Tumblr Triggering A Botnet Response

I went to a Tumblr link located here:

https://wh40kartwork.tumblr.com/post/190753944426/eldar-party-by-diego-gisbert-llorens

When I arrived at the page, without clicking anything, I received:

“Threat secured
We’ve safely aborted connection on tcp://192.0.77.40:443 because it was infected with Botnet:Blacklist”

Details were:

“Threat name: Botnet:Blacklist
URL: tcp://192.0.77.40:443
Process: C:\windows\system32\drivers\rivetnetworks\killer\killernetworkservice.exe
Detected by: Web Shield
Status: Connection aborted”

The IP address is registered to Tumblr’s parent company, Automattic, when I check it online (just a quick check, I didn’t delve too deep) and port 443 is for secure web traffic. I reported this as a potential false positive using Avast’s report form but no response so far.

Does anyone else have any information on this?

Sounds like there is a redirect from the link you clicked and one that Avast doesn’t like. Also it would appear that connection is trying to download something to your system.
Though this isn’t an area that I’m familiar with. - see https://en.wikipedia.org/wiki/Transmission_Control_Protocol

Attach a screenshot (in the post) of the Avast alert window with the Details option selected would have been helpful.
Though the limited details are helpful, does killernetworkservice mean anything to you ?
https://www.google.co.uk/search?q=killernetworkservice

Having reported it to Avast - You should get a response in a day or two.

I typed out everything that was in the details view of the alert. There was no other information.

Killer Network Service is an internet/wifi management program that assists with load distribution. It’s pretty common for gaming and comes bundled with Dell computers (and their subsidiaries).

Still waiting on an answer from Avast’s team but I’ll make sure to update when I get one.

Just heard back from the Avast team!

“The reported URL was checked by Avast virus specialists and based on the findings the detection was removed. The website is now marked as clean int he Avast virus database” for anyone curious!

Thanks for the confirmation.