Constant "Threat Secured" URL: Blacklist notifications?

[moth_reed]

I got a Threat secured notice from Avast earlier this morning about "i.prcdn.co," which I gather was blacklisted. When I close the warning, I get another one within a few seconds, which means, I guess, that something on my computer is constantly trying to connect to the blacklisted item.

The specific URL given in the details is h

• ps://i.prcdn.co/img?regionkey=OqmhqQfSihquk0S0QWQBXg%3d%3d&scale=144&error=3, and the associated process listed is Chrome.

When I check the WebShield logs, I notice a few dozen intercepted attempts to connect to variations of that url with a few different regionkeys.

Any clue about how I can resolve this issue and keep Avast from giving me endless warnings? If something is constantly trying to connect to this thing, how do I stop it? I've done a quick Avast scan plus a MW Bytes scan that showed nothing and am doing a full Avast scan now. Have also deleted all Chrome extensions except AdBlock, cleared cache/cookies/etc., to no avail.

(FYI, the website that first triggered the blacklist notice, iirc, was a newspaper story I was viewing through PressReader, which hasn't given me any issues before that I know of.

[moth_reed]

By way of an update: complete system scan via Avast showed nothing. I'm at a bit of a loss here. Any ideas?

[polonus]

According to these scan results, there is one file associated with that IP address concerned,
resulting in such an alert. Site scan failed - apk Android malware & img??file flagged..
Re: https://www.virustotal.com/gui/url/aed63f3f642c3e8fcc2dae8f17d5b2704df7c86e7492afc872ed8c58a24cdbe6/details
and
https://www.virustotal.com/gui/ip-address/104.16.188.221/detection
-> https://www.shodan.io/host/104.16.188.221

ip: "104.16.188.221"
 city: "New York City"
 region: "New York"
 country: "US"
 loc: "40.7143,-74.0060"
 postal: "10004"
 timezone: "America/New_York"
 asn: Object
 asn: "AS13335"
 name: "Cloudflare, Inc."
 domain: "cloudflare.com"
 route: "104.16.176.0/20"
 type: "business"
 company: Object
 name: "Cloudflare, Inc."
 domain: "cloudflare.com"
 type: "business"
 privacy: Object
 vpn: false
 proxy: false
 tor: false
 hosting: false
 abuse: Object
 address: "US, CA, San Francisco, 101 Townsend Street, 94107"
 country: "US"
 email: "abuse@cloudflare.com"
 name: "Abuse"
 network: "104.16.0.0/12"
 phone: "+1-650-319-8930"
 domains: Object
 total: 0
 domains: Array

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)

[Owen52]

Hi there - was there any resolution to this problem? I had the same issue with the pop ups when trying to read a newspaper on PressReader. Puzzling.

[number1rogerprice]

I have had exactly the same problem with Pressreader in the last 72 hours. Any advice for simple users without expert coding knowledge would be welcome.

[Pondus]

Report it to avast lab and they will take a look  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438