If anything I think it could be a general IP block as malware is being spread via domains on that IP and I see IDS alerts for "ET SHELLCODE Possible Call with No Offset TCP Shellcode", a buffer overflow shellcode issue (this from an additonal IP via another domain widgets.getsitecontrol.com/ on that same IP server your domain shares).
So if anything I would suggest you ask avast team members for a domain exclusion.
I cannot do that because I am a volunteer website security analyzer and error-hunter with relevant knowledge,
but I am not an avast team member.
For the pure.js code you mention remember that
gzip-js is a pure JavaScript implementation of the GZIP file format.
It uses the DEFLATE algorithm for compressing data.*
Please note that since this is a pure JavaScript implementation, it should NOT be used on the server for production code. It also does not comply 100% with the standard, yet.
The main goal of this project is to bring GZIP compression to the browser.
Quote Info by T. Jameson Little
* Be aware of leakage attacks via malicious shell scripts.
Code external link: htxp://ad.lkqd.net/serve/corp_site_vast.xml -> htxp://googleads4.g.doubleclick.net/pagead/adview?ai= blurred out by me pol. Registered from within here: htxp://doam.com/50228?ckattempt=1
So let us wait for Milos's reaction,
polonus
P.S. Consider the insecurities detected here: access violarion writing location non-mutable tree-return vuln. [/size]
& injecting content from one window into a target window....etc.
And for the code you gave:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fad.lkqd.net%2Fserve%2Fpure.jsgoin' to htxp://wXw.pretoriabusinessforsale.co.za etc.
D
