Statistics from the top 1,000,000 websites – part II

This is the second part of an older article we posted, where we present some statistics from the top 1,000,000 sites on the internet.  We are using the Alexa database as source for our statistics.  In the first part of this article, we presented the Top Web Servers, Apache version distribution, Microsoft IIS version distribution, Unix vs Windows and so on. In this second part we will include more statistics such as top mail server providers, top dns server providers, top AS names, country distribution and more.

Top MX Servers

To start off with, I wanted to see where people are receiving their mail. Therefore, for each domain we queried the MX servers and calculated which servers are the most popular. The results are shown bellow:

MX (mail server) Count Percentage
*.google.com 57437 38.57%
*.secureserver.net (Go Daddy) 29155 19.58%
*.mail.dreamhost.com 6089 4.09%
*.kundenserver.de 6055 4.07%
*.emailsrvr.com 5448 3.66%
*.1and1.com 5323 3.57%
*.messagelabs.com 4454 2.99%
*.qq.com 4156 2.79%
mail.automattic.com 4107 2.76%
*.mail.yahoo.com 3852 2.59%
*.ispgateway.de 3560 2.39%
*.ovh.net 3560 2.39%
*.masterhost.ru 2749 1.85%
*.rzone.de 2377 1.60%
*.schlund.de 2197 1.48%
*.1and1.co.uk 1994 1.34%
*.sitebuildit.com 1772 1.19%
*.frontbridge.com 1675 1.12%
*.servage.net 1564 1.05%
*.mx-server.net 1377 0.92%

As you can see from the table above, most of the people are entrusting their mails to Google. Gmail for your domain (Google Apps for your domain) is very popular because it works well and it’s free for small companies. On the second place is *.secureserver.net. These are the MX servers from Go Daddy. On the third place is DreamHost.

Top DNS Servers

Next, we’ve calculated the NS (name server) distribution. Same procedure, for each domain we’ve queried the NS servers and calculated which servers are the most popular.

NS server Count Percentage
*.domaincontrol.com (Go Daddy) 40817 21.64%
*.google.com 19652 10.42%
*.xinnetdns.com 12840 6.81%
*.xinnet.cn 12835 6.81%
*.dreamhost.com 11768 6.24%
*.name-services.com 9818 5.21%
*.bluehost.com 9472 5.02%
*.ovh.net 8762 4.65%
*.rackspace.com 8155 4.32%
*.mediatemple.net 6702 3.55%
*.1and1.com 6006 3.18%
*.dnsmadeeasy.com 5396 2.86%
*.hostmonster.com 5391 2.86%
*.yahoo.com 4849 2.57%
*.technorail.com 4835 2.56%
*.wordpress.com 4685 2.48%
*.dns.com.cn 4536 2.41%
*.ultradns.net 4203 2.23%
*.namespace4you.de 4006 2.12%
*.kasserver.com 3860 2.05%

domaincontrol.com is the NS server for Go Daddy. On the second place are the Google name servers. These are the Blogspot blogs (there are a lot of them). Third and forth place belongs to xinnetdns: some popular Chinese web hosting provider.

Top AS Names

An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators. Next table will display the top AS Names (based on their AS numbers).

AS Name Count Percent
THEPLANET-AS – ThePlanet.com Internet Services, Inc. 58311 17.42%
GOOGLE – Google Inc. 37757 11.28%
CHINANET-BACKBONE No.31,Jin-rong Street 28226 8.43%
PAH-INC – GoDaddy.com, Inc. 23806 7.11%
SOFTLAYER – SoftLayer Technologies Inc. 21799 6.51%
ONEANDONE-AS 1&1 Internet AG 19127 5.71%
OVH OVH 17515 5.23%
BLUEHOST-AS – Bluehost Inc. 15473 4.62%
PEER1 – Peer 1 Network Inc. 13666 4.08%
RMH-14 – Rackspace.com, Ltd. 12215 3.65%
DREAMHOST-AS – New Dream Network, LLC 11586 3.46%
LAYER3-ASN – Layered Technologies, Inc. 11511 3.44%
HETZNER-AS Hetzner Online AG RZ 10579 3.16%
LAYER3-ASN-2 – Layered Technologies, Inc. 10525 3.14%
LIQUID-WEB-INC – Liquid Web, Inc. 8352 2.49%
MEDIATEMPLE – Media Temple, Inc. 7739 2.31%
LEASEWEB LEASEWEB AS 7006 2.09%
GNAXNET-AS – Global Net Access, LLC 6747 2.02%
CHINANET-SH-AP China Telecom (Group) 6560 1.96%
AKAMAI-ASN1 Akamai Technologies European AS 6284 1.88%

The table from above lists the top IP providers from our top 1,000,000 websites as listed by Alexa. THEPLANET leads the way, followed by Google and a Chinese provider.

Registrars distribution

The next table is about IP registrars. There are 5 registrars on the internet:

  • ARIN

    – American Registry for Internet Numbers

  • RIPENCC

    – Réseaux IP Européens Network Coordination Centre

  • APNIC

    – Asia-Pacific Network Information Centre

  • LACNIC

    – Latin American and Caribbean Internet Addresses Registry

  • AFRINIC

    – The Registry of Internet Number Resources for Africa

Registrar Count Percent
ARIN 503984 51.68%
RIPENCC 318741 32.69%
APNIC 137493 14.10%
LACNIC 12290 1.26%
AFRINIC 2621 0.27%

Country distribution

We’ve also calculated the country distribution. We’ve resolved each domain to its corresponding IP address and then determined the country for that ip address. Finally, we’ve counted the most popular countries.

