Statistics from the top 1,000,000 websites – part II
This is the second part of an older article we posted, where we present some statistics from the top 1,000,000 sites on the internet. We are using the Alexa database as source for our statistics. In the first part of this article, we presented the Top Web Servers, Apache version distribution, Microsoft IIS version distribution, Unix vs Windows and so on. In this second part we will include more statistics such as top mail server providers, top dns server providers, top AS names, country distribution and more.
Top MX Servers
To start off with, I wanted to see where people are receiving their mail. Therefore, for each domain we queried the MX servers and calculated which servers are the most popular. The results are shown bellow:
| MX (mail server) | Count | Percentage |
|---|---|---|
| *.google.com | 57437 | 38.57% |
| *.secureserver.net (Go Daddy) | 29155 | 19.58% |
| *.mail.dreamhost.com | 6089 | 4.09% |
| *.kundenserver.de | 6055 | 4.07% |
| *.emailsrvr.com | 5448 | 3.66% |
| *.1and1.com | 5323 | 3.57% |
| *.messagelabs.com | 4454 | 2.99% |
| *.qq.com | 4156 | 2.79% |
| mail.automattic.com | 4107 | 2.76% |
| *.mail.yahoo.com | 3852 | 2.59% |
| *.ispgateway.de | 3560 | 2.39% |
| *.ovh.net | 3560 | 2.39% |
| *.masterhost.ru | 2749 | 1.85% |
| *.rzone.de | 2377 | 1.60% |
| *.schlund.de | 2197 | 1.48% |
| *.1and1.co.uk | 1994 | 1.34% |
| *.sitebuildit.com | 1772 | 1.19% |
| *.frontbridge.com | 1675 | 1.12% |
| *.servage.net | 1564 | 1.05% |
| *.mx-server.net | 1377 | 0.92% |
As you can see from the table above, most of the people are entrusting their mails to Google. Gmail for your domain (Google Apps for your domain) is very popular because it works well and it’s free for small companies. On the second place is *.secureserver.net. These are the MX servers from Go Daddy. On the third place is DreamHost.
Top DNS Servers
Next, we’ve calculated the NS (name server) distribution. Same procedure, for each domain we’ve queried the NS servers and calculated which servers are the most popular.
| NS server | Count | Percentage |
|---|---|---|
| *.domaincontrol.com (Go Daddy) | 40817 | 21.64% |
| *.google.com | 19652 | 10.42% |
| *.xinnetdns.com | 12840 | 6.81% |
| *.xinnet.cn | 12835 | 6.81% |
| *.dreamhost.com | 11768 | 6.24% |
| *.name-services.com | 9818 | 5.21% |
| *.bluehost.com | 9472 | 5.02% |
| *.ovh.net | 8762 | 4.65% |
| *.rackspace.com | 8155 | 4.32% |
| *.mediatemple.net | 6702 | 3.55% |
| *.1and1.com | 6006 | 3.18% |
| *.dnsmadeeasy.com | 5396 | 2.86% |
| *.hostmonster.com | 5391 | 2.86% |
| *.yahoo.com | 4849 | 2.57% |
| *.technorail.com | 4835 | 2.56% |
| *.wordpress.com | 4685 | 2.48% |
| *.dns.com.cn | 4536 | 2.41% |
| *.ultradns.net | 4203 | 2.23% |
| *.namespace4you.de | 4006 | 2.12% |
| *.kasserver.com | 3860 | 2.05% |
domaincontrol.com is the NS server for Go Daddy. On the second place are the Google name servers. These are the Blogspot blogs (there are a lot of them). Third and forth place belongs to xinnetdns: some popular Chinese web hosting provider.
