Websites registered in the African nation of Cameroon are the most likely domains to infect users' computers with malware, according to McAfee's annual study on the web's riskiest recesses.

The report, released Wednesday, found that nearly 37 percent of websites ending in .cm posed a security threat. According to McAfee, criminals known as typosquatters are taking advantage of the domain extension's spelling similarity to the popular .com, in hopes users mistype the URL they actually want to reach and instead surf to sites pushing malware.

Researchers studied some 27 million websites as part of their analysis and determined that 5.8 percent, or roughly 1.5 million, pose a risk.

The next shadiest top-level domain (TLD) is the .com extension (32.2 percent), followed by China (.cn), Samoa (.ws) and information (.info).

"Cybercriminals target regions where registering sites is cheap and convenient and pose the least risk of being caught," Mike Gallagher, McAfee Labs CTO, said.

Hong Kong (.hk) held the dubious No. 1 spot last year, but fell all the way to No. 34 due to its domain managers cracking down on scam registrations, according to McAfee.

Meanwhile, the least risky extensions belong to government (.gov), Japan (.jp), education (.edu), Ireland (.ie) and Croatia (.hr).