The curious case of Cocos Islands’ ccTLD

It all has to do with the country code top-level domain (ccTLD) of the Cocos Islands: .cc. A ccTLD is unique for each country or autonomous region. Most of these extensions are subject to geographical restrictions. Often you can only get a website with that ccTLD if you have a business or offer services in that country or region. But sometimes they can also be issued to third parties operating outside the corresponding territory. Opening up their unique ccTLD for outsiders can sometimes return a healthy profit for a small nation. Territories like Palau (.pw), Tuvalu (.tv) and Montenegro (.me) were able to earn quite some money from their ccTLD. The same goes for the .cc ccTLD of the Cocos Islands.

544 people, 2 million domains

In 2021, there were 544 people living on the islands and 414 internet users. Disproportionately, we currently track nearly two million domains with the .cc extension. Of those, 404,590 are active, meaning there is a website behind the domain or the domain redirects to another domain. Lacking any geographical restrictions, .cc is used all around the world.

The popularity of .cc lies in its use as an acronym. CC can stand for a flotilla of things; Christian Church, Catholic Church, community college, call centers, country clubs, cycling couture, creative commons and many others. In addition, .cc is not far off from .com or .co. It is used as an alternative for companies whose preferred domain name ending with .com is already taken. The .cc ccTLD is currently owned by a sub-company of the US tech giant Verisign. They are also responsible for the .com and .net TLDs, making them a technologically reliable partner to get a domain from.

Scammers, spammers and phishers

In contrast to this reliability, there are issues surrounding .cc. In 2021, Australian authorities were urged to take control over the domain to thwart scammers and child abuse sites which had set up shop on the .cc ccTLD. Similar issues led to the complete removal of all .co.cc domains from Google’s search engine in 2011. At that time, the extension was heavily used by scammers and phishers. Despite stricter regulations implemented regarding the domain, Dataprovider.com’s Trust Grade shows that there is still work to be done to make .cc more credible.

Our proprietary Trust Grade gives an indication of how trustworthy a website is. It is based on parameters such as the presence or lack of an SSL certificate, contact information, number of changes made on the website as well as other indicators. 

Trust Grades are given by the letters A, B, C, D, E and F; A being the highest grade and F being the lowest. In Figure 1 you can see that 56.7% of .cc domains have a Trust Grade below C, suggesting many of these domains are still lacking basic security measures or authentic content. To put this into context, the distribution of Trust Grades for .com or .co domains is quite different; only 28.7% of .com domains have a Trust Grade of D or lower and for .co the percentage is 28.8%.

Downsides 

Repurposing a ccTLD and removing geo-restrictions can benefit a small nation. But it also makes them an easy target for malicious repurposing. In this scenario, .cc has become the target of these attempts due to its similarity to .co and .com. Scammers can easily bulk purchase these domains, making it hard to track their activities. Similar to many disputes in international relations and international law, supranational legal structures have limited jurisdiction. And the balance between freedom and security makes it hard to make decisions on the non-territorial sphere of the internet, let alone implementing measures.