Top AS Names
An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators. Next table will display the top AS Names (based on their AS numbers).
| AS Name | Count | Percent |
|---|---|---|
| THEPLANET-AS - ThePlanet.com Internet Services, Inc. | 58311 | 17.42% |
| GOOGLE - Google Inc. | 37757 | 11.28% |
| CHINANET-BACKBONE No.31,Jin-rong Street | 28226 | 8.43% |
| PAH-INC - GoDaddy.com, Inc. | 23806 | 7.11% |
| SOFTLAYER - SoftLayer Technologies Inc. | 21799 | 6.51% |
| ONEANDONE-AS 1&1 Internet AG | 19127 | 5.71% |
| OVH OVH | 17515 | 5.23% |
| BLUEHOST-AS - Bluehost Inc. | 15473 | 4.62% |
| PEER1 - Peer 1 Network Inc. | 13666 | 4.08% |
| RMH-14 - Rackspace.com, Ltd. | 12215 | 3.65% |
| DREAMHOST-AS - New Dream Network, LLC | 11586 | 3.46% |
| LAYER3-ASN - Layered Technologies, Inc. | 11511 | 3.44% |
| HETZNER-AS Hetzner Online AG RZ | 10579 | 3.16% |
| LAYER3-ASN-2 - Layered Technologies, Inc. | 10525 | 3.14% |
| LIQUID-WEB-INC - Liquid Web, Inc. | 8352 | 2.49% |
| MEDIATEMPLE - Media Temple, Inc. | 7739 | 2.31% |
| LEASEWEB LEASEWEB AS | 7006 | 2.09% |
| GNAXNET-AS - Global Net Access, LLC | 6747 | 2.02% |
| CHINANET-SH-AP China Telecom (Group) | 6560 | 1.96% |
| AKAMAI-ASN1 Akamai Technologies European AS | 6284 | 1.88% |
The table from above lists the top IP providers from our top 1,000,000 websites as listed by Alexa. THEPLANET leads the way, followed by Google and a Chinese provider.
Registrars distribution
The next table is about IP registrars. There are 5 registrars on the internet:
- arin – American Registry for Internet Numbers
- ripencc – Réseaux IP Européens Network Coordination Centre
- apnic – Asia-Pacific Network Information Centre
- lacnic – Latin American and Caribbean Internet Addresses Registry
- afrinic – The Registry of Internet Number Resources for Africa
| Registrar | Count | Percent |
|---|---|---|
| arin | 503984 | 51.68% |
| ripencc | 318741 | 32.69% |
| apnic | 137493 | 14.10% |
| lacnic | 12290 | 1.26% |
| afrinic | 2621 | 0.27% |
Country distribution
We’ve also calculated the country distribution. We’ve resolved each domain to its corresponding IP address and then determined the country for that ip address. Finally, we’ve counted the most popular countries.
| Country | Count | Percentage |
|---|---|---|
| United States | 497993 | 53.73% |
| Germany | 81518 | 8.80% |
| China | 63364 | 6.84% |
| Japan | 42384 | 4.57% |
| United Kingdom | 40814 | 4.40% |
| Russian Federation | 35583 | 3.84% |
| France | 29893 | 3.23% |
| Netherlands | 26218 | 2.83% |
| Canada | 21695 | 2.34% |
| Italy | 16013 | 1.73% |
| Spain | 11992 | 1.29% |
| Turkey | 8740 | 0.94% |
| Europe | 7720 | 0.83% |
| Poland | 7346 | 0.79% |
| Brazil | 6836 | 0.74% |
| Australia | 6544 | 0.71% |
| Czech Republic | 6070 | 0.65% |
| Sweden | 5746 | 0.62% |
| Ukraine | 5465 | 0.59% |
| Thailand | 4845 | 0.52% |
No surprises here: United States, Germany and China are taking the top spots.
While navigating all those websites we’ve received some funny responses from web servers. I’ve listed some of them below.
