Security Insights

Another 1.5 Million Twitter Links Scanned

Another 1.5 Million Twitter Links Scanned

In March 2010, I analyzed about 1 million links taken from public tweets on Twitter. I showed that the number of malicious links was less than 1%.

I have scanned another 1.5 million links in the past 3 months from Twitter public time line (1,587,824 exactly). I analyzed these URLs and the server content to find how many of them lead to malicious pages by running them through the Zscaler cloud.

Before I go into the details, I'd like to make a few points:

  • links were taken over several months, but they were analyzed immediately
  • I gathered links from the public time line. Results for direct messages might be different
  • the links may not be intentionally malicious, the page could have been compromised

The state of the Twitter links



Top-10 domains in Twitter URLs

 is still the leader in number of URLs on Twitter at 33% of all URLs, compared to only 5% for the number 2 spot (! However, its market share has decreased, mainly because of the arrival of new URL shortener services from big names. Google, for example, arrives in the the top-10 domains with, a service only available since December 2009. If we add and, Google represents 5% of all URLs.

Other social services are becoming more and more popular links in tweets: 4square ( is #10, Facebook ( is #13

But the hierarchy of domains stays pretty much the same as in March, overall.

How many malicious links?

Like the previous analysis, I looked for phishing sites, malware, browser exploits, etc., but not spam.

The results are the same as previous: 0.07% (1149 links) of all links are dangerous.



Distribution of threats by type




The distribution of malicious sites per domains is mainly the same as the total number of links per domain:

Distribution of malicious sites per domain has a high percentage of malicious links mostly due to hijacked Wordpress installations serving malware. As reported last time, is known to host malicious content. Some URLs shorteners like and create short links for one domain only ( and, so they are never malicious.

This shows once again that the number of malicious links in public tweets is very low. Users should pay more attention to direct messages (private tweets), but overall they should feel safe using Twitter.

-- Julien

Get the latest Zscaler blog updates in your inbox

Subscription confirmed. More of the latest from Zscaler, coming your way soon!

By submitting the form, you are agreeing to our privacy policy.