0

While using a 3rd party platform my company is working with (e.g. platform.com) the following issue appeared. I clicked on a button in order to locally download an excel sheet (report) that was supposed to redirect me first to platform.com/reporting/excel.asp and then download the file to my PC.

Instead, it redirected me to the page 

https://piratebuhta.cc/admin/reporting/excel.asp

and no file was downloaded locally. I tried to find more about the page and I found out that has poor reputation associated with scammers. I tried this many times and the same thing appeared. None of my colleagues, who have access to that platform had the same activity. I clear my cache and the problem is now resolved. But I can't really understand what happened.

How and what may I search to find out what happened? Could it be a malicious cookie or script saved in my cache?

mootmoot
  • 2,387
  • 10
  • 16
fargo01
  • 45
  • 1
  • 6

1 Answers1

0

Seems like DNS cache poisoning to me. If your computer is running windows and it's not connected in an Active Directory, run in cmd "ipconfig /flushdns", without the "". If you are using Linux or MacOS, google the equivalent command and tell me in the comments if it helped, or we have to think of more options.

Chris Tsiakoulas
  • 1,757
  • 1
  • 9
  • 9
  • Hello, thank you! What if it is connected to Active Directory? – fargo01 Sep 05 '18 at 11:02
  • Also, if it is indeed DNS Cache Poisoning, should we contact with the platform and let them know? Or is my company's issue? – fargo01 Sep 05 '18 at 11:04
  • If the computer is in an active directory you should contact an administrator to make sure you won't have any issues and of course let them know in case they have to investigate for more Indicators of Compromise on the company network. – Chris Tsiakoulas Sep 05 '18 at 11:38