False positive github server IP registered in Botnet:Blacklist

Hi,

I got this warning popup window:

https://i.ibb.co/0rnKrdy/avast-falsealarm.png

when conEmuPack (an enhanced terminal window) want to give me hint when a new version is available on github project page.
I checked the IP address given and found out it was github, so I’m very surprised it is shown as threat.

It would be fair to remove this IP from the list or just clear it as not a threat, it would be well known if github server(s) would have been infected, or it was the case once but it was never cleared from the list.

Regards.

IP is being flagged here: https://www.abuseipdb.com/check/185.199.110.153
That means that abuse occured from this IP - https://www.shodan.io/host/185.199.110.153

Also VT has it, and precising → Crowdsourced context
HIGH 1
MEDIUM 0
LOW 0
INFO 0
SUCCESS 0
Activity related to METASPLOIT - according to source Cluster25 - 6 months ago
This IPV4 is used as a CnC by METASPLOIT

Given the all green here: https://quttera.com/detailed_report/cdn-185-199-110-153.github.com
But be aware of three communicating files:
https://www.virustotal.com/gui/domain/cdn-185-199-110-153.github.com/relations - under the markmonitor umbrella

For the present situation, wait for a final verdict from avast team, as these are their definitions.

polonus (volunteer 3rd-party cold recon website security-analyst and website error-hunter)

@ InfiniteP
Images should be attached to the topic, many won’t visit unknown third party links.

  • Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
    Click the Preview button, that shows what you have input and expands it to include ‘Attachments and other options’. Click that it further expands, here you can attach images, etc. at the bottom of your post.
    See my attached image, click to expand.