Analysis of nearly 1.7 billion shortened URL links

Web of Trust (WOT) completed an analysis of nearly 1.7 billion shortened URL links and found that the URL shortening services are often used to drive traffic to suspicious websites.

The research found that 8.7 percent of websites reached via the TinyURL service, and 5.0 percent of websites reached via Bit.ly, receive poor ratings for “trustworthiness’ and “child protection’ – as measured by WOT’s millions of crowd-sourced reputation scores.

Further analysis comparing the top level domain names (TLDs) that host these websites shows that the URL shortening services are often exploited to drive traffic to loosely-regulated countries where as much as 90 percent of the websites are suspicious.

The top five most exploited domains are:

• .ac (Ascension Island) – 91% of websites are rated poorly
• .ms (Montserrat) – 65% of websites are rated poorly
• .pr (Puerto Rico) – 46% of websites are rated poorly
• .mu (Mauritius) – 36% of websites are rated poorly
• .tc (Turks and Caicos Islands) – 35% of websites are rated poorly.

“Certainly the URL shortening services don’t intend to point people to malicious websites, but perhaps they can do more to proactively protect their services from being exploited,” said Markus Suomi, CEO of WOT. “These companies could automatically screen for potentially compromised website destinations, or at least inform their users when caution might be warranted before clicking on the link.”

The .com top-level domain (TLD) is the most popular by a wide margin, but as a percentage it hosts the fewest dangerous websites (only 2.5% of .com sites are rated poorly for “trustworthiness’ and 3.6% are rated poorly for “child safety’)

The three most common TLD alternatives to .com are corrupted by a surprisingly large percentage of poorly rates websites:

• .info – 10.7% of websites are rated poorly
• .net – 9.6% of websites are rated poorly
• .biz – 9.5% of websites are rated poorly.