WOT picks up the reports from its "trusted sources" like PhishTank.com and assigns the reported URLs adverse ratings. WOT will also generate ratings on-the-fly for search queries, based upon a rating already in its database that is three levels (or less) "up" or "down" from the URL in the query.
PhishTank, based upon its own sources like clean-mx.de and a PayPal security team, may report scores of scam, one-shot, randomized URLs having the same base domain, as discovered in honeypots and other submitted email specimens. These reports typically find their way to the WOT database. Unlike PhishTank, other WOT trusted sources such as SURBL only report the base domain name.
Although they are not picked up by WOT, PhishTank additionally reports scores of URLs which are identical except for randomized search-strings (that part after the question-mark in the URLs).
Here is an example:
PhishTank incident report
WOT scorecard based upon PhishTank
WOT scorecard based upon SURBL
WOT scorecard "in between" PhishTank and SIRBL input and generated on-the-fly
Note that the confidence levels (represented by the row of silhouettes to the left of each rating) are lower for the "in between" case. To complicate matters, WOT users often submit their own ratings based upon what they have seen in the PhishTank and SURBL databases.
Anyhow, another reason for absurdly long scam URLs is to overflow a web browser's Navigation bar, so that the true base domain name is not visible.