I don't know how ModOrganizer works, but I had the same for spotify. I have modded my spotify, and by taking a look at the dev console I saw that one plugin tried to pull something from Github and failed because the connection got cut.
Also, whois says the range 140.82.112.0 - 140.82.127.255 is all spotify, which would make sense, because the address avast gave out is indeed in that range.
I don't know why that would be identified as even remotely botnet related, but does ModOrganizer pull things from Github too?