Site Blocked - URL:Phishing

Webshield blocked a forum which I was not even visiting or known to me. Very strange that the details indicate a .jpeg. See attachment.
Any ideas?
I have already reported to Avast as FP.

The fact that you weren’t visiting, is of more concern than had you intentionally visited it.

Either the site you were visiting had a bad 3rd party link, causing avast to alert, but I would have expected to have shown the primary link you were visiting.
Or
This could be a firefox bad extension reaching out, but given your image this seems unlikely.

Why would that forum sub domain be trying to access/upload a jpeg file, is beyond me.

I would say that Avast was probably correct to alert to what I would consider suspicious at the very least.

@DavidR Thanks for your reply. I am indeed proceeding carefully until I get a reply to my FP.
I was using FF with UBO and AOS extensions, visiting forum.zorin.com (i.e. a Linux users forum), not the forum flagged by the Avast Threat Alert. My most recent visits to that forum have not resulted in a Webshield alert.

A check on your forum is considered a Low Security Risk - https://sitecheck.sucuri.net/results/forum.zorin.com - There however some ‘Hardening Improvements’ one of which mentions clickjacking, I wonder ???

Some security hints on this check - https://webhint.io/scanner/b4766c77-07f1-4913-b080-bd1e77edbc21 - though this isn’t unexpected, given the above.
However there are some there relating to java scripts, so I don’t know if they have any redirect/s in the .js file.

Where this redirect is a mystery (to me certainly), I’m just wondering if this is some sort of mirror of the forum.zorin.com.

Checks on forum.khadas.com come up with the same sort of things (layout, file name/types) mentioned for forum.zorin.com
https://sitecheck.sucuri.net/results/https/forum.khadas.com

Appears to be another unix server based forum. If these are hosted on the same server and IP address then it is possible all are being tarred by the same brush. But again if this were the case, I would have expected the alert to be on your forum.zorin.com.

I don’t know if your false positive report about this had a link back to this topic as it may be helpful, but we will have to see.

If you are still getting this alert, try running firefox without extensions and see you still get the alert.

I did try connecting directly to forum.khadas.com and unsurprisingly I got an alert (attached), given the location given in your image, this forum has an upload section, which could have all sorts in there. But the mystery is still why you got this alert when connecting to forum.zorin.com

Just received message from Avast team that they have cleared the FP from their database.

Thanks for the feedback.