Why malicious defacement (hack) not flagged by avast!?

See missed here: https://www.virustotal.com/nl/url/bc0e09496923a9c8f08caadecec14c916e83a018513f29bb586364a57bc221f0/analysis/1413034533/
Also here: http://quttera.com/detailed_report/flying-secrets.com
Given as defaced since yesterday: http://killmalware.com/flying-secrets.com/#
Sucuri also rightly flags: ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 http://flying-secrets.com
Defacement MW:DEFACED:01 http://flying-secrets.com/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01

Hacked By PiNo-CrEw

7 XSS sinks on page code - malobject inserted → http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fflying-secrets.com&useragent=Fetch+useragent&accept_encoding=
Running cPanel 11.44.1.18: flying-secrets.com:2082

List of iframes included
htxp://facebook.com/plugins/follow.php?href=htxps%3A%2F%2Fwww.facebook.com%2FPiN0z&layout=standard&show_faces=true&colorscheme=light&font&width=450

Header Security only happy findings for Promiscuous CORS-support and X-Powered-By found.
All other insecure - 7 unhappy findings. (reason the site could be hacked).

polonus

This external link from that website code has been blocked by an extension for me: htxp://s10.flagcounter.com/count/YKNVyS/bg_FFFFFF/txt_000000/border_CCCCCC/columns_6/maxflags_30/viewers_0/labels_0/pageviews_0/flags_0/%22%20alt=%22Flag%20Counter%22%20border=%220%22%3E%3C/a%3E
External direction might be benign, but could not always be available: http://sitedownornotworking.com/s10.flagcounter.com/map/
You see it is up world-wide!

Why I get an invalid request response for this external link: htxp://sphotos-a.ak.fbcdn.net/hphotos-ak-frc3 ?
Just for Amsterdam and Germany → http://sitedownornotworking.com/sphotos-a.ak.fbcdn.net/map/
See attached screenshot.

Damian