Netcraft produces a dataset which provides a worldwide analysis of hosting companies. Each of the sites found in our monthly Web Server Survey is attributed to a hosting location using reverse DNS and ip address delegation information. Data for these networks is aggregated into parent companies so that a league table of companies controlling the largest number of web sites is produced.

Data is produced for a number of different metrics, allowing analysis based on the number of hostnames, active sites and IP addresses used by the company.

Excerpts from the United States, February 2009

Hostnames
top_hostnames.PNG
Active Sites
top_activesites.PNG
IP addresses
top_ips.png
Posted by Jason Robins at 22 April 2009 in Netcraft Services | Print this Page

As of 1st January 2009, the Netcraft Toolbar community has blocked 1.9 million phishing attacks. To provide an incentive for the community to send us reports of phishing sites, reporters now receive the following goodies from Netcraft:

Netcraft Mug(after 100 validated phishing reports)
Netcraft Polo Shirt(after 400)
To be confirmed (approx value £40-50)(after 1,000)
Top of the range iPod(after 4,000)

To report phishing sites to us, use the form at http://toolbar.netcraft.com/report_url

Upon reaching 4,000 you become eligible for a monthly competition to incentivise large reporters.

To track the progress, we have a leaderboard displaying the people with the largest number of accepted reports so far this month, identified by their first names to preserve their anonymity.

The Netcraft Toolbar, which is available for both Internet Explorer and Firefox, serves as a giant neighborhood watch scheme for the Internet: members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.

Looking back at 2008, Netcraft has seen phishing attacks evolve, with fraudsters using progressively sneakier tactics:

  • October 2008 saw an attack against Yahoo! which was used to steal authentication cookies from its users. The cross-site scripting vulnerability on Yahoo!'s own website allowed the fraudster to steal the details simply as a result of a victim visiting the page.
  • The two-edged nature of how browsers present Extended Validation (EV) SSL certificates was highlighted after a cross-site scripting vulnerability was demonstrated on paypal.com. This flaw would have allowed hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.
  • Phishers branched out into telephone phishing. Victims were asked to phone a toll free number to reactivate their card.
  • Fraudsters found a cross-site scripting vulnerability on an Italian bank's website. This was used to orchestrate an attack against the bank, using its own HTTPS website URL.
  • Backdoored phishing kits have been deployed by criminal programmers wishing to reduce their workload by getting novice fraudsters to deploy the kits onto websites and send the phishing emails. Netcraft later reported a large range of different phishing kits being offered by the same group.
Posted by Paul Mutton at 6 January 2009 in Netcraft Services | Print this Page

Domain name registrars and hosting companies may often find that they are unwittingly providing facilities for phishing.

Having access to timely, professionally validated alerts when phishing sites are deployed using their infrastructure is operationally efficient and responsible for both registrars and hosting companies, and an important part of preserving their company's reputation.

Netcraft produces a continuously updated phishing feed that is very widely used. At least three separate third party studies have found it to be the most comprehensive feed available.

Phishing sites are submitted to the feed by the Netcraft Toolbar community. Reporters range from individuals submitting phishing mails that they have personally received, to specialist security researchers and several of the largest banks and financial payment systems. All submissions are carefully validated before being added to the feed.

Over the last six months Netcraft has blocked over 110,000 distinct phishing sites [Apr - Oct 2008].

Registrars, hosting providers and ISPs are able to provide a footprint of their IP addresses, name servers and WHOIS servers, such that when we validate a phishing report, they receive an alert if the phishing site is using any aspect of their infrastructure.

More information

Please contact us (sales@netcraft.com) for pricing or further details about any of our services.

Posted by David Sansome at 17 November 2008 in Netcraft Services | Print this Page

Netcraft has developed a dataset which shows the hosting locations of the million busiest websites, as determined by visits from users of the Netcraft Toolbar.

The dataset gives a guide to the market share of companies hosting the sites responsible for the great majority of web traffic, and is uninfluenced by parked domains, personal sites, shared hosting accounts or the majority of blogs.

Although the top 1000 sites are concentrated amongst the web superpowers, Google, Microsoft, Yahoo and EBay, the hosting locations of the top million sites are widely fragmented, with a little over 3.25% sufficient for top spot.

The dataset is presented in an Excel spreadsheet and provides a variety of different filters and selections. Using the dataset, a hosting company can identify its relative position and closest competitors in each of the top 10,000, 100,000 and million tiers of site traffic, and also by region, country, and operating system.

Excerpts from September 2008

hosters_top1M.png

Figure 1: Hosting company share within the top million sites

hosters_top1K.png

Figure 2: Hosting company share within the top thousand sites

Posted by Jason Robins at 12 November 2008 in Netcraft Services | Print this Page
Netcraft has developed a technique to identify movements of sites from one hosting provider to another on a monthly basis. Analysing this information in the aggregate presents a unique bird’s eye view of the hosting industry, identifying winners who are able to take sites from other hosting companies, and persuade people developing new sites to host those sites with them.
Posted by at 5 November 2008 in Netcraft Services | Print this Page
Netcraft's Phishing Site Takedown and Countermeasures service helps banks respond to phishing attacks promptly and effectively.
Posted by Paul Mutton at 9 September 2008 in Netcraft Services, Security | Print this Page
A new version of the Netcraft Toolbar is now available for the Firefox 3 web browser.

Related Netcraft Service: Netcraft Anti-Phishing Toolbar
Posted by Paul Mutton at 31 July 2008 in Netcraft Services | Print this Page
The Netcraft Secure Server Survey examines the use of encrypted transactions on the Web through extensive automated exploration of the Internet. It provides a monthly updated view on operating systems, web servers, and certificate authorities, including a per country analysis. An example pageset is available at http://news.netcraft.com/SSL-Survey/
Posted by mandy at 26 October 2007 in Netcraft Services | Print this Page
Netcraft has released a collection of 3 gadgets that can be added to your personalized Google homepage.

Related Netcraft Service: Netcraft Anti-Phishing Toolbar
Posted by Paul Mutton at 20 February 2007 in Netcraft Services | Print this Page
Netcraft is now using the Mirror Image content distribution network to accelerate the Netcraft Toolbar.
Posted by Rich Miller at 21 August 2005 in Netcraft Services | Print this Page