Country Count Percentage
United States 497993 53.73%
Germany 81518 8.80%
China 63364 6.84%
Japan 42384 4.57%
United Kingdom 40814 4.40%
Russian Federation 35583 3.84%
France 29893 3.23%
Netherlands 26218 2.83%
Canada 21695 2.34%
Italy 16013 1.73%
Spain 11992 1.29%
Turkey 8740 0.94%
Europe 7720 0.83%
Poland 7346 0.79%
Brazil 6836 0.74%
Australia 6544 0.71%
Czech Republic 6070 0.65%
Sweden 5746 0.62%
Ukraine 5465 0.59%
Thailand 4845 0.52%

No surprises here: United States, Germany and China are taking the top spots.

While navigating all those websites we’ve received some funny responses from web servers. I’ve listed some of them below.

Weird headers

These are various headers that contain invalid characters. Most of them are error messages (usually PHP and MySQL errors). Some of them include some kind of information disclosure (even source code disclosure in one case).

Header Name Header Value
file ‘c mysqlsharecharsets?.conf’ not found (Errcode: 2)
php notice Undefined variable: rssrtl in D:domainsmeansearch.comwwwrootmodulesmod_slick_rsstmpldefault.php on line 46
php notice Undefined index: error in D:domainsmeansearch.comwwwrootmodulesmod_slick_rsstmpldefault.php on line 29
php warning PHP Startup: Unable to load dynamic library ‘/usr/local/php5/lib/php/php_pdo_mysql.dll’ – /usr/local/php5/lib/php/php_pdo_mysql.dll: cannot open shared object file: No such file or directory in Unknown on line 0
php warning PHP Startup: Unable to load dynamic library ‘./php_gd.so’ – Cannot open “./php_gd.so” in Unknown on line 0
php warning Unknown(): Unable to load dynamic library ‘/usr/local/php4/lib/php/php_xslt.dll’ – /usr/local/php4/lib/php/php_xslt.dll: cannot open shared object file: No such file or directory in Unknown on line 0
character set ‘#18’ is not a compiled character set and is not specified in the ‘c mysqlsharecharsetsIndex’ file
gen true for “http //www.philadelphia-reflections.com” r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0)
e</div>xpires Mon, 26 Jul 1997 05:00:00 GMT
php fatal error Call to a member function count() on a non-object in /virtual/valueset/project/dropshipping/apps/valueset/modules/amazon/templates/indexSuccess.php on line 123
php header for pdf files header(“Cache-Control: must-revalidate, post-check=0, pre-check=0”);
<?php include_once(“analyticstracking.php”); ?>
<!– –>date Fri, 11 Dec 2009 21:07:37 GMT
<!– warning IS_SALVE : esl5 at auction.pl line 1020. –>, IS_SALVE : esl5 at auction.pl line 1054. –>
are you hacker this server ? baby ! ^ Aaron ^
super isp 13939.NET
php script php
wordpress-datenbankfehler unknown collation ‘utf8_general-ci’ für die Abfrage SET NAMES ‘utf8’ COLLATE ‘utf8_general-ci’ in require, require_once, require_once, require_once, require_wp_db, require_once

Funny Server headers

And finally, some administrators are using various humorous values for the Server header. I’ve listed some of them below:

Server
God is Love
Homer/1.
House Plans
Http With Associates
I’m a server
IIS 9.2 Alpha
IIS/7.(Unix) mod_ssl/2.8.3OpenSSL/.9.8e
IIS_8._pre_alpha
Its a Server
Just a Web Server
Just Apache
make my day
null
openyourmind
Pizza/4cheese
reboot!
the 4in 4.25 seconds
*** unknown ***
BlackHole/1.
David’s little web server powered by Smalltalk
Go Away
HolyServer/9 (YeahBaby)
O_o
Paranoid
😉
Apache 😉
Stoned Webserver 1.
Apachern
Server secured
Ski The Best… Booth Creek Resorts
Share this post
  • Funny Server headers:
    Stoned Webserver 1.0 is a real web server not a modified header. Just thought I would let you know. Great list by the way.

  • Thanks ethicalhack3r 🙂
    I never heard about Stoned Webserver before. What’s their URL or do they have one? I can’t seem to find anything on Google about it.

  • I can’t seem to find the original development website, maybe they have ceased to develop. The reason I knew is because I happened to do an assessment a while back now on a web application running on it.

    There are a couple of mentions of it on Google however not a lot of information on it.

    According to:
    http://www.securityspace.com/s_survey/server_graph.html?type=http&domaindir=/no&month=200912&serv1=U3RvbmVkIFdlYnNlcnZlciAxLjA=

    It is mainly on the .no (Norway) TLD and was found to be installed on 351 servers.

    Shodan only finds 1 server however:
    http://www.shodanhq.com/?q=%22Stoned+Webserver%22

  • Leave a Reply

    Your email address will not be published.