Hi folks,

Whenever you see double extensions like here: htxp://sitecheck.sucuri.net/results/http://funzones.it/images/blockblue/jscripts/theme-js.js
you should consider that as suspicious per se. So avast does and detects this as JS:Redirector-NL [tr][td], see: htxp://vscan.urlvoid.com/analysis/1f499f8523816c972db030d0391ec715/dGhlbWUtanMtanM=/
see: hxtp://zulu.zscaler.com/submission/show/f52e74aa126e1af7aa816e10340381af-1331154722

polonus[/td][/tr]