Understanding TLDs and Internet Extensions

Most Internet users are familiar with .com, .edu, .org, .net and .gov. Along with .mil these are the initial top level domain extensions for the world-wide-web. The Internet has expanded over the years and many new TLDs have been added to the list. Some well known additions are .biz and .info. Generally these are intended to designate the purpose or owner of the site. .com is a commercial enterprise, .net is a network, .edu is for educational institutions, .org is an organization, .gov is government(U.S. government only), and .mil is the U.S. military. Some of the additional TLDs like .museum and .jobs are self-explanatory. While .gov, .edu, and .mil are reserved for those purposes only .com, .net and .org can be used by anyone.

Less known than the main TLDs are country codes that can be used as domain extensions. .us for the United States and .uk for United Kingdom are some familiar ones. You may have seen .cn, .ca, and .ru for China, Canada and Russia. But have you seen .cc? .tv? .ws? .yt? Those stand for: Cocos Islands, Tuvalu, Western Samoa, and Mayotte. Unless geography is a hobby you probably have never heard of these places, but they are a serious concern for Internet security. Why? The first reason is that for these domain extensions anyone in any other country may obtain the country code domain name. Conversely, you have to be in the Czech Republic to get a .cz domain. This trend started in places like Tuvalu because the government thought the could cash in on their country code possibly standing for "television." Similarly, .ws is said to stand for "website" but it really stands for Western Samoa. This causes confusion for phishing victims because the average person does not know that .ws is the domain extension. Here is an example:

http://12dfe45rdf.twtn5dfdv.com/qwerw544/wertwert.33530xxert.html

In the above a casual glance will reveal that twtn5dfdv.com is the domain in the link. Compare it with this version:

http://12dfe45rdf.twtn5dfdv.ws/qwerw544/wertwert.33530xxert.html

It is no longer so obvious.

To further illustrate, phishers have resorted to these tactics to fool email users:

http://ebay.com.56787.net/security.asp

A cautious user might notice the .net extension and know it is not Ebay. However, this one might not alert someone so easily:

http://ebay.com.56787.tv/security.asp

It can be further confused through obfuscation:

http://ebay.com.56787%2e%74%76/security.asp