This is risky for things other than malware blacklisting. For example, the attacker can get a certificate for your domain, and then they can access any HTTPONLY and/or SECURE cookies set at the registrable domain level and impersonate your users just by getting someone to visit their page.