how did this happen?

OK so i work on malware analyses in my free time when I’m doing something but for the last few days i been making a F.U.D. R.A.T. (Fully UnDetectable Remote Access Trojan) good so far however i have not distributed the R.A.T. but for the last few days i been getting a notification from the rat saying that JOHN has connected Who’s john so i did a IP Geo-location search and traced it back to avast i still unaware how this happened. I’m using LIMERAT ]BTW it’s open sourced found on GitHub (https://github.com/NYAN-x-CAT/Lime-RAT).
Picture below

picture should now be posted

It is preferable to attach images to the topic.
And the post remains with your topic.

Some don’t like going off site to unknown urls.

ok fixed it should be attached

Whilst not an Avast Team member.

I would suggest that it may well be being scanned by one of the avast shields. Should that come across something new, not experienced by avast, so hash could well be being checked against avasts database.

Although not detected I just wonder if it could well be checked for analysis, though I don’t know this for certain.