Support

It should be very clear that the problem is with your ANTIVIRUS (Avast).

A quick Google search shows that they know about this for well over three years: https://support.avg.com/answers?id=9060N0000005MtYQAU

Another quick Google search shows that Avast is stupid enough to throw false positives for jQuery and Bootstrap, some of the most used JavaScript on the Internet: https://forum.avast.com/index.php?topic=319846.0

A few results later and we find this https://wordpress.org/support/topic/we-have-blocked-the-threat-jsagent-eiy-plugins-cookie-notice-js-front-min-js-fr/

It is very clear that Avast is such a gigantic pile of poop that it erroneously reports any minified JavaScript file as "malware". Of course this is not the case. Everyone delivers their JavaScript minified for obvious reasons. It's just that Avast can't be arsed to fix their broken detection code work for the past three years 🤦🏽‍♂️

As for the "wrong" domain name, it would appear that they are simply truncating the domain name. I mean, a small poop on top of a big pile of poop doesn't make much of a difference.

Florian, please, buy a real antivirus. It's very clear that Avast is a massive failure. They have always been bad to the point of being worse than useless. Pay for something like ESET NOD32 to have some peace of mind. Or just use Windows Defender. After the Windows 10 late 2019 update the Windows Defender is actually a very good antivirus and firewall, right up there with the best of them, and costs nothing. It's not even the same product it was before that update; they rewrote it from scratch.

As you might be able to tell, I have a love/hate relationship with AVAST / AVG.

About a decade ago they had this brilliant (really, not) idea to have their blatant waste of CPU cycles “antivirus” product act as a transparent proxy for all traffic to the browser with the goal of supposedly blocking malicious JavaScript. Remember, this is the same company. Guess what they ended up doing? If you guessed “they broke all backend JavaScript in Joomla and WordPress sites in ways that made it impossible to even troubleshoot reliably” you win! Which JavaScript file did they end up blocking to break people's sites? If you guessed jQuery you win again!

As for the way to work around it... Yes, why, it was indeed to load the JavaScript using inline scripts which modified the DOM exactly like what an actually hacked site would do. 🤦🏽‍♂️

I swear, most low cost antivirus is more harmful than it is helpful. People don't get it and I understand why; they haven't seen the sausage being made, but I have (and for the record, I have also seen literal sausages being made at an industrial scale... let's just say enjoying a sausage now requires a certain amount of doublethink on my part).

Have a great day!

Yup. I totally agree. It's then up to us innocent parties to prove that we are not elephants. Sigh...