Weird headers
These are various headers that contain invalid characters. Most of them are error messages (usually PHP and MySQL errors). Some of them include some kind of information disclosure (even source code disclosure in one case).
| Header Name | Header Value |
|---|---|
| file 'c | mysqlsharecharsets?.conf' not found (Errcode: 2) |
| php notice | Undefined variable: rssrtl in D:domainsmeansearch.comwwwrootmodulesmod_slick_rsstmpldefault.php on line 46 |
| php notice | Undefined index: error in D:domainsmeansearch.comwwwrootmodulesmod_slick_rsstmpldefault.php on line 29 |
| php warning | PHP Startup: Unable to load dynamic library '/usr/local/php5/lib/php/php_pdo_mysql.dll' - /usr/local/php5/lib/php/php_pdo_mysql.dll: cannot open shared object file: No such file or directory in Unknown on line 0 |
| php warning | PHP Startup: Unable to load dynamic library './php_gd.so' - Cannot open "./php_gd.so" in Unknown on line 0 |
| php warning | Unknown(): Unable to load dynamic library '/usr/local/php4/lib/php/php_xslt.dll' - /usr/local/php4/lib/php/php_xslt.dll: cannot open shared object file: No such file or directory in Unknown on line 0 |
| character set '#18' is not a compiled character set and is not specified in the 'c | mysqlsharecharsetsIndex' file |
| gen true for "http | //www.philadelphia-reflections.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) |
| e</div>xpires | Mon, 26 Jul 1997 05:00:00 GMT |
| php fatal error | Call to a member function count() on a non-object in /virtual/valueset/project/dropshipping/apps/valueset/modules/amazon/templates/indexSuccess.php on line 123 |
| php header for pdf files | header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); |
| <?php include_once("analyticstracking.php"); ?> | |
| <!-- -->date | Fri, 11 Dec 2009 21:07:37 GMT |
| <!-- warning | IS_SALVE : esl5 at auction.pl line 1020. -->, IS_SALVE : esl5 at auction.pl line 1054. --> |
| are you hacker this server ? baby ! | ^ Aaron ^ |
| super isp | 13939.NET |
| php script | php |
| wordpress-datenbankfehler unknown collation | 'utf8_general-ci' für die Abfrage SET NAMES 'utf8' COLLATE 'utf8_general-ci' in require, require_once, require_once, require_once, require_wp_db, require_once |
Funny Server headers
And finally, some administrators are using various humorous values for the Server header. I’ve listed some of them below:
| Server |
|---|
| God is Love |
| Homer/1. |
| House Plans |
| Http With Associates |
| I'm a server |
| IIS 9.2 Alpha |
| IIS/7.(Unix) mod_ssl/2.8.3OpenSSL/.9.8e |
| IIS_8._pre_alpha |
| Its a Server |
| Just a Web Server |
| Just Apache |
| make my day |
| null |
| openyourmind |
| Pizza/4cheese |
| reboot! |
| the 4in 4.25 seconds |
| *** unknown *** |
| BlackHole/1. |
| David's little web server powered by Smalltalk |
| Go Away |
| HolyServer/9 (YeahBaby) |
| O_o |
| Paranoid |
| ;-) |
| Apache ;-) |
| Stoned Webserver 1. |
| Apachern |
| Server secured |
| Ski The Best... Booth Creek Resorts |
Funny Server headers:
Stoned Webserver 1.0 is a real web server not a modified header. Just thought I would let you know. Great list by the way.
Thanks ethicalhack3r
I never heard about Stoned Webserver before. What’s their URL or do they have one? I can’t seem to find anything on Google about it.
I can’t seem to find the original development website, maybe they have ceased to develop. The reason I knew is because I happened to do an assessment a while back now on a web application running on it.
There are a couple of mentions of it on Google however not a lot of information on it.
According to:
http://www.securityspace.com/s_survey/server_graph.html?type=http&domaindir=/no&month=200912&serv1=U3RvbmVkIFdlYnNlcnZlciAxLjA=
It is mainly on the .no (Norway) TLD and was found to be installed on 351 servers.
Shodan only finds 1 server however:
http://www.shodanhq.com/?q=%22Stoned+Webserver%22