Yeah I'm guessing the TLD was the main signal, based on other comments linking to a thread about "Pinggy", who was also using a .online. The fact that Namecheap is giving them out for free means they probably are more scammy on average.

I've also never added domains to Google Search Console and haven't had blacklisting issue other than with a free .ml (another "cursed" TLD) site that was by default assumed to be spam by Facebook Messenger.

It's unfortunate that this category exists, but I don't share the OP's .com purism; I've used a mix of TLDs and even the cheap ones like .fyi and .cc haven't come under extra scrutiny as far as I can tell.