See: -https://aw-snap.info/file-viewer/?tgt=https%3A%2F%2Fwww.telegraaf.nl%2F&ref_sel=GSP2&ua_sel=ff&fs=1

Suspicious URLs found in: htxps://www.telegraaf.nl/ (redirecting to htxp:// etc. )

1: hxxp://secure·adnxs·com/seg?add=
2: hxxp://secure·adnxs·com/px?id=

Note: The URL(s) listed above have been found in the page you are checking. While the URL(s) are not currently flagged as suspicious by Google they have returned malicious content, unwanted software, deceptive content, and/or caused problems recently and should be investigated. Do they belong in your page? Pop-up ads? Re: http://www.freefixer.com/b/remove-secure-adnxs-com-from-firefox-chrome-and-internet-explorer/

The scan found some potential problems in the code, the links below should pop you down to the line.

line 1927: ***
1927: < if​rame src=“htxps://vrouw.nl/telegraaf/widget” width=“470” height=“220” frameborder=“0” scrolling=“no” marginheight=“0” marginwidth=“0”> < / if​rame > < /div>

Note: The if​rame above look suspicious! What is being loaded from that src=URL

See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fvrouw.nl
error:

found JavaScript error: line:3: SyntaxError: missing } in XML expression: error: line:3: var data = {"nobo": {"01":"tmg","02":"Telegraaf Media Groep","11":"web","12":"vrouw.nl","21":"","22" error: line:3: ...............................................^

polonus

Site seems indeed infested, why does not avast alert it?
See: https://sitecheck.sucuri.net/results/www.telegraaf.nl → Known javascript malware. Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202?v02
Name server versions exposed etc.: http://www.dnsinspect.com/telegraaf.nl/1474799378
See: http://zulu.zscaler.com/submission/show/918dd2d574035410dae5f342ef7d93e6-1474799512 (benign?).

polonus

Seems there are more security hick-ups on links there (mixed content issues).
Re: http://toolbar.netcraft.com/site_report?url=telegraaf.nl

Detected libraries:
jquery - 1.11e0a4effa969b585c6a296a6545cf23.8.1 : -http://telegraaf.tcdn.nl/javascript/jquery-1.11e0a4effa969b585c6a296a6545cf23.8.1.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.8.2 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
swfobject - 2.1 : -http://telegraaf.tcdn.nl/javascript/all-scripts.13a7c9b0c8a725c949e7e45d1b821385.js
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

And https://www.eff.org/https-everywhere/atlas/domains/tiqcdn.com.html
No active threats from scanning engines, however see: https://www.threatminer.org/domain.php?q=tags.tiqcdn.com
avast detects as Win32:Downloader-CSF [Trj] and some report AdWare.ConvertAd

polonus