect/forum/all/what-is-counter-yadro/3b7a3384-6eba-4225-ac6f-54f58e837bdd
During the inspection, did you find anything suspicious in the code of the https://bitcoin-wallet.org ?
This code that you provided is just the counter code.