www.5dd.com opens in Chinese

Viruses and worms
1

Whenever I enter a Microsoft Office 2010 365 product & hit “Manage Account” the website that opens is https://login.live.com/login… as well as www.5dd.com (Chinese). Is this a virus that Avast should find?

Thanks,
Lara

2

we can check …

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total

below the box you write in here, see Attachments and other options

3

Break that link to htxp://www.5dd.com like with wXw.5dd.com please as the site may have been compromised.
A drive-by-download threat has been found and WAF/2.0 could have been circumvented.
Read: http://blog.ptsecurity.com/2009/11/another-fine-method-to-exploit-sql.html

While third party scanning this website I receive three warnings:
https://asafaweb.com/Scan?Url=www.5dd.com
— 首页 denotes a linked-in site in Chinese: as the website is based in China.

Currency Fu Bao is a professional integrated electronic payment and settlement platform, is committed to providing security for the industry businesses, convenient payment solutions, and provide consumers with simple, happy comprehensive electronic payment services.
This is a China Telecom website -> http://whois.domaintools.com/5dd.com

I get a fail for one of the NameServer responding: http://www.dnsinspect.com/5dd.com/1438863756
mail server issues:
Reverse Entries for MX records.
Accepts Abuse Address
WARNING: Found mail servers which are not accepting emails to abuse@5dd.com address:
mxbiz1.qq.com.

MAIL FROM: dnsreport@dnsinspect.com
<< 250 Ok
RCPT TO: abuse@5dd.com
<< 550 Mailbox not found. -http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000728
mxbiz2.qq.com.
MAIL FROM: dnsreport@dnsinspect.com
<< 250 Ok
RCPT TO: abuse@5dd.com
<< 550 Mailbox not found. -http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000728

Nothing wrong with the various bank links from inside the code, like: http://toolbar.netcraft.com/site_report?url=http://bank.ecitic.com

There is however a osCommerce hack known for an exploitable -lib/jquery.min.js, minified JQuery possible as such code is not too often reviewed and therefore there may be security risks involved.

XSS DOM vuln.: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.5dd.com%2FScripts%2Fsetinfor.js+
going through htxp://www.statcounter.com/counter/counter.js with Dating Websites banner with a cross-site scripting vulnerability.
Site has the all green here: https://urlquery.net/report.php?id=1438864653872

polonus (volunteer website security analyst and website error-hunter)