Solved

malicious domain?

Posted on 2013-10-24
4
792 Views
Last Modified: 2013-11-29
Greetings,

Does anyone know what x.tagstat.com is and what its used for. We are getting reports from our internal security team that the site is possibly hosting malware on it but McAfee reports the site as minimal risk.

Thank you.
0
Comment
Question by:centem
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Alexios
ID: 39596746
0
 

Author Comment

by:centem
ID: 39597179
what is that saying? It looks like it simply checks connectivity to the site and all is well. It shows "OK" per that links results. What are the results of?
0
 
LVL 13

Expert Comment

by:Alexios
ID: 39599699
It's not just connectivity, it checks if the specific domain is consider blacklisted
So it's not
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39634300
The tagstat.com domain is registered to Tagged LLC a "social discovery website."  The FQDN x.tagstat.com resolves to IP addresses assigned to NTT America, Inc., which appear to be part of the Akamai Technologies, Inc. Internet content delivery network.

The nature of the content being hosted (whether malicious or not) would require an analysis of the actual content in question (e.g. packet capture, download locations, etc.)

If you can provide links to actual suspicious content, or a packet capture, I can provide more information.

You can get a good idea of the type of content this FQDN is hosting by performing this search: https://www.google.com/search?q=site%3Ax.tagstat.com#filter=0&q=site:x.tagstat.com

You'll see it's mostly flash, PDF's, and other document types.  You could scan each of these using Virus Total to quickly ascertain their known risk.  Here's an example scan.

Here's one source reporting blacklisting of x.tagstat.com, although that source doesn't provide any meaningful detail. http://www.urlvoid.com/scan/x.tagstat.com/

Whois
Domain Name: TAGSTAT.COM
Creation Date: 2007-08-14 17:05:49Z
Registrar Registration Expiration Date: 2014-08-14 17:05:00Z
Registrar: REGISTER.COM, INC.
Registrant Name: SITE OPERATIONS
Registrant Organization: TAGGED, LLC
Registrant Street: 840 BATTERY ST
Registrant Street: 2ND FLOOR
Registrant City: SAN FRANCISCO
Registrant State/Province: CA
Registrant Postal Code: 94111
Registrant Country: US
Admin Name: SITE OPERATIONS
Admin Organization: TAGGED, LLC
Admin Street: 840 BATTERY ST
Admin Street: 2ND FLOOR
Admin City: SAN FRANCISCO
Admin State/Province: CA
Admin Postal Code: 94111
Admin Country: US
Admin Phone: +1.4159461944
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: SITEOPS@TAGGED.COM
Tech Name: SITE OPERATIONS
Tech Organization: TAGGED, LLC
Tech Street: 840 BATTERY ST
Tech Street: 2ND FLOOR
Tech City: SAN FRANCISCO
Tech State/Province: CA
Tech Postal Code: 94111
Tech Country: US
Tech Phone: +1.4159461944
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: SITEOPS@TAGGED.COM
Name Server: NS1.TAGGED.COM
Name Server: NS2.TAGGED.COM
Name Server: USC4.AKAM.NET
Name Server: USE3.AKAM.NET
nslookup x.tagstat.com

Open in new window


Name:    a1841.mm1.akamai.net
Addresses:  128.241.220.97
          128.241.220.106
Aliases:  x.tagstat.com
          staticcdn.tagged.com.edgesuite.net

http://whois.arin.net/rest/net/NET-128-241-0-0-1/pft
http://www.us.ntt.net/
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now