when games are being updated, this pop-ups (ark, dota 2):
object
http:// gpla1.wpc.v1cdn.net/depot/373301/manifest/314515164465416/valid_until=1472600144&hash=13521adf42g2w35gaf3421gfrg235422

infection
url:mal

process:
d:\steam\steam.exe

this has never happened before, it has started 1-2 days ago.
avast scans daily and ran a scan with mbam and both says 0 threats.
also, i haven’t installed anything new lately and i only surf the web with sandboxie.

edit: numbers were randolmy copied, it was long and there is no way to copy it form avast.
seems like depot and manifest, are the same like in steamdb (as for terms):
https://steamdb.info/app/346110/depots/
https://steamdb.info/app/346110/history/

You can report a URL here: https://www.avast.com/report-a-url.php

that’s the point, is it a fp or not?

Only the guys at the viruslab can answer that.

https://www.virustotal.com/en/url/cc3521160f3f8cd1b80d0da0e20d7623367a28230f648043e50b425f0ecc15a1/analysis/1472029904/

ive seen that, but i doubt if there is a malware that specificaly wait for steam to update a game to connect steam.exe to this address.
it doesnt happen in any other times, and it only started 2 days ago.

and avast full scan + mbam full scan with rootkit scan resulted in 0 threats.

URL:Mal = IP and/or Domain is blocked.
It is not a file that is detected but a web-address that is why file scans don’t show anything.

i know that, you dont understand me.
MBAM full + threat scans with rootkit = 0
avast full scan = 0
i checked if there could be a malware that would cause steam to connect to that address when updating a game (which even sounds rediciulous).
so no threats, and steam.exe is a safe program, steam.exe triggers this address when updating games.

It is you who don’t understand.

MBAM and the avast scan don’t find anything as it is not scanning web-traffic/addresses.
The detection/alert is for the web-address.

no you still dont understand me.
i know that mbam and avast scan FILES and not web-traffic.
what i try to say is:
steam.exe won’t connect to a malicious address by itself, if it was something bad than it would only happen if a rootkit/virus tells it to (file in the pc).
and scans says 0 threats, so it has to be a native steam.exe call.

You are wrong.
steam connects, that is all.
It doesn’t know if a IP/Domain is harmful or not.

Something that is safe can be infected the next second.
So yes, steam can connect to a infected address.

its a game update to dota 2 and it happened with ark game updates.
there is nothing to be infected from.
if it was on my side then scans wouldnt say 0 threats.

That is what Eddie is saying. The IP address that Steam is connecting to has an infected site. Nothing you can do except avoid the site until and if it is cleaned. You are not infected as Avast has protected you.

there is no site.
its a bought game (ark) and steam simply updates it, and from what i know all the data sits in steam servers.

Steam has to connect to the server, which seems to have an infected server. Rare occurance, I know. Normally, Steam maintains it house well.