What means "unknown html" flagged for this site?

Polonus did an investigation, here are my results for those interested in them.
Anyone to comment?
See: http://urlquery.net/report.php?id=145900
AS has IDS alerts but not for that specific IP and/or domain…
Site has plesk update issue: Plesk version 9 outdated: Upgrade required.
Running Plesk 9: wXw.wordtwist.org:8443
which could lead to malware: http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html link article author daniel cid
validate.js is vulnerable to hangs on long lines
Third party cookies
1 DoubleClick Ad htxp://ad.doubleclick.net/a… id 22f486a05e010058||t=13… .doubleclick.net 25-08-2014
2 Quantcast Ad htxp://pixel.quantserve.com… mc 5038fb35-8fd5c-1aca4-0… .quantserve.com 24-02-2014
See: http://www.mywot.com/en/scorecard/pixel.quantserve.com.?utm_source=addon&utm_content=warn-viewsc
3 Flashtalking Ad htxp://cdn.flashtalking.com… flashtalkingad1 “GUID=1698C06DA94422” flashtalking.com 25-08-2014
http://www.mywot.com/en/scorecard/cdn.flashtalking dot com?utm_source=addon&utm_content=warn-viewsc
4 Tribal Fusion Ad htxp://a.tribalfusion.com/j… ANON_ID amnyv7y4Zaw4nA9MAJTnhk… .tribalfusion.com 23-11-2012
http://www.mywot.com/en/scorecard/a.tribalfusion dot com?utm_source=addon&utm_content=warn-viewsc
5 Burst Media Ad hxtp://www.burstnet.com/cgi… 56Q8 CT .www.burstnet.com 22-09-2012
6 Burst Media Ad htxp://www.burstnet.com/cgi… /ad572.11567 ,CFC,GFC www.burstnet.com
7 Burst Media Ad htxp://www.burstnet.com/cgi… /BC3 .K4m. www.burstnet.com
8 Burst Media Ad htxp://www.burstnet.com/cgi… /SO :201: www.burstnet.com
9 Burst Media Ad hxtp://www.burstnet.com/cgi… /PC 0 www.burstnet.com 01-09-2012
10 Burst Media Ad htxp://www.burstnet.com/cgi… /SC 0-2vc.1 www.burstnet.com
http://www.mywot.com/en/scorecard/burstnet dot com?utm_source=addon&utm_content=warn-viewsc
11 Lijit Ad htxp://beacon.lijit.com/bea… ljt_reader 69759bc0c5bacb172f8dba… .lijit.com 25-08-2013 Empty response error
See: http://www.chrisbrogan.com/lijit-throws-ads-onto-my-site/ blog article author Chris Brogan
12 Commission Junction Ad htxp://rd.apmebf.com/w/get… S kjma4a-4610-1345911614… .apmebf.com 25-08-2014
13 Commission Junction Ad htxp://rd.apmebf.com/w/get… TT v1|HzAta2ptYTRhLTQ2MTA… .apmebf.com 25-08-2014
See: http://www.mywot.com/en/scorecard/rd.apmebf.com?utm_source=addon&utm_content=warn-viewsc
14 ValueClick Mediaplex Ad htxp://cdn.fastclick.net/fa… pluto 996751959667|v1 .fastclick.net 25-08-2014
15 Casale Media Ad htxp://as.casalemedia.com/j… CMID d7cKLEPS1J8AAEGvYxwAAABb casalemedia.com 25-08-2013
16 Casale Media Ad htxp://as.casalemedia.com/j… CMPS 147 casalemedia.com 23-11-2012
17 Casale Media Ad htxp://as.casalemedia.com/j… CMPP 026 casalemedia.com 23-11-2012
18 Casale Media Ad htxp://as.casalemedia.com/j… CMRUM2 c95066c1ff0&2e503a4cbf0 casalemedia.com 25-08-2013
19 Casale Media Ad htxp://as.casalemedia.com/j… CMST UDj7P1A4+z8B casalemedia.com 26-08-2012
20 Casale Media Ad htxp://as.casalemedia.com/j… CMSC UDj7Pw** casalemedia.com
21 Casale Media Ad htxp://as.casalemedia.com/j… CMDD AAFTawE* casalemedia.com 26-08-2012
See: http://www.mywot.com/en/scorecard/as.casalemedia dot com?utm_source=addon&utm_content=warn-viewsc
22 Turn Ad htxp://cdn.turn.com/server/… uid 7040547690641104630 .turn.com 21-02-2013
23 Turn Ad htxp://cdn.turn.com/server/… fc sLJfQD9JjDaLrj1IDnW2Y6… .turn.com 21-02-2013
24 Turn Ad htxp://cdn.turn.com/server/… rrs 1%7C2%7C3%7C4%7C5%7C6%… .turn.com 21-02-2013
25 Turn Ad htxp://cdn.turn.com/server/… rds 15578%7C15578%7C15578%… .turn.com 21-02-2013
26 Turn Ad htxp://cdn.turn.com/server/… rv 1 .turn.com 21-02-2013
Very poor seb rep: http://www.mywot.com/en/scorecard/turn.com?utm_source=addon&utm_content=warn-viewsc
27 TargusInfo Tracker htxp://adadvisor.net/adscor… ab 0001%3ATeN7H043oXv4%2B… .adadvisor.net 25-08-2013 blocked in browser
28 AddThis Analytics htxp://cf.addthis.com/red/p… uid 5038fa30df6277bd .addthis.com 25-08-2014
29 AddThis Analytics htxp://cf.addthis.com/red/p… __atuvc 1%7C34 .addthis.com 25-08-2014
30 AddThis Analytics htxp://cf.addthis.com/red/p… uit 1 .addthis.com 26-08-2012
31 AddThis Analytics htxp://cf.addthis.com/red/p… psc 1 .addthis.com 25-08-2014
32 AddThis Analytics htxp://cf.addthis.com/red/p… di 1345911617.429|1345911… .addthis.com 25-08-2014
33 AddThis Analytics htxp://cf.addthis.com/red/p… dt X .addthis.com 24-09-2012
14 Third-party Requests
1 Google Adsense Ad htxp://partner.googleadservices.com/gampad/google_service.js
2 Google Adsense Ad htxp://partner.googleadservices.com/gampad/google_ads.js
3 Google Adsense Ad htxp://partner.googleadservices.com/gampad/cookie.js?call…
4 Facebook Connect Widget htxp://connect.facebook.net/en_US/all.js#xfbml=1&appId=14…
5 Google Adsense Ad htxp://pagead2.googlesyndication.com/pagead/show_ads.js
6 Google Adsense Ad htxp://pagead2.googlesyndication.com/pagead/js/r20120815/…
7 Google Adsense Ad htxp://pagead2.googlesyndication.com/simgad/1897984205338…
8 Google Adsense Ad hxtp://pagead2.googlesyndication.com/pagead/js/r20120815/…
9 - ? htxp://www.gstatic.com/bg/9G5QWDf6XHXml0mpoKzges1nJBMKoIR…
10 Google Analytics Analytics htxp://www.google-analytics.com/urchin.js
11 Google Analytics Analytics htxp://www.google-analytics.com/__utm.gif?utmwv=1.4&utmn=…
12 Tribal Fusion Ad htxp://tags.expo9.exponential.com/tags/Boggledorg/ROS/tag…
see: http://www.mywot.com/en/scorecard/tags.expo9.exponential.com?utm_source=addon&utm_content=warn-viewsc
13 - ? htxp://www.boggled.org/ad-lijit-300.php
14 - ? htxp://www.boggled.org/ad-valueclick-box.php blocked by Fanboy’s Adblock list (Iron-Chrome)

