.as

.as is the Internet country code top-level domain (ccTLD) for American Samoa. It is administered by AS Domain Registry. Island Networks, which provides registry services for .gg and .je, is also responsible for the technical operations of .as.

Usage
Domain names are free of charge for businesses and individuals resident in or associated with American Samoa.

There is no restriction on registrants, and the domain is also popular outside of Samoa. A number of .as names have been registered to and used by people, companies and organizations with no connection to American Samoa (for example, people and organizations related to Asturias, a Spanish region). "AS" or "A/S" is a suffix indicating a joint stock company in some countries including Norway, Denmark, Estonia and Czech Republic, so this TLD may be of use by companies of this sort. Also, some autonomous systems or websites providing information about autonomous systems or BGP, such as bgp4.as, have registered domain names. It is, sometimes, used as a domain hack, since the suffix "-s" means plural in some languages like English, Spanish, and Portuguese, thus "-as" would be the end of the plural of a word that ends with an "a". Examples of such usage include the Brazilian website escol.as, meaning "schools", or macc.as/feedback for the public food service feedback form for McDonald's in Australia, stemming from the colloquial use of 'Maccas' to describe the restaurant chain in the country.

2016 legacy registrar vulnerability
In April 2016, a security blog publicized a vulnerability in a .AS legacy registrar system which was claimed might have led to exposure of plain-text passwords of domain contacts associated with domains that did not have a registrar, and that this could have potentially allowed an attacker to make modifications to those domains, or even delete them. However, following publication, the AS Domain Registry confirmed to the reporter that legacy managed domains were subject to human oversight and authentication of all changes and that no attempts had been made to take advantage of this apparent vulnerability, and the potential exploit was confirmed to have been closed.