And then there are plenty of companies who put some legitimate part of their business on a wonky gtld domain they only bought so that it's not bought by a scammer. Systems run by the investor relations department might run on examplecompany.biz, some hiring SAAS on examplecompany.work, the CRM on examplecompany.business and the tech support occasionally instructs someone to get a preview update from examplecompany.cc. Not because that's a smart thing to do, but because coordinating namespaces is not easy and dedicating an otherwise unused domain only bought to keep out the scammers is a tempting shortcut. And because training internet users that sometimes wonky TLD are ok is an externality.