Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

malicious domain?

Posted on 2013-10-24
4
Medium Priority
?
1,002 Views
Last Modified: 2013-11-29
Greetings,

Does anyone know what x.tagstat.com is and what its used for. We are getting reports from our internal security team that the site is possibly hosting malware on it but McAfee reports the site as minimal risk.

Thank you.
0
Comment
Question by:centem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Alexios
ID: 39596746
0
 

Author Comment

by:centem
ID: 39597179
what is that saying? It looks like it simply checks connectivity to the site and all is well. It shows "OK" per that links results. What are the results of?
0
 
LVL 13

Expert Comment

by:Alexios
ID: 39599699
It's not just connectivity, it checks if the specific domain is consider blacklisted
So it's not
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 2000 total points
ID: 39634300
The tagstat.com domain is registered to Tagged LLC a "social discovery website."  The FQDN x.tagstat.com resolves to IP addresses assigned to NTT America, Inc., which appear to be part of the Akamai Technologies, Inc. Internet content delivery network.

The nature of the content being hosted (whether malicious or not) would require an analysis of the actual content in question (e.g. packet capture, download locations, etc.)

If you can provide links to actual suspicious content, or a packet capture, I can provide more information.

You can get a good idea of the type of content this FQDN is hosting by performing this search: https://www.google.com/search?q=site%3Ax.tagstat.com#filter=0&q=site:x.tagstat.com

You'll see it's mostly flash, PDF's, and other document types.  You could scan each of these using Virus Total to quickly ascertain their known risk.  Here's an example scan.

Here's one source reporting blacklisting of x.tagstat.com, although that source doesn't provide any meaningful detail. http://www.urlvoid.com/scan/x.tagstat.com/

Whois
Domain Name: TAGSTAT.COM
Creation Date: 2007-08-14 17:05:49Z
Registrar Registration Expiration Date: 2014-08-14 17:05:00Z
Registrar: REGISTER.COM, INC.
Registrant Name: SITE OPERATIONS
Registrant Organization: TAGGED, LLC
Registrant Street: 840 BATTERY ST
Registrant Street: 2ND FLOOR
Registrant City: SAN FRANCISCO
Registrant State/Province: CA
Registrant Postal Code: 94111
Registrant Country: US
Admin Name: SITE OPERATIONS
Admin Organization: TAGGED, LLC
Admin Street: 840 BATTERY ST
Admin Street: 2ND FLOOR
Admin City: SAN FRANCISCO
Admin State/Province: CA
Admin Postal Code: 94111
Admin Country: US
Admin Phone: +1.4159461944
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: SITEOPS@TAGGED.COM
Tech Name: SITE OPERATIONS
Tech Organization: TAGGED, LLC
Tech Street: 840 BATTERY ST
Tech Street: 2ND FLOOR
Tech City: SAN FRANCISCO
Tech State/Province: CA
Tech Postal Code: 94111
Tech Country: US
Tech Phone: +1.4159461944
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: SITEOPS@TAGGED.COM
Name Server: NS1.TAGGED.COM
Name Server: NS2.TAGGED.COM
Name Server: USC4.AKAM.NET
Name Server: USE3.AKAM.NET
nslookup x.tagstat.com

Open in new window


Name:    a1841.mm1.akamai.net
Addresses:  128.241.220.97
          128.241.220.106
Aliases:  x.tagstat.com
          staticcdn.tagged.com.edgesuite.net

http://whois.arin.net/rest/net/NET-128-241-0-0-1/pft
http://www.us.ntt.net/
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question