Need help with an avast blacklist message!

Hello…

Yesterday (8/20) I began receiving an alert on two different windows machines when I start the Chrome browser. It happens before I do anything in the browser. I have no idea what within the browser (extension, etc.) is doing this, and have been trying to narrow it down with no success as of yet. It does seem to go away if I disable all my extensions, so I started going through them and I thought I had it narrowed down to Ad Block Plus but it just popped again even with that extension disabled. So I’m in great need of help because I want to make sure I’m not getting hit with ransomware or something.

The site being flagged is kozzzy.xyz. Like I said, it’s happening on two different machines but I do very little browsing on one of them so I don’t think it’s due to a site I went to but I’m not ruling it out.

I’d be interested in any advice, including if there are any debugging or other tools available that would allow me to scrutinize activity at the extension level. I’m a network engineer so I know my way around a PC, but in this case Wireshark is not cutting it as all that’s telling me is that it’s trying to go to the site. I need to be able to dig into the browser further.

Thanks in advance!

Mike

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

https://www.virustotal.com/gui/url/a0de549ff5df0a638bc55465bd286b7614e77a42ad038f54316da63fbd77ecf3/detection

The first step was to check our "all time" list: .[b]xyz places in the Top Ten[/b], with 97.07% of its sites in our database having shady ratings: Suspicious, Spam, Scam, etc.

https://www.symantec.com/connect/blogs/exploring-xyz-another-shady-tld-report