I was still running Electrum 4.2 (woops), which I downloaded in 2022. I think your explanation may be correct, that the domain used to be legitimate, was still included in Electrum 4.2's server list, and is now flagged as malicious by antivirus programs. I didn't connect to the URL, and my wallet is watch-only, so I don't think any harm was done. But if malware added the network to my server list, then I may still have something on my computer that I need to clean up.

To answer promise's questions: I downloaded Electrum 4.2.2 from electrum.org in June, 2022. I verified the keys to the best of my ability. I wasn't using Tor or the dark web at the time.

I'm pretty sure I did all that, but it's been so long I can't be 100% sure. It turns out I'm running an old version of Electrum, though, so I'll update and check again.

In my old version, when I went to Tools>Network, the electrumx dot info URL showed up under "Other known servers." After updating to the current version, however, it's no longer there. So either malware added the URL to my servers list, or it was at one time a legitimate network.

I've been running Electrum for a long time, but this is the first time I've had my antivirus block it for trying to connect to a "risky destination."

The URL it tried to connect to begins with electrumx and ends with dot info. According to my research, this URL is associated with malware.

Electrum has never given me trouble before, so I'm pretty sure I installed a legitimate copy. The malware probably originated elsewhere and infected my Electrum. Any idea what malware it is and what I should do about it?

(P.S. My wallet is watch-only, so there's no great risk at the moment.)