New Version of Netcraft Toolbar Available

Some 5,600 phishing sites have been detected and blocked by people using the Netcraft Toolbar since the system started at the turn of the year and the community has been widely featured in the media from the Washington Post & Wall St. Journal through to Slashdot.

Thanks to everyone who has reported sites so far.

A new version of the toolbar is now available, with extensions including easy to see site risk ratings, faster browsing, and support for enterprise desktop rollouts.

Risk Ratings

In addition to blocking known phishing sites, the Netcraft Toolbar now displays a Risk Rating for all new sites it encounters. The Risk Rating - a user-friendly visual summary of the information displayed by the toolbar - evaluates new sites against characteristics of the phishing sites reported to date. Sites which are deemed safe will show a low Risk Rating, while riskier sites will show higher ratings based on a number of factors.
Toolbar Showing Risk Rating Information
The above example shows a web site used to recruit people to withdraw money from compromised bank accounts. Although the site contains plausible content, the Netcraft Toolbar assigns a high Risk Rating because it is hosted under a newly registered domain, the site has never been seen in the Netcraft Web Server Survey, and the Chinanet Hebei Province network has hosted other fraud sites in the past.

The ratings will evolve and adjust automatically as phishers change their behavior, and along with pre-emptive blocking of cross site scripting, are particularly helpful to people who receive a phishing mail early on, before it has been reported by someone else in the community and blocked.

Protecting Enterprise Networks

The new version of the toolbar can now be run by ordinary Windows users without administrator or power user privileges. This new feature makes it simpler for administrators to deploy the toolbar across enterprise networks, offering real-time protection against phishing threats through automatic updates of the blocklist and Risk Ratings.

The list of sites blocked by the community and validated by Netcraft is also available as a feed suitable for proxy servers mail servers. Please contact us for details.

Customized Branding and Navigation

Customized versions of the toolbar are available, providing banks, brokerages, credit card companies and ISPs a powerful tool to protect their customers and networks from Internet phishing scams while simultaneously building customer loyalty.

The toolbar can be branded with your logo and customized navigation links, served dynamically from the central server, giving clients the ability to update the toolbar to highlight new services, and other timely customer communication. Over and above the fraud fighting attributes of the toolbar, it is an extremely attractive branding and customer loyalty mechanism, as it keeps the clients' logo and services on screen throughout the time the customer spends using the Web.


The cost per user is very favorable when compared with traditional web advertising, while the branded toolbar maintains contact with the user throughout the time they spend using the Web. If you would like to have a version of the Netcraft Toolbar branded for your organization, please contact us for details.

Netcraft Toolbar Tutorial

The Netcraft Toolbar uses Netcraft's databases of web site information to show you all the attributes of each site you visit on the Web, including the site's hosting location, country, longevity and popularity. The Toolbar is compatible with Microsoft Internet Explorer, and a FireFox version is underway.

Installing the Netcraft Toolbar

Downloading and installing the Netcraft Toolbar is quick and simple:

  1. Follow this link to download the toolbar.
  2. When you see a prompt asking if you want to open the file or save it to your computer, press the "Open" button.
  3. The Netcraft Toolbar Setup Wizard will now appear. Follow the on-screen prompts to install the toolbar.
  4. Open Internet Explorer and click the right-hand mouse button over the toolbar area.
  5. In the menu that appears, ensure that there is a tick next to the 'Netcraft Toolbar' item. If there is not, click the left-hand mouse button over the item and the toolbar should appear.

    Toolbar menu

Using the Toolbar Effectively

The Netcraft Toolbar provides you with constantly updated information about the sites you visit as well as blocking dangerous sites

  • Once the toolbar is installed, Internet Explorer should look similar to this:

  • As you can see, the site used in this example is
  • When you visit a site, the following information will be displayed in the toolbar (unless the page has been blocked, like this one):

    • The "rank" (popularity amongst toolbar users) of the site, linking to the top site listings.
    • A link to the site report for the current site.
    • The flag (if available) and the two-letter ISO code for the country in which the site is hosted; in this case it is hosted in GB [UK] (United Kingdom).
    • The name of the netblock on which the site is hosted (in this case, the Netblock). This also links to a listing of sites on the same netblock.
  • If you attempt to visit a page that has been blocked, you will see a warning dialog which looks similar to this:


Getting the Most from the Netcraft Toolbar

  • The toolbar provides you with a wealth of information about the sites you visit. This information will help you make an informed choice about the integrity of those sites. Here is a brief list of points you should be aware of when visiting a site which requires you to enter personal information of any kind:

    • Look at the toolbar to see whether the site's netblock is registered to the company you expect.
    • Look at the country code and flag on the Toolbar to check that the site is hosted in the country that you expect. There is a list of countries which are often used to host fraud sites here.
    • Request a site report on the site:

    • sitereport1.png

      • Who is the site's domain registered to? Be suspicious if this is not the organisation you expect.
      • Who is running the DNS and reverse DNS for the site? Be suspicious if these are not run by a host in a domain controlled by the organisation.
      • How new is the site? All other things being equal, the longer a site has been around, the more you can trust it. "New Site" means the site you are currently visiting has not been seen before by the Netcraft Web Server Survey. This indicates that the site is probably less than one month old. Phishing sites spring up overnight and disappear just as quickly, and you should be extremely suspicious if you see this when visiting what you believe to be a trustworthy site.
      • Does it have an SSL Certificate? Bank sites that take authentication details will do this over SSL. Details of the SSL Certificate (if any) will appear in the site report.
      • Is the site in the DNS? If the site has no hostname or domain name and is a raw IP address be very suspicious.
    • If you are convinced that the site is a phishing site, please report it. If you are unable to report the URL via the toolbar site, please send us the entire mail message intact as an attachment. If you use Outlook you can do this by composing a new mail to and dragging the fraud mail on to it as an attachment.
    • Netcraft will send a reward to the first person to report each new phishing site.
  • Let's take a look at an example. Below is a phishing attack aimed at customers of SunTrust Banks which we received.


