In the June 2024 survey we received responses from 1,101,431,853 sites across 269,118,919 domains and 12,865,432 web-facing computers. This reflects an increase of 4.0 million sites, an increase of 981,220 domains, and a decrease of 33,027 web-facing computers.

OpenResty experienced the largest gain of 4.6 million sites (+4.01%) this month, and now accounts for 10.8% (+0.38pp) of sites seen by Netcraft. Cloudflare made the next largest gain of 3.2 million sites (+2.66%).

Apache experienced the largest loss of 4.8 million sites (-2.23%) this month, reducing its market share to 19.3% (-0.51pp). LiteSpeed suffered the next largest loss, down by 1.1 million sites (-2.24%).

Vendor news

• njs 0.8.5 was released on June 25th, primarily containing bug fixes. Earlier this month its source code was moved to GitHub.
• freenginx 1.27.1 was released on June 4th. New features include support for limiting the number of headers in a HTTP request, and support for additional authentication mechanisms in its mail proxying module.
• LiteSpeed 6.3 was released on June 26th, containing new features, improvements, and bug fixes. The new features are mainly security-related.
• Apache Tomcat versions 9.0.90, 10.1.25, and 11.0.0-M21 were released.
• Amazon announced its plan to launch a new AWS region in Taipei, Taiwan by early 2025.

Developer	May 2024	Percent	June 2024	Percent	Change
nginx	236,239,936	21.53%	235,170,823	21.35%	-0.18
Apache	217,239,604	19.80%	212,402,611	19.28%	-0.51
Cloudflare	118,561,124	10.80%	121,715,882	11.05%	0.25
OpenResty	114,268,616	10.41%	118,852,803	10.79%	0.38

Developer	May 2024	Percent	June 2024	Percent	Change
Apache	37,106,437	19.17%	36,784,011	19.13%	-0.04
nginx	34,944,050	18.06%	34,778,931	18.09%	0.03
Cloudflare	28,767,697	14.86%	28,457,465	14.80%	-0.07
Google	19,116,508	9.88%	19,253,340	10.01%	0.14

For more information see Active Sites.

Developer	May 2024	Percent	June 2024	Percent	Change
Cloudflare	228,120	22.81%	230,996	23.10%	0.29
nginx	204,238	20.42%	205,005	20.50%	0.08
Apache	197,994	19.80%

…

Criminals are opportunists, ready to exploit any perceived weakness, from humanitarian efforts to presidential campaigns. Recently, Netcraft has been monitoring a series of attacks surrounding the Trump campaign, particularly following two developments: the May 21st announcement of crypto donations and the May 31st trial verdict that led to a huge surge in real donations, overwhelming the Trump campaign’s actual infrastructure.

Following these events, Netcraft has identified donation scams impersonating the Trump campaign, featuring dozens of malicious domains distributed in phishing and smishing campaigns. With millions of emails and texts sent by the real campaign, scammers are exploiting recent interest to trick would-be donors into visiting a lookalike domain.

Netcraft also used our proprietary peer-to-peer messaging reconnaissance to engage in a direct conversation with a “Trump National Committee” scammer, who revealed various points of actionable threat intelligence, including mule bank accounts, payment app details, email addresses, and more. In addition to collecting critical data that can be utilized to disrupt attacks and dismantle infrastructure, this dialogue with the scammers confirms a popular concern that criminals are leveling up and using AI to create better, faster, and more believable scams. 

Let’s examine how quickly criminals deploy these campaigns, adapt to new information, and are getting better while they do. 

Legitimate Crypto Support

As announced in late May, the Trump campaign accepts cryptocurrency donations via Coinbase Payments. This technology is provided through Coinbase and is available to any “federally accredited donor” to make payments via Ethereum-based cryptocurrencies or through balances held at Coinbase including Bitcoin and a large variety of more esoteric coins. 

When the trial verdict was announced on May 31st, the Trump campaign immediately directed all incoming traffic to its site to the donation pages in order to capitalize on support from donors across the country. The campaign collected more …

Losses to investment scams, romance fraud, and pig butchering reached $4.6 billion in the United States, a 38% increase in 2023. These scams often play out in private peer-to-peer conversations between victim and criminal, well beyond the reach of typical threat intelligence.

Netcraft has explored these scams by leveraging a first-of-its-kind AI-powered solution that communicates with criminals at scale. Responding to lure email and SMS messages, our AI-based personas continue the dialogue to uncover hidden financial and technical infrastructure. Following the money by disrupting money mule networks identified in confirmed scams in real-time could disable entire threat actor networks in one fell swoop.

The reach of these scams runs deep with criminal bank accounts, mule accounts, crypto wallets, and a connected web of malicious infrastructure used to further these scams. We have extracted thousands of criminal money mule bank accounts across 73 countries and more than 600 financial institutions. In one case, we have received 17 mule accounts from one conversation. The top four crypto wallet addresses Netcraft identified have received more than $45 million (1,000 BTC).

Equally, criminals, like the rest of us, are human too. And a long-lived but ultimately fruitless conversation with a Netcraft-controlled persona can cause frustration – as you’ll see later. 

Crime pays. The hours are good, you travel a lot. 

One in six of our conversations with criminals has resulted in details of at least one bank account being sent. Other conversations end with requests to buy gift cards, cryptocurrency payments, online payment providers (like PayPal), or money remittance services (like Western Union). While others fade out over time as the conversation naturally goes cold.

When we see the whole scam play out, on average, criminals send more than 32 messages despite receiving only 15 replies. Standing out in the data is …