Category Archives: :Blog:

In the March 2025 survey we received responses from 1,197,680,522 sites across 275,633,322 domains and 13,402,722 web-facing computers. This reflects an increase of 17.0 million sites and 976,381 domains, and a loss of 77,628 web-facing computers.

nginx made the largest gain of 5.1 million sites (+2.12%) this month, increasing its market share to 20.5% (+0.14pp). Cloudflare made the next largest gain of 3.7 million sites (+2.49%).

Apache suffered the largest loss of 451,949 sites (-0.23%) this month, and now accounts for 16.0% (-0.27pp) of sites seen by Netcraft. Microsoft experienced the next largest loss of 189,378 sites (-1.03%).

Vendor news

• Google Cloud launched a new region in Sweden on March 6th.
• Apache Tomcat versions 9.0.102, 10.1.39 and 11.05 were released between March 5th and 7th. These versions improve protection against a race condition allowing remote code execution on case insensitive filesystems.

For more information see Active Sites.

… Continue reading March 2025 Web Server Survey→

Autopsy 4.22.0 is available. Big features for this release are BitLocker support, ability to run alongside Cyber Triage, and updates to lower-level libraries. You can download the release here and get […]

The post Autopsy 4.22.0 Release: BitLocker Support, Cyber Triage Sidecar, Library Updates appeared first on Autopsy.

Continue reading Autopsy 4.22.0 Release: BitLocker Support, Cyber Triage Sidecar, Library Updates→

Autopsy 4.22.0 is available. Big features for this release are BitLocker support, ability to run alongside Cyber Triage, and updates to lower-level libraries. You can download the release here and get […]

The post Autopsy 4.22.0 Release: BitLocker Support, Cyber Triage Sidecar, Library Updates appeared first on Autopsy.

Continue reading Autopsy 4.22.0 Release: BitLocker Support, Cyber Triage Sidecar, Library Updates→

In the February 2025 survey we received responses from 1,180,650,484 sites across 274,656,941 domains and 13,480,350 web-facing computers. This reflects an increase of 19.2 million sites, 1.3 million domains, and 56,361 web-facing computers.

nginx made the largest gain of 12.5 million sites (+5.51%), now accounting for 20.3% (+0.74pp) of sites seen by Netcraft. Cloudflare experienced the next largest gain of 3.9 million sites (+2.68%).

OpenResty suffered the largest loss this month, reducing its market share to 2.99%. Apache experienced the next largest loss of 4.5 million sites.

Vendor news

• Apache httpd 2.4.63 was released on January 23rd, primarily containing bug fixes.
• F5 announced that the nginx documentation was open-sourced on January 28th, hosted in a new GitHub repository. F5 also launched the new NGINX Community Forum on February 4th.
• nginx 1.27.4 was released on February 5th, fixing a vulnerability that allowed SSL client certificate validation to be bypassed in certain conditions. It also adds support for caching SSL certificates loaded dynamically based on a variable like the server name.
• Apache Tomcat versions 9.0.100, 10.1.36, and 11.0.4 were released on February 17th and 18th.
• LiteSpeed 6.3.2 was released on February 18th, fixing hash collision vulnerability in its QUIC implementation. The release also contains a range of features and bug fixes, including improvements to LiteSpeed’s anti-denial of service attack support.

For more information see Active Sites.

… Continue reading February 2025 Web Server Survey→

Key Data

• darcula-suite represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with complex, customizable phishing campaigns.
• Novel use of Headless Chrome and browser automation tool allows even non-technical criminals to quickly and easily clone any brand’s legitimate website and create a phishing version.
• The latest version of darcula-suite is expected to launch in mid-February. 
• Since March 2024, Netcraft has detected and blocked more than 90,000 new darcula phishing domains, nearly 31,000 IP addresses, and taken down more than 20,000 fraudulent websites on behalf of Netcraft clients after first exposing darcula.

