Malicious defacement not flagged by Avast!

See: http://killmalware.com/yummy-klappertaart.com/#
Site has been hacked before.
Antivirus reports:

Qihoo-360JS.SCAN_UNESCAPE.2
DrWeb SCRIPT.Virus

See: http://toolbar.netcraft.com/site_report?url=http://yummy-klappertaart.com

Reverse DNS vulnerable to DROWn: https://test.drownattack.com/?site=http%3A%2F%2Fjust103.justhost.com%2F
Web server excessive header info proliferation

Checking: -http://www.yummy-klappertaart.com/
Engine version: 7.0.17.11230
Total virus-finding records: 6999803
File size: 25.17 KB
File MD5: 1aeb3e653ad2a0f97dbd6c747872e9c6

-http://www.yummy-klappertaart.com/ probably infected with SCRIPT.Virus
-http://www.yummy-klappertaart.com/ - archive JS-HTML

-http://www.yummy-klappertaart.com//JSTAG_1[2a][647e] probably infected with SCRIPT.Virus
-http://www.yummy-klappertaart.com//JSTag_2[52][6456] probably infected with SCRIPT.Virus

Sucuri flags this as known javascript malware.
Details: http://labs.sucuri.net/db/malware/malware-entry-mwanomalysp7?v53
Quttera gives this as potentially suspicious: index.html
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details: Procedure: unescape has been called with a string containing hidden URL (-c5.worldcrunch.com) to script code,
nameserver for -c5.worldcrunch.com vulnerable to DROWn: https://test.drownattack.com/?site=ns27.domaincontrol.com

polonus

Could be considered as an update as we have been here and reported this earlier: https://forum.avast.com/index.php?topic=170014.0

polonus