Right, because there is Google - browser difference detected: Not identical
Google: 64362 bytes Firefox: 64281 bytes
Diff: 81 bytes
First difference:
ntserial=1423"> <span class="img"><img src="htxp://ah9szoaj9w.ecn.cdn.infralab.net/images/tvee-admin/content/s_20140227152455.jpg" alt="" /></span> <span class="txt"...
And avast blocks "Win32:Enistery [Susp]" there! ->
https://www.virustotal.com/nl/domain/0i3z252hh7.ecn.cdn.infralab.net/information/and also this adware should come blocked: /bannerClick.asp?bannerType=sky&bannerUrl=htxp%3A%2F%2Fwww%2Ebir%2Eco%2Ekr%2Fsite%2Fpages%2Fevent%5Fclist%2Ephp%3Fmode%3Dview%26code%3Devent%26start%3D0%26keyword%3D%26nid%3D1488
/shop.asp?menuName=18
Error and three warnings: -https://asafaweb.com/Scan?Url=www.aniplus-asia.com
e.g.: Result
It looks like a cookie is being set without the "HttpOnly" flag being set (name : value):
ASPSESSIONIDCCDCDBBS : NBKHEFKDHIIGDBNNHFPGPEGP
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack.
Avast for the moment seems the only one to flag HTML:Script-inf here:
https://virustotal.com/en/file/13b87c89252da4e1b2049b53d701221e8a638b53ab64dba342625085d7ace1af/analysis/1479049423/#additional-info (thanks to Pondus for pointing that one out - also AOS alerts inside the browser!).
polonus (volunteer website security analyst and website error-hunter)