We uglify the JavaScript, but do not use any other form of code manipulation. There is some base64 logic in the JavaScript which is the only thing I can think of that would cause this to be flagged.
If anything I think it could be a general IP block as malware is being spread via domains on that IP and I see IDS alerts for “ET SHELLCODE Possible Call with No Offset TCP Shellcode”, a buffer overflow shellcode issue (this from an additonal IP via another domain widgets.getsitecontrol.com/ on that same IP server your domain shares).
So if anything I would suggest you ask avast team members for a domain exclusion.
I cannot do that because I am a volunteer website security analyzer and error-hunter with relevant knowledge,
but I am not an avast team member.
For the pure.js code you mention remember that
gzip-js is a pure JavaScript implementation of the GZIP file format.
It uses the DEFLATE algorithm for compressing data.*
Please note that since this is a pure JavaScript implementation, it should NOT be used on the server for production code. It also does not comply 100% with the standard, yet.
The main goal of this project is to bring GZIP compression to the browser.
Quote Info by T. Jameson Little
Be aware of leakage attacks via malicious shell scripts.
Code external link: htxp://ad.lkqd.net/serve/corp_site_vast.xml → htxp://googleads4.g.doubleclick.net/pagead/adview?ai= blurred out by me pol. Registered from within here: htxp://doam.com/50228?ckattempt=1
So let us wait for Milos’s reaction,
polonus
P.S. Consider the insecurities detected here: access violarion writing location non-mutable tree-return vuln. [/size]
& injecting content from one window into a target window…etc.
Hi, lkqd.net was unblocked yesterday 10AM CET. However, there is at least one IP that lkqd resolves to, 54.68.70.118, which right now is blocked and will remain blocked due to other malicious domains on that IP.