Solved

malicious domain?

Posted on 2013-10-24
4
879 Views
Last Modified: 2013-11-29
Greetings,

Does anyone know what x.tagstat.com is and what its used for. We are getting reports from our internal security team that the site is possibly hosting malware on it but McAfee reports the site as minimal risk.

Thank you.
0
Comment
Question by:centem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Alexios
ID: 39596746
0
 

Author Comment

by:centem
ID: 39597179
what is that saying? It looks like it simply checks connectivity to the site and all is well. It shows "OK" per that links results. What are the results of?
0
 
LVL 13

Expert Comment

by:Alexios
ID: 39599699
It's not just connectivity, it checks if the specific domain is consider blacklisted
So it's not
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39634300
The tagstat.com domain is registered to Tagged LLC a "social discovery website."  The FQDN x.tagstat.com resolves to IP addresses assigned to NTT America, Inc., which appear to be part of the Akamai Technologies, Inc. Internet content delivery network.

The nature of the content being hosted (whether malicious or not) would require an analysis of the actual content in question (e.g. packet capture, download locations, etc.)

If you can provide links to actual suspicious content, or a packet capture, I can provide more information.

You can get a good idea of the type of content this FQDN is hosting by performing this search: https://www.google.com/search?q=site%3Ax.tagstat.com#filter=0&q=site:x.tagstat.com

You'll see it's mostly flash, PDF's, and other document types.  You could scan each of these using Virus Total to quickly ascertain their known risk.  Here's an example scan.

Here's one source reporting blacklisting of x.tagstat.com, although that source doesn't provide any meaningful detail. http://www.urlvoid.com/scan/x.tagstat.com/

Whois
Domain Name: TAGSTAT.COM
Creation Date: 2007-08-14 17:05:49Z
Registrar Registration Expiration Date: 2014-08-14 17:05:00Z
Registrar: REGISTER.COM, INC.
Registrant Name: SITE OPERATIONS
Registrant Organization: TAGGED, LLC
Registrant Street: 840 BATTERY ST
Registrant Street: 2ND FLOOR
Registrant City: SAN FRANCISCO
Registrant State/Province: CA
Registrant Postal Code: 94111
Registrant Country: US
Admin Name: SITE OPERATIONS
Admin Organization: TAGGED, LLC
Admin Street: 840 BATTERY ST
Admin Street: 2ND FLOOR
Admin City: SAN FRANCISCO
Admin State/Province: CA
Admin Postal Code: 94111
Admin Country: US
Admin Phone: +1.4159461944
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: SITEOPS@TAGGED.COM
Tech Name: SITE OPERATIONS
Tech Organization: TAGGED, LLC
Tech Street: 840 BATTERY ST
Tech Street: 2ND FLOOR
Tech City: SAN FRANCISCO
Tech State/Province: CA
Tech Postal Code: 94111
Tech Country: US
Tech Phone: +1.4159461944
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: SITEOPS@TAGGED.COM
Name Server: NS1.TAGGED.COM
Name Server: NS2.TAGGED.COM
Name Server: USC4.AKAM.NET
Name Server: USE3.AKAM.NET
nslookup x.tagstat.com

Open in new window


Name:    a1841.mm1.akamai.net
Addresses:  128.241.220.97
          128.241.220.106
Aliases:  x.tagstat.com
          staticcdn.tagged.com.edgesuite.net

http://whois.arin.net/rest/net/NET-128-241-0-0-1/pft
http://www.us.ntt.net/
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question