So unknown_html on this site means tracking malware, and spamming hinding behind launching ads…

polonus

This next one has other issues.
Might be safe for surfing but websecurity on the ssite-server is questionable: http://com.saferpage.de/restaurant, e.g.:
Server full versionnumber transmitted to the world, “X-Powered-By” HTTP Header transmitted to the world, Flash-content (possibility of LSO cookies)

There is phishing going on via via static.ak.fbcdn dot net
Also there is ads.rubiconproject dot com/ad/9464.js code that is caught with Calamaris hammerbot: see: http://76.166.193.58/logs/20120512.html
content analysis code from rdc.rdcimage dot com/themes/base/scripts/mtagconfig-2.1.min.js
Cross site scripting vuberability for scripts/mtagconfig-2.1.js, see: http://xss.cx/2012/08/07/ghdb/reflected-xss-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report-www2buyofficemicrosoftcom.html (source pentesting learning)
Vulnerable script: (script) rdc.rdcimage dot com/themes/base/scripts/microsoftmvcajax.min.js
status: (referer=www.restaurant.com/listing?zip=55434&pagesize=10&sorting=Relevance&searchradius=15&page=6)saved 4641 bytes 715eb3fe1dad0037da29dde9a9fed509cdeb4236
info: [decodingLevel=0] found JavaScript
error: undefined variable Type
error: undefined function Type.registerNamespace
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes (powershell script has to be secured)
Also the openx adware used has risks: htxp://ox-d.restaurant.com/
see: htxp://ox-d.restaurant.com/w/1.0/afr?auid=246474&cb=INSERT_RANDOM_NUMBER_HERE
& htxp://ox-d.restaurant.com/w/1.0/afr?auid=246475&cb=INSERT_RANDOM_NUMBER_HERE
read: http://news.softpedia.com/news/Compromised-OpenX-Ad-Servers-Lead-Users-to-Malware-261713.shtml (article author = Eduard Kovacs)
Cookiechecker results here: http://www.cookiechecker.nl/check-cookies.php?url=http%3A%2F%2Fwww.restaurant.com