    Note that the Toolbar shows that the site is hosted in the USA, at "Inktomi Corporation", and that the site is new. The real SunTrust web site is hosted in the USA at SunTrust Service Corporation.


    Comparing the site reports is also telling; the fraudulent site's report contains many 'unknowns' whereas the site report for the real SunTrust web site shows plausible domain registration and DNS details.

    You can find out more about reporting URLs in the tutorial on reporting a suspicious URL.

Reporting a Suspicious URL

When you visit a page that you believe to be a phishing site, or contains fraudulent or deceptive content, we ask that you report it so that other toolbar users will benefit from your vigilance. The more sites that are reported, the more useful the toolbar will become for everyone.

  • You can report a URL by clicking on "Report a Phishing Site" in the toolbar menu, accessed by clicking on the Netcraft logo:


    After you report a URL, Netcraft analysts will examine the report and block the page if they find it has inappropriate content.
  • You can practice blocking an attack by:

    1. Requesting a sample of a fictional phishing attack mail.
    2. Visiting the URL contained in the mail that you receive.
    3. Click on the Netcraft logo in the toolbar.
    4. Select "Report a Phishing Site" in the menu that appears.
    5. URLs from fictional phishing attack mails will be blocked automatically.
    6. You can test that the URL has been blocked by re-visiting it after reporting.

Netcraft Anti-Phishing Toolbar Available for Download

The Netcraft Toolbar uses Netcraft's enormous databases of web site information to show you all the attributes of each site you visit on the Web, including the sites' hosting location, country, longevity and popularity.

It also mobilizes the Netcraft community into a giant neighbourhood watch scheme to empower the most alert and experienced members to protect the vulnerable against fraud and phishing attacks.

Toolbar features include:

  • Clear display of sites' hosting location at all times helps you validate fraudulent urls (e.g. the main online banking site of a large US bank is unlikely to be hosted in the former Soviet Union).
  • Once you report a phishing URL, it is blocked for other community members subsequently accessing it. The leverage of widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) is utilized to expedite blocking of the fraud site.
  • Natively traps cross site scripting and other suspicious urls containing characters which have no common purpose other than to deceive.
  • Netcraft supervisor validation is used to contain the impact of any false reporting of urls.
  • Display of browser navigational controls (toolbar & address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls to disguise location.
  • Happily coexists with Google and other Toolbars.

The Netcraft Toolbar is available now. Please download and try out the toolbar, and let us have your opinions.


If you would like to have a version of the Netcraft Toolbar branded for your organisation, please get in touch. The toolbar can be used to keep your site navigation within view of your customers throughout the time they spend using the web. Dynamically updating navigation provides the facility to change urls or menu structure and bring & new and temporal information to customers' attention at any time.

Hosting Provider Performance Comparison Available

Buying a dedicated server or moving a site to a new network provider can be a stab in the dark in that it is often not easy to see the quality and reliability of the provider’s network performance until after the purchase has been made. Netcraft’s view is that lack of transparency on network performance and outages harms the whole industry, both consumers and providers. Just as the customer suffers from not being able to make an informed choice between suppliers taking into consideration network response times as well as price, vendors with fast and reliable networks have no easy way of empirically showing the prospect the relative quality of service of their network relative to other players in the market. Ignorance plays into the hands of the companies investing less in their networks, since they will be better able to discount, and their longer response times and network outages will be less obvious to the customer. More widespread knowledge helps the industry as a whole, because better informed customers are more willing to pay more for superior connectivity, and the extra revenue coming into the industry can be invested in further improving resilience, performance, and support creating a virtuous circle. Key metrics include;
  • fewer outages – no one wants to be on a network that suffers frequent loss of connectivity.
  • Shorter outages - customers will be more tolerant of short outages which may be operationally difficult to avoid;
  • faster response times - the shorter the response times, the better.
Netcraft is measuring and making available the response times of fifty leading hosting providers' sites to give an indication of the relative and absolute response times currently available in the industry. The performance measurements are made at fifteen minute intervals from four separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.
Ranking by failed requests and connection time, 14:00 GMT, June 24th performance-graph-4.png
Using the performance of a hosting providers own site to determine the performance of the hosting companies network is only indicative. By default the sites are ranked in order of fewest failed requests, and shortest time to connect, in order to give the clearest indication of network capacity and congestion, with the least impact from the performance of the companies’ own web servers, though it is possible to sort by any column by clicking on the column heading. If you are using the table as a guide when choosing where to locate a dedicated or collocated server, remember that connection times fluctuate continually, and only hundredths of a second separate the top companies. Avoiding companies showing prolonged outages is likely to be a better strategy than necessarily going for the company with the fastest connection time. Factors other than network performance, including quality of support and price will also be important. If you are considering shared hosting then the load on the shared hosting system will likely be a greater constraint on the performance of your site than network connection time. If you represent a hosting company and would like to be included in the table, or if you are researching prospective hosting locations and would like more detailed performance information please mail us.