From avast :
URL:Mal or URL:Mal2 detections both mean the URL (either a domain, subdomain, path, IP, or any combination of these) is on our blacklist.
If the domain is blacklisted, the Avast popup shows the URL entered in the browser (so if the user entered "images.leblogduhacker.fr/logov2.jpg" and "leblogduhacker.fr" was blocked, Avast would show "images.leblogduhacker.fr/logov2.jpg").
If the domain is not blacklisted, Avast lets your browser check the DNS for the IP, and then tests the IP. If the IP is blacklisted, Avast would show something like "104.28.20.53" when displaying the popup.
This was the old "Network Shield" - checking if the URLs are blacklisted.
Then we have the old "Web Shield", which actually checks the inside of the page (the source code). When Avast sees a suspicious code, it shows a popup with whatever was suspicious: this includes all JS: and HTML: detections.
A strange crossover is the HTML:Iframe-inf, HTML:Script-inf, etc - this means a blacklisted domain is being loaded into an otherwise clean domain.
The old network shield and old web shield were merged into Web Shield, as we know it from the current versions of Avast, as a means of simplification. Deep down there, though, it still works as previously, merging is mostly a GUI issue.
Problems on that ASN :
http://urlquery.net/report.php?id=1463135652206http://urlquery.net/report.php?id=1463135678685Insecure headers :
https://securityheaders.io/?q=www.farandulaecuatoriana.comMalicious content found by two scanners on 30-04-2016 :
https://www.virustotal.com/en/ip-address/104.28.26.168/information/