Overview

The criminals at darcula are back for more blood, and they mean business with one of the more impactful innovations in phishing in recent years. The new version of their “Phishing-as-a-Service” (PhaaS) platform, darcula-suite adds first-of-its-kind personalization capabilities to the previously built darcula V2 platform, using Puppeteer-style tools to allow criminals to build advanced phishing kits that can now target any brand with the click of a button.  

In March 2024, Netcraft analysts exposed the innovative darcula phishing platform, created with advanced capabilities and pre-built phishing content aimed at many of the world’s largest brands, most notably the United States Postal service (USPS). The criminal group behind darcula is set to launch its next wave of innovation in February 2025 with darcula-suite.  

The darcula V2 platform had a major impact on more than 200 brands worldwide, which the criminal organization targeted with pre-built phishing kits in its darcula library. For example, Netcraft has identified and blocked more than 95,000 malicious darcula URLs — and taken down more than 20,000 malicious domains on behalf of clients — over the last 10 months.  

The combination of traditional phishing and smishing with AI-driven improvements make phishing a lucrative business. And, …

Continue reading The Bleeding Edge of Phishing: darcula-suite 3.0 Enables DIY Phishing of Any Brand→

In the January 2025 survey we received responses from 1,161,445,625 sites across 273,352,681 domains and 13,423,989 web-facing computers. This reflects an increase of 11.7 million sites, 770,099 domains, and 163,336 web-facing computers.

Cloudflare experienced the largest gain of 9.7 million sites (+7.13%) this month, increasing its market share to 12.6% (+0.72pp) of sites seen by Netcraft. OpenResty made the next largest gain of 2.8 million sites (+2.49%).

Apache suffered the largest loss of 2.0 million sites (-0.98%) this month, decreasing its market share to 17.0% (-0.34pp). Google experienced the next largest loss of 413,828 sites (-0.66%).

Vendor news

• Amazon announced the general availability of two new AWS regions in Mexico (mx-central-1) and Thailand (ap-southeast-7).
• lighttpd version 1.4.77 was released on January 10th, strengthening its TLS defaults and adding experimental support for Encrypted Client Hello.
• njs version 0.8.9 was released on January 14th, adding support for the filesystem module to the QuickJS engine.

For more information see Active Sites.

… Continue reading January 2025 Web Server Survey→

Key Data

• Threat actors immediately target new Truth Social users — Netcraft received more than 30 messages within hours of creating an account.
• Truth Social’s structure gives threat actors easy access to target groups with more than 100,000 members.
• Advance Fee Fraud scams average $250, with some scammers asking for as much as $1,000 at once on Truth Social.
• Central European, French-speaking threat actor prey on global victims by impersonating trusted brands including: Spotify, Disney+, EasyPark, Sky, Netflix, and Google.

Overview

Truth Social — the social media platform created by Trump Media & Technology Group (TMTG) in 2022 — is being abused to deploy scams at scale, from phishing websites to investment scams, according to Netcraft analysis. 

Case in point: The Netcraft team received more than 30 scam messages within just a few hours of creating a single account on Truth Social. And, the cost of falling for these scams can be high. 

The Federal Trade Commission (FTC) reported that 1 in 4 Americans who reported losing money to fraud since 2021 said it started on social media. During this same time period, reported losses to scams on social media hit $2.7 billion, far higher than any other method of contact. But this doesn’t include the large portion of scams that go unreported – and only looks at the United States. The true cost of social media scams worldwide is likely billions, if not trillions. 

Looking more closely at Truth Social, Gizmodo explored consumer complaints filed with the FTC over the past two years. According to the research, the complaints about scams are “the most shocking, if only because there are such large sums of money involved.” 
This blog post details Netcraft’s initial analysis of threat actors and malicious campaigns being used on Truth Social to target its users. Netcraft continually …

Continue reading The Truth of the Matter: Scammers Targeting Truth Social Users→

Key Data

• Threat actors immediately target new Truth Social users — Netcraft received more than 30 messages within hours of creating an account.
• Truth Social’s structure gives threat actors easy access to target groups with more than 100,000 members.
• Advance Fee Fraud scams average $250, with some scammers asking for as much as $1,000 at once on Truth Social.
• Central European, French-speaking threat actor prey on global victims by impersonating trusted brands including: Spotify, Disney+, EasyPark, Sky, Netflix, and Google.

