Where it was being detected in the first place:
https://viz.greynoise.io/ip/42.239.248.198
Where detection was partly being confirmed: https://maltiverse.com/search;query=42.239.248.198;page=1;sort=query_score
And at VirusTotal which had nothing of these flagged: https://www.virustotal.com/gui/ip-address/42.239.248.198/details
Here it was also missed: https://www.malwareurl.com/ip_listing.php?ASN=AS4837
polonus