bit.ly is not safe and an attack page?

  • I click on a bit.ly link on a Youtube video and I was fronted with this.

    bit.ly is not safe?

    I have used bit.ly before and I entered the url manually, but Firefox came up with this.

    bit.ly is an attack page?

    Any ideas?

  • TL;DR: Shortened links are not safe at all, and have never been.

    https://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=bit.ly shows the following:

    What is the current listing status for bit.ly?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 31 time(s) over the past 90 days.

    What happened when Google visited this site?

    Of the 91854 pages we tested on the site over the past 90 days, 669 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-10-24, and the last time suspicious content was found on this site was on 2014-10-24.

    Malicious software includes 200 trojan(s), 185 exploit(s), 152 scripting exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

    Malicious software is hosted on 365 domain(s), including hotclip.mobi/, likoj.net/, denotablin.com/.

    353 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including trackcash.org/, javaistlus.com/, tracksite.us/.

    This site was hosted on 4 network(s) including AS30060 (VERISIGN-ILG1), AS14618 (AMAZON-AES), AS15169 (GOOGLE).

    Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, bit.ly appeared to function as an intermediary for the infection of 37 site(s) including phimdata.com/, zing3g.net/, lauxanh.org/.

    Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

  • bit.ly itself is ok, it's that stupid little hash after the domain name that's at issue.

    It may lead to a malvertisement or infection engine.

    And since you're going through a link shortener, you don't know where you're ending up until after you click the link. Treating all shortened links as suspect isn't a bad move.

    Fortunately after scanning, enough pages represented by the hash, enough have been found malicious by two different browser's link scan services, so listen to the warning and shy away as it's statistically likely you're accessing malware content. Until bit.ly cleans up their act and starts scanning and removing their own bad links, they're not to be trusted.

    Same goes for sleazy ad networks that don't vet their content. AdBlock Plus is effective for website owners that can't offer quality content.

    Note that you always can add a `+` at the end of the hash to see the URL you'd be redirected to without that `+`. So e.g. `http://bit.ly/1n4rxKs+` would reveal that `http://bit.ly/1n4rxKs` resolves to `http://www.linux.com/learn/tutorials/773180-how-to-set-up-a-web-based-lightweight-system-monitor-on-linux/` ;)

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used