Overview

Truth Social — the social media platform created by Trump Media & Technology Group (TMTG) in 2022 — is being abused to deploy scams at scale, from phishing websites to investment scams, according to Netcraft analysis. 

Case in point: The Netcraft team received more than 30 scam messages within just a few hours of creating a single account on Truth Social. And, the cost of falling for these scams can be high. 

The Federal Trade Commission (FTC) reported that 1 in 4 Americans who reported losing money to fraud since 2021 said it started on social media. During this same time period, reported losses to scams on social media hit $2.7 billion, far higher than any other method of contact. But this doesn’t include the large portion of scams that go unreported – and only looks at the United States. The true cost of social media scams worldwide is likely billions, if not trillions. 

Looking more closely at Truth Social, Gizmodo explored consumer complaints filed with the FTC over the past two years. According to the research, the complaints about scams are “the most shocking, if only because there are such large sums of money involved.” 
This blog post details Netcraft’s initial analysis of threat actors and malicious campaigns being used on Truth Social to target its users. Netcraft continually …

Continue reading The Truth of the Matter: Scammers Targeting Truth Social Users→

In the December 2024 survey we received responses from 1,149,724,280 sites across 272,582,582 domains and 13,260,653 web-facing computers. This reflects an increase of 8.6 million sites, 550,526 domains, and 146,420 web-facing computers.

nginx experienced the largest gain of 6.4 million sites (+2.92%) this month, and now accounts for 19.7% (+0.41pp) of sites seen by Netcraft. Cloudflare made the next largest gain of 2.6 million sites (+1.90%).

Apache experienced the largest loss of 1.1 million sites (-0.54%) this month, reducing its market share to 17.3% (-0.23pp). OpenResty suffered the next largest loss, down by 1.0 million sites (-0.88%).

000webhost shutdown

Earlier this year, Hostinger announced the closure of its 000webhost brand, which provided free web hosting. It has now shut down all remaining 000webhost sites, resulting in the number of sites hosted at Hostinger dropping by just under 50% this month – from 15.3 million to 8.1 million.

Most of the sites Hostinger lost this month no longer exist – only around 114,000 moved to competitors.

Vendor news

• Apache Tomcat versions 9.0.98, 10.1.34, and 11.0.2 were released on December 9th, adding support for strong ETags and the standards track RateLimit header.
• njs 0.8.8 was released on December 10th, adding support for more functions when QuickJS is used as an alternative JavaScript engine.

For more information see Active Sites.

… Continue reading December 2024 Web Server Survey→

In the November 2024 survey we received responses from 1,141,129,846 sites across 272,032,056 domains and 13,114,233 web-facing computers. This reflects an increase of 10.1 million sites, 277,239 domains, and 110,998 web-facing computers.

Cloudflare experienced the largest gain of 2.6 million sites (+1.96%) this month, and now accounts for 11.8% (0.12pp) of sites seen by Netcraft. Google made the next largest gain of 1.4 million sites (+2.39%).

nginx experienced the largest loss of 6.6 million sites (-2.92%) this month, reducing its market share to 19.3% (-0.75pp). Microsoft suffered the next largest loss, down by 634,406 sites (-3.24%).

Vendor news

• nginx 1.27.3 was released on November 26th. It adds support for automatically re-resolving the IP address of an upstream server, which previously required a restart in the open-source edition of nginx. It also disables TLS 1.0 and 1.1 by default.
• Apache Tomcat versions 9.0.97, 10.1.33, and 11.0.1, were released, containing various bug fixes and improvements.
• Cloudflare published a blog post describing how it migrated its customers’ DNS records to a new database, improving performance.

For more information see Active Sites.

… Continue reading November 2024 Web Server Survey→