Questionable Hosting Report

by David Schwalenberg
July 30, 2014

This report presents information on possible questionable web content hosted on the network, and can assist in finding malicious web sites installed on the network.

For a given web server, active web application scanning is no guarantee that all hosted web sites will be found. There may be no links between two web sites hosted on the same web server. Similarly, scanning a network for all ports to look for web servers that may have been installed as part of a botnet is difficult to do in real time. Because of this, it's very common for malicious web servers to be set up on university, home user, and any type of large networks.

This report presents all web servers passively detected on the network, as well as questionable content that the web servers might be hosting and trend lines for detected web sites that contain keywords not expected for the local network.

The report is available in the SecurityCenter app feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category Monitoring, and then selecting tags web and hosting. The report requirements are:

  • SecurityCenter 4.8
  • Nessus 5.2.7
  • PVS 4.0.2

For the related SecurityCenter dashboard, see the Questionable Hosting dashboard.