polonus

Now we take “unknown_html_google_malware”. So unknown malware being flagged by Google Safebrowsing!
This one is found out immedeately as a malware site: http://urlquery.net/report.php?id=145169
IDS alert: Detected BlackHole exploit kit HTTP GET request, just that.
Is it being detected, let us see. Naturally, googlesafebrowsing keeps us away with an alert:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fsornyaki11.ru%2Fforum.php%3Ftp%3Dbc3cb1f048a4deb8&client=googlechrome&hl=nl
Listed also here: http://xml-post.ssdsandbox.net/dnslookup-dnsdb/95.163.66.180
But there is no threat anymore because the malware has been dead, no response, since 2012-08-25 01:07:07

polonus

Now let us look at this one. None of the normal website scanners flags this “unknown html” issue url: http://urlquery.net/report.php?id=146619
or http://zulu.zscaler.com/submission/show/2b1610399afdea7a45d605ccfde7843b-1345990388 (given as completely benign 2/100)
Nothing alerted here: http://sitecheck.sucuri.net/results/www.thingfling.com/default.aspx
In the code we see this: nfo: [decodingLevel=1] found JavaScript
error: line:6: TypeError: unknown XML entity pid=1232&t=5c2ce200385490170df183f1a68908c0"/> <!–[if (IE)]> /#pgWwrapper #pgWh1 #pgWcontent{width:100%:
error: line:6: 385490170df183f1a68908c0"/> <!–[if (IE)]> /
#pgWwrapper #pgWh1 #pgWcontent{width:100%;}*/ #pgWwrapper #pgWh1 div#pgWsearch
error: line:6: ^
suspicious
The third party requests:

Name Targetl URL

1 Google Adsense Ad htxp://pagead2.googlesyndication.com/pagead/show_ads.js
2 Google Adsense Ad htxp://pagead2.googlesyndication.com/pagead/js/r20120815/…
3 Google Adsense Ad htxp://pagead2.googlesyndication.com/pagead/osd.js
4 Google Adsense Ad htxp://pagead2.googlesyndication.com/pagead/js/graphics.js
5 Google Adsense Ad htxp://pagead2.googlesyndication.com/simgad/1246752254761…
6 Google Adsense Ad htxp://pagead2.googlesyndication.com/pagead/js/r20120815/…
7 Google Adsense Ad htxp://pagead2.googlesyndication.com/simgad/1770750884267…
8 - ? htxp://ah.pricegrabber.com/mlink.php?mid=3098&pid=1232&t=…
9 - ? htxp://ah.pricegrabber.com/js/mlinks/VerticalSingle_v1.js…
10 Google Analytics Analytics htxp://www.google-analytics.com/ga.js
11 Google Analytics Analytics htxp://www.google-analytics.com/__utm.gif?utmwv=5.3.5&utm…
12 Yahoo Analytics Analytics htxp://us.js2.yimg.com/us.js.yimg.com/lib/common/utils/2/…
13 - ? htxp://yui.yahooapis.com/2.2.2/build/yahoo/yahoo-min.js
14 - ? htxp://yui.yahooapis.com/2.2.2/build/event/event-min.js
pre-made libraries & routines) Fx add-on local load could speed this up remarkably
15 Yahoo Analytics Analytics htxp://us.js2.yimg.com/us.js.yimg.com/lib/clientapps/ydp/… Bannerware
16 Facebook Social Plugins Widget htxp://www.facebook.com/plugins/likebox.php?id=1331955393…
17 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yu/r/U9v3yTRp1tD.js PHISHING
18 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yR/r/M4aq1ARGhqg.js
19 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/ya/r/S6inDSJN5-P.js
20 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/y6/r/aRLxLj85pKd.js
21 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yz/r/jdK_XCtQC5N.js
22 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yl/r/DExUxsE3mAb.js
23 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yu/r/Nnr-ClhwknZ.js
24 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yn/r/qdLZMQ3_YOj.js
25 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/y5/r/hIBLG2xuv5r.js
26 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yc/r/CFGZ7MX8jji.js
27 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/yF/r/Pgp-k-6uuyj.js
28 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/y0/r/lhckqK-ynOk.js
29 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/y4/r/QtVd59RZ42j.js
30 - ? hxtp://static.ak.fbcdn.net/rsrc.php/v2/ym/r/F8khiWi3ppV.js
Webutation statistic are excellent: http://www.webutation.net/go/review/pricegrabber.com?req=chrome

