|TLD type||Country code top-level domain|
|Registry||AS Domain Registry|
|Sponsor||AS Domain Registry|
|Intended use||Entities connected with American Samoa|
|Actual use||Used for a variety of things, including applications unconnected to American Samoa|
|Registration restrictions||Domains should not be used for pornographic or racist material; registry has right of refusal for applications|
|Structure||Registrations are directly at second level|
.as is the Internet country code top-level domain (ccTLD) for American Samoa. It is administered by AS Domain Registry. Island Networks, which provides registry services for .gg and .je, is also responsible for the technical operations of .as.
Domain names are free of charge for businesses and individuals resident in or associated with American Samoa.
There is no restriction on registrants, and the domain is also popular outside of Samoa. There a number of .as names having been registered to and used by people, companies and organizations with no connection to American Samoa (as example, people and organizations related to Asturias, a Spanish region). "AS" or "A/S" is a suffix indicating a joint stock company in some countries including Norway, Denmark, Estonia and Czech Republic, so this TLD may be of use by companies of this sort. Also, some autonomous systems or websites providing information about autonomous systems or BGP, such as bgp4.as, have registered domain names. It is, sometimes, used as a domain hack, since the suffix "-s" means plural in some languages like English and Spanish, thus "-as" would be the end of the plural of a word that ends with an "a". An example of that is the Brazilian website escol.as, meaning "schools".
2016 Legacy Registrar Vulnerability
In April 2016, a security blog publicized a vulnerability in a .AS legacy registrar system which, it was claimed might have led to exposure of plain-text passwords of domain contacts associated with domains that did not have a registrar, and that this could have potentially allowed an attacker to make modifications to those domains, or even delete them. However, following publication, the AS Domain Registry confirmed to the reporter that legacy managed domains were subject to human oversight and authentication of all changes and that no attempts had been made to take advantage of this apparent vulnerability and the potential exploit was confirmed to have been closed.