A check on your forum is considered a Low Security Risk -
https://sitecheck.sucuri.net/results/forum.zorin.com - There however some 'Hardening Improvements' one of which mentions clickjacking, I wonder
Some security hints on this check -
https://webhint.io/scanner/b4766c77-07f1-4913-b080-bd1e77edbc21 - though this isn't unexpected, given the above.
However there are some there relating to java scripts, so I don't know if they have any redirect/s in the .js file.
Where this redirect is a mystery (to me certainly), I'm just wondering if this is some sort of mirror of the forum.zorin.com.
Checks on forum.khadas.com come up with the same sort of things (layout, file name/types) mentioned for forum.zorin.com
https://sitecheck.sucuri.net/results/https/forum.khadas.comAppears to be another unix server based forum. If these are hosted on the same server and IP address then it is possible all are being tarred by the same brush. But again if this were the case, I would have expected the alert to be on your forum.zorin.com.
I don't know if your false positive report about this had a link back to this topic as it may be helpful, but we will have to see.
If you are still getting this alert, try running firefox without extensions and see you still get the alert.
I did try connecting directly to forum.khadas.com and unsurprisingly I got an alert (attached), given the location given in your image, this forum has an upload section, which could have all sorts in there. But the mystery is still why you got this alert when connecting to forum.zorin.com