Top level domains (TLD) refer to the suffix attached to domain names on the Internet. A site ending with .com, for example, is meant for websites used for commercial purposes. Similarly, country code top level domains (CCTLD) are meant to denote the country from which a website originates. A site ending with “.in”, for example, is meant for websites from India.
However, lenient CCTLD registration rules have meant that this is not always the case. Sites using CCTLD for purposes other than to denote their origin country have been garnering popularity for a while now. For example, “.fm” is a CCTLD assigned for the federal states of Micronesia. “.fm” which also is an acronym for “frequency modulation”, and is commonly used by radio websites which don’t originate from Micronesia. Similarly “.in” which refers to the CCTLD for India, could also mean “Internet” or “international”. When it comes to registering websites using the CCTLD, the cloud is the limit. Websites like “icome.in/peace”, “rest.in/peace”, for example, don’t just read well but are also easy for potential customers to remember. Apart from this, CCTLD from India are relatively cheaper to register than registering CCTLD from other countries.
While such use of CCTLD has its advantages, it also comes with its share of disadvantages. The number of CCTLD used by malware authors & spammers to lure victims to their sites is steadily on the rise. A simple query for malicious sites which use a CCTLD of “.in” from malwareurl.com resulted in a significant number of hits, as shown below:
Although none of the sites above are active anymore, a closer look reveals that they all originate from the same IP address and spread the same malware.
Users ought to be aware of such sites which pretend to come from one country, when in fact they don’t. Simple networking tools like whois will provide more information on the origin of the website. Also, the INRegistry tightening its registration rules should help significantly reduce the amount of spam and malware that originate from this CCTLD.