.as is the Internet country code top-level domain (ccTLD) for American Samoa. It is administered by AS Domain Registry.

TLD typeCountry code top-level domain
RegistryAS Domain Registry
SponsorAS Domain Registry
Intended useEntities connected with  American Samoa
Actual useUsed for a variety of things, including applications unconnected to American Samoa
Registration restrictionsDomains should not be used for pornographic or racist material; registry has right of refusal for applications
StructureRegistrations are directly at second level
DocumentsRegistry policy
Dispute policiesUDRP
Registry websiteAS Domain Registry


Domain names are free of charge for businesses and individuals resident in or associated with American Samoa.

There is no restriction on registrants, and the domain is also popular outside of Samoa. There a number of .as names having been registered to and used by people, companies and organizations with no connection to American Samoa (as example, people and organizations related to Asturias, a Spanish region). "AS" or "A/S" is a suffix indicating a joint stock company in some countries including Norway, Denmark, Estonia and Czech Republic, so this TLD may be of use by companies of this sort. Also, some autonomous systems or websites providing information about autonomous systems or BGP, such as bgp4.as, have registered domain names. It is, sometimes, used as a domain hack, since the suffix "-s" means plural in some languages like English and Spanish, thus "-as" would be the end of the plural of a word that ends with an "a". An example of that is the Brazilian website escol.as, meaning "schools".

2016 Legacy Registrar VulnerabilityEdit

In April 2016, a security blog publicized a vulnerability in a .AS legacy registrar system which, it was claimed might have led to exposure of plain-text passwords of domain contacts associated with domains that did not have a registrar, and that this could have potentially allowed an attacker to make modifications to those domains, or even delete them. However, following publication, the AS Domain Registry confirmed to the reporter that legacy managed domains were subject to human oversight and authentication of all changes and that no attempts had been made to take advantage of this apparent vulnerability and the potential exploit was confirmed to have been closed. [1]


  1. ^ The Infosec Guy 2016-04-25

See alsoEdit

External linksEdit