I know that VT also does not flag defaced websites that are considered to be non-malicious per se. There still is a threat as we do not know where the hacked website may land. Another reason to alert such sites, for instance through Avast Online Security is to protect users from having to view content that can be very disturbing on various occasions (as part of a political statement made by defacer etc.).
Sucuri and Quttera in a lot of cases alert for such hacked and defaced websites as does the killmalware.com scanner.
Another category of detections that is often omitted from regular AV detection is (Blackhat)-SEO redirecting clickfraud. This could also lead directly to threats like landing sites with adware and pop-up adware and even more serious malcode.
I do not know why normal residential AV solutions are so reluctant to warn users against such abuse. It is a grey area that is becoming more and more of a threat now-a-days, and makes it harder for the user to know what clicks to trust. There is more like unwanted adware ID tracking that are missed as detection and also websites with insecure log-in procedures but that is quite another chapter.
the image is not displayed and formatting text remains the same way and part of its structure.
avast Online security give inaccurate results now reports that the site is secure,yesterday was still classified as unsafe.Antivirus as MSE and a few other well known is archaic in the traditional concept that just because the offer basic protection against viruses and spyware are already sufficient.Does not protect against malicious Websites.It is easier to have stolen personal data and more likely to fall in attacks like this of other scams.
That is why I say to you, my good forum friend, it is better for Avast’s AOS add-on for instance to flag all websites currently defaced as users may steer away from visiting such hacked sites and do not run any additional risks. This is what I see as a form of good pro-active protection. At least killmalware dot com scanner flags them and all SEO Spam redirections (well it is as with all other scanners it may miss one or two).
The flagging of insecure SSL sites where log-in goes unencrypted over the wires and IDS adtracking alas does not come often flagged by online scanners.
There are loads of websites with such insecurities, the Tracker SSL extension in Google Chrome for instance makes such problems visible and alerts for the percentage of insecure ad-id-tracking and NSA snooping vulnerabilities for instance.
Potential insecurities like outdated website software, and vulnerable jQuery libraries that may cripple the security of a website
and put a visitor at risk is not being reported anywhere. Check through a scan at http://retire.insecurity.today/# or one of the tools here with CMS apps like this here for instance for WP: https://hackertarget.com/wordpress-security-scan/