"Threat Secured" keeps popping up with the URL: Blacklist notification

Hi, I have been getting the threat secured for a while now continuously. The blacklisted URL that is getting blocked is wpad.ib-wrb304n.setup.in. I have attached the popup screenshot and the Mbam scan log.

Here is the mbam log

Just wait for a final verdict form avast team, as this could be an FP,
as there is only one engine to flag at VT at the mo for -wpad.ib-wrb304n.setup.in:
https://www.virustotal.com/gui/url/c4d3d0daae2e256104372bc12f296fddf1b8ea7d50c7076e8b6be8a1a9da6f13/detection But it is also flagged at DrWeb’s as “non-recommended-site”.

More leaning towards this: https://www.virustotal.com/gui/ip-address/199.59.242.153/detection
also see: https://www.virustotal.com/gui/ip-address/199.59.242.153/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

@polonus, your VT scan is 6 months old, see attached screenshot

I have now refreshed it

What is strange for me is that the process responsible for the connection is svchost.exe. Whilst this in some cases is legit usage, but has also been used by malware in the past.

So yes I agree this needs further investigation.

@polonus Thanks for replying. The window keeps popping up and is really annoying. Should I speak to the avast support team regarding it. Where should i check the status of FP for this url.

@DavidR I agree this is somewhat strange and I havent seen this url giving an issue to anyone else from my search.

Other scans on this site/url:
This one considers it a Medium Security Risk - https://sitecheck.sucuri.net/results/setup.in
This on reports security hints - https://webhint.io/scanner/25bc1403-eb1e-46a3-a889-e23c8f2fdb4a

These in themselves don’t mean it is infected, but the failings mentioned could make it more likely to become infected/hacked.

Combine this with the unknown access from your system that you didn’t initiate, just makes me more suspicious. However I’m no expert in this area, it really needs a qualified malware removal specialist to investigate.

Hi! I am getting the same error with the same URL with svchost.exe as the process accesing it in my laptop and Desktop.
I had submitted my logs in this forum but am yet to recieve a reply.

Scanned for the IP DavidR has come up with, detection:
https://www.virustotal.com/gui/ip-address/199.59.242.153/detection

polonus