polonus

Unlnown html malware at VW for see: http://zulu.zscaler.com/submission/show/74860fa1bb66a18dc08241f8b58e7c09-1346171526

Third party requests:

Name Targetl URL

1 - ? htxp://www.gstatic.com/caja/4969/caja.js
2 - ? htxp://www.gstatic.com/sites/p/7c5487/system/js/jot_caja.js
3 - ? htxp://www.gstatic.com/sites/p/7c5487/system/js/jot_min_a…
4 - ? htxp://jujo00obo2o234ungd3t8qjfcjrs3o6k-a-sites-opensocia…
can be added to the NoScripts exclusion box as ^htxp://jujo00obo2o234ungd3t8qjfcjrs3o6k-a-sites-opensocial.googleusercontent.com/gadgets/ifr?url=
5 - ? htxp://www-sites-opensocial.googleusercontent.com/gadgets… WOT rep all green
6 - ? htxp://s5.scribdassets.com/aggregated/javascript/base.js?..
7 - ? htxp://s7.scribdassets.com/aggregated/javascript/touch.js…
8 Twitter Button Widget htxp://platform.twitter.com/widgets.js
9 - ? http://fonts1.scribdassets.com/static/4gen.js?1345243168
10 Google Analytics Analytics htxp://www.google-analytics.com/ga.js
11 Google Analytics Analytics htxp://www.google-analytics.com/__utm.gif?utmwv=5.3.5&utm…
12 Google Analytics Analytics htxp://www.google-analytics.com/u/post_iframe.html#http%3…
13 Google Analytics Analytics htxp://www.google-analytics.com/p/__utm.gif
14 Facebook Connect Widget hxtp://connect.facebook.net/en_US/all.js
15 Twitter Button Widget htxp://platform.twitter.com/widgets/tweet_button.13461433…
16 - ? htxp://cdn.api.twitter.com/1/urls/count.json?url=http%3A%…
Warnin ThreatExpert…http://www.threatexpert.com/report.aspx?md5=e13d2c7bf34ec9e3c400e5360511f873
17 - ? htxp://csi.gstatic.com/csi?v=3&s=opensocial-gadgets&actio…
18 - ? hxtp://www.facebook.com/dialog/oauth?api_key=136494494209…
19 - ? http://jujo00obo2o234ungd3t8qjfcjrs3o6k-a-sites-opensocia
20 Facexook Connect Widget htxp://static.ak.facebook.com/connect/xd_arbiter.php?vers…
21 Facebook Social Plugins Widget htxp://www.facebook.com/plugins/like.php?api_key=13649449…
22 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/y2/r/ySKux_rocXC.js PHISH?
23 Google Analytics Analytics htxp://www.google-analytics.com/__utm.gif?utmwv=5.3.5&utm…
24 Google Analytics Analytics htxp://www.google-analytics.com/p/__utm.gif
25 Twitter Button Widget htxp://platform.twitter.com/widgets/tweet_button.13461433…
26 - ? htxp://cdn.api.twitter.com/1/urls/count.json?url=http%3A%…
27 - ? htxp://csi.gstatic.com/csi?v=3&s=opensocial-gadgets&actio…
28 - ? htxp://www.facebook.com/dialog/oauth?api_key=136494494209…
29 Facebook Connect Widget htxp://static.ak.facebook.com/connect/xd_arbiter.php?vers…
30 Facebook Social Plugins Widget htxp://www.facebook.com/plugins/like.php?api_key=13649449…
31 - ? htxp://csi.gstatic.com/csi?v=3&s=jotspot&action=load,anno…
32 - ? htxp://static.ak.fbcdn.net/rsrc.php/v2/y1/r/yd6n4z1LX38.js
33 Google Analytics Analytics htxp://www.google-analytics.com/__utm.gif?utmwv=5.3.5&utm…
34 - ? htxp://translate.googleapis.com/translate_static/js/eleme…
35 - ? htxp://translate.googleapis.com/translate_static/js/eleme…

So not really aware why it was being flagged - tracking?

polonus