Solved

malicious domain?

Posted on 2013-10-24
4
836 Views
Last Modified: 2013-11-29
Greetings,

Does anyone know what x.tagstat.com is and what its used for. We are getting reports from our internal security team that the site is possibly hosting malware on it but McAfee reports the site as minimal risk.

Thank you.
0
Comment
Question by:centem
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Alexios
ID: 39596746
0
 

Author Comment

by:centem
ID: 39597179
what is that saying? It looks like it simply checks connectivity to the site and all is well. It shows "OK" per that links results. What are the results of?
0
 
LVL 13

Expert Comment

by:Alexios
ID: 39599699
It's not just connectivity, it checks if the specific domain is consider blacklisted
So it's not
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39634300
The tagstat.com domain is registered to Tagged LLC a "social discovery website."  The FQDN x.tagstat.com resolves to IP addresses assigned to NTT America, Inc., which appear to be part of the Akamai Technologies, Inc. Internet content delivery network.

The nature of the content being hosted (whether malicious or not) would require an analysis of the actual content in question (e.g. packet capture, download locations, etc.)

If you can provide links to actual suspicious content, or a packet capture, I can provide more information.

You can get a good idea of the type of content this FQDN is hosting by performing this search: https://www.google.com/search?q=site%3Ax.tagstat.com#filter=0&q=site:x.tagstat.com

You'll see it's mostly flash, PDF's, and other document types.  You could scan each of these using Virus Total to quickly ascertain their known risk.  Here's an example scan.

Here's one source reporting blacklisting of x.tagstat.com, although that source doesn't provide any meaningful detail. http://www.urlvoid.com/scan/x.tagstat.com/

Whois
Domain Name: TAGSTAT.COM
Creation Date: 2007-08-14 17:05:49Z
Registrar Registration Expiration Date: 2014-08-14 17:05:00Z
Registrar: REGISTER.COM, INC.
Registrant Name: SITE OPERATIONS
Registrant Organization: TAGGED, LLC
Registrant Street: 840 BATTERY ST
Registrant Street: 2ND FLOOR
Registrant City: SAN FRANCISCO
Registrant State/Province: CA
Registrant Postal Code: 94111
Registrant Country: US
Admin Name: SITE OPERATIONS
Admin Organization: TAGGED, LLC
Admin Street: 840 BATTERY ST
Admin Street: 2ND FLOOR
Admin City: SAN FRANCISCO
Admin State/Province: CA
Admin Postal Code: 94111
Admin Country: US
Admin Phone: +1.4159461944
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: SITEOPS@TAGGED.COM
Tech Name: SITE OPERATIONS
Tech Organization: TAGGED, LLC
Tech Street: 840 BATTERY ST
Tech Street: 2ND FLOOR
Tech City: SAN FRANCISCO
Tech State/Province: CA
Tech Postal Code: 94111
Tech Country: US
Tech Phone: +1.4159461944
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: SITEOPS@TAGGED.COM
Name Server: NS1.TAGGED.COM
Name Server: NS2.TAGGED.COM
Name Server: USC4.AKAM.NET
Name Server: USE3.AKAM.NET
nslookup x.tagstat.com

Open in new window


Name:    a1841.mm1.akamai.net
Addresses:  128.241.220.97
          128.241.220.106
Aliases:  x.tagstat.com
          staticcdn.tagged.com.edgesuite.net

http://whois.arin.net/rest/net/NET-128-241-0-0-1/pft
http://www.us.ntt.net/
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question