MalwareTips
Security Review

Is com.com legit or a scam?

Our verdict:Suspicious· 55/100

A 31-year-old typosquatting domain that monetizes browser navigation errors by serving aggressive ads and historical tech-support scams.

Top reasons
Documented history of serving tech-support scams and fake virus alerts.Operates as a typosquatting trap for users who mistype '.com'.Uses wildcard DNS to impersonate or redirect from any brand name (e.g., brand.com.com).
com.comScanned 1h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 90·MT 40
Category tags
typosquattingadvertising#tech support scam#data harvester90% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
31 years old
Registered Apr 13, 1995
MT Intelligence
Suspicious
High likelihood · 90% confidence
SUSPICIOUS

Warning signs detected

A 31-year-old typosquatting domain that monetizes browser navigation errors by serving aggressive ads and historical tech-support scams. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Website Preview

Screenshot of com.com
LIVE RENDER
com.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain operates as a wildcard 'catch-all' for any URL ending in '.com.com', a common mistake when typing web addresses. Our research shows a consistent history of this site being used to serve deceptive content, including fake malware scans and 'MacKeeper' advertisements. While the infrastructure is stable and the domain is over 30 years old, its primary purpose is to exploit user error for ad revenue. Multiple independent reports from security communities highlight its use in phishing and browser exploit attempts. Because it dynamically generates content based on what the user mistyped, the risk level can change instantly from harmless ads to malicious redirects.
Full dossier
Analysis complete

Page Content

The site functions as a wildcard landing page that populates content based on the subdomain used (e.g., 'example.com.com'). It typically displays search results or monetized ad links designed to look like legitimate navigation options.

Infrastructure

The domain is hosted behind a major content delivery network and uses Google-issued SSL certificates. The hosting IP has a clean reputation with no recent abuse reports, suggesting the site avoids direct malware hosting in favor of deceptive advertising.

Domain History

Registered in April 1995, this is one of the oldest domains on the internet. It has been under the same registrar for years and is currently locked to prevent unauthorized transfers, which is typical for high-value 'dictionary' domains.

Web Reputation

Security analysts and system administrators have flagged this domain for over a decade. Reports on Reddit and technical security forums document its role in 'typo-squatting' and serving 'scareware' popups to unsuspecting users.
Risk Factors
5
  • Documented history of serving tech-support scams and fake virus alerts.
  • Operates as a typosquatting trap for users who mistype '.com'.
  • Uses wildcard DNS to impersonate or redirect from any brand name (e.g., brand.com.com).
  • Historical associations with aggressive 'MacKeeper' scam software distribution.
  • Redacted ownership information despite being a high-traffic commercial entity.
Positive Signals
3
  • Domain has been registered and active for over 31 years.
  • Valid SSL certificate and stable hosting infrastructure.
  • Zero current detections across our antivirus partner network.
AI Recommendation
Close the tab immediately if you reached this site by mistake. Do not click any links or 'allow' any browser notifications.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for com.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
31 yrs
Registered Apr 1995
Business registration
Active · United States
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
3 scam reports
Key findings
7 headline facts from open-web research
  • com.com is a long-established domain registered on 1995-04-13 (over 31 years old as of 2026), currently registered through GoDaddy with privacy protection via Domains By Proxy, LLC.
  • It uses Cloudflare nameservers (kia.ns.cloudflare.com, sam.ns.cloudflare.com) and has locked status preventing easy transfer or deletion.
  • The domain operates a wildcard service: mistyped URLs such as amazon.com.com or any *.com.com resolve to it, often displaying search results, ads, or monetized pages based on the subdomain.
  • Historical reports from 2015 (SANS ISC) document it being used for malicious typo-squatting, including fake virus scans promoting MacKeeper scam software.
  • User discussions on Reddit (2020–2021) describe it as a "weird" or "prob scam" ad-monetization site that profits from typing errors like extra ".com".
  • Cloudflare community threads (2020) reference redirects and potential compromise involving com.com/results search pages.
  • No active business registration details beyond the domain WHOIS; owner identity is redacted; no Trustpilot, ScamAdviser, or ScamDoc scores located.
Scam reports (3)
Direct quotes from public scam databases, forums, and news.
  • SANS ISCopen

    "COM.COM Used For Malicious Typo Squatting - And of course the fake scan it runs claims that I have a virus :) As a "solution", I was offered the well known scam -app "Mackeeper"."

  • Reddit r/sysadminopen

    "TIL if you miss type a URL in your browser and add an extra .com ... you'll be directed to com.com's web site that will try and exploit your browser with phishing attempts and JavaScript exploits."

  • Reddit r/NoStupidQuestionsopen

    "Prob scam site ... It's a subdomain of com.com. It takes the subdomain and automatically serves ads based on it to make money from people that tend to click on random links."

Business registration
Status: active · United States

Registered since 1995-04-13 via GoDaddy.com, LLC; expires 2027-04-14; registrant protected by Domains By Proxy, LLC (privacy service); status includes client delete/renew/transfer/update prohibited; uses Cloudflare nameservers.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research uncovered multiple reports from technical communities like Reddit and SANS ISC dating back to 2015. These reports describe the site as a 'typo-squatter' that exploits users who accidentally add an extra '.com' to their search. Historically, the site has been caught serving 'scareware'—fake alerts claiming a computer is infected—to trick users into downloading unnecessary or harmful software.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious61Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Domain History
Age31 years old
RegistrarGoDaddy.com, LLC
RegisteredApr 13, 1995
ExpiresApr 14, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresJul 27, 2026 (32d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Proceed with caution

Our automated review flagged enough risk that you should treat this site as unverified.

  • Treat com.com as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked com.com as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • com.com currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. com.com presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 32 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • com.com is 31.2 years old, registered on 4/13/1995 through GoDaddy.com, LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report com.com as clean.
  • No. com.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • com.com resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 24, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around com.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·com.com
SUSPICIOUS

This domain is a long-standing typosquatting site that profits from users accidentally typing an extra '.com' in their browser. While the domain itself is decades old, it has a history of hosting deceptive ads and fake virus alerts. Do not enter any personal information or download software if you land here by mistake.

Close the tab immediately if you reached this site by mistake. Do not click any links or 'allow' any browser notifications.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust65
snugfam.com
25m ago
Read the review
Suspicioustrust54
meguanime.com
28m ago
Read the review
Suspicioustrust60
fitgirl-repacks.site
50m ago
Read the review
Suspicioustrust50
camcaps.io
1h ago
Read the review
Suspicioustrust50
bdwin24.biz
1h ago
Read the review
Suspicioustrust39
web3openledger.com
3h ago
Read the review
Suspicioustrust26
world.xyz
3h ago
Read the review
Suspicioustrust55
treasure-petroninvest.click
3h ago
Read the review
Suspicioustrust49
grovexly.org
4h ago
Read the review
Suspicioustrust54
dl.pdfviewerapp.com
4h ago
Read the review
Suspicioustrust54
instantfans.info
4h ago
Read the review
Suspicioustrust39
ibuntumain.github.io
5h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.