See: http://evuln.com/tools/malware-scanner/nalisaprints.com/
See: http://sitecheck.sucuri.net/results/www.nalisaprints.com
See: https://www.virustotal.com/en/url/1cf40c436b4be85f4f0cf845b512bd9511ef775481a113fa30cd99e15089cec3/analysis/
Risk: http://sameid.net/ip/216.239.139.105/
Given as currently safe: http://www.avgthreatlabs.com/website-safety-reports/domain/nalisaprints.com/
External link check: http://wXw.holylandgateway.com → ‘holylandgateway’ → issue: http://www.forum.en.joomgallery.net/index.php?topic=1243.0;wap2
might be history now… 11004 [11004] Valid name, no data record (check DNS setup)

pol

Some explanation of the evaluation of the code inspection on jsunpack link for instance:
→ http://jsunpack.jeek.org/?report=ccec62358d6b56fd9cad9111d38a441e5d379a5a.

Why do we see this here then?
-nfo: [decodingLevel=0] found JavaScript
error: undefined function window.addEvent *
error: undefined variable set
error: undefined variable set[1]
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var set[1] = 1;
error: line:1: …^

• This typical when viewed in a firefox browser as window.event doesn’t exist in there (IE).
  Chrome doesn’t have it natively either. * Info credits thanks to
  Joseph the Dreamer and Tim Down on StackOverflow.

Redirecting script standard setup tracking Google Analytics. Benign.

Here we see an error because an include was forgotten
undefined function Lightbox.init.bind
error: undefined variable Lightbox
error: undefined variable Lightbox.init
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var Lightbox.init = 1; *
error: line:1: …^

• setting click handlers. → http://jsunpack.jeek.org/?report=ccec62358d6b56fd9cad9111d38a441e5d379a5a

So we have to strictly discriminate between code errors and the insecure use of code.
Sometimes the two may go hand in hand, but not per se.

Here we see them all checked and given as fine: http://zulu.zscaler.com/submission/show/08f061f7ff7d21c2ba95395bb85a270a-1384294191
There are more ways to check, for instance with jsmeter. Or the yellowed out code on urlquery dot net scans.
And Sucuri detects a lot, but again not all.

Also when we have potential suspicious file flags from Quttera’s this then only means that some insecure script practice was/is being used.
It does not mean the code is being abused or is really malicious by nature.
But a clever attacker just like with excessive header info and outdated website software might abuse known exploits,
they may come to exploit these bad coding practices. So in the ideal world website coders should always develop with security in mind.
Alas we might have a lot of educating to do here on the forums, but we will keep trying to improve the present situation,
which leaves a lot to be wished for.

polonus