groundcat
commented
1 month ago Comments
Perhaps this domain will be unable to be safely removed from the PSL because some clients may still be using it, unless the original requester signals intention to withdraw or the domain expires.
WHOIS
Creation Date: 2020-03-11T22:01:31Z indicates that this domain is possibly still under control of original requester @joelkennedy if it hadn't been transferred.
Please read the original WHOIS records below:
Domain Name: bip.sh
Registry Domain ID: 94fbc66ee7f747149a6728aa22396783-DONUTS
Registrar WHOIS Server: whois.1api.net
Registrar URL: http://www.1api.net
Updated Date: 2024-03-13T12:08:34Z
Creation Date: 2020-03-11T22:01:31Z
Registry Expiry Date: 2025-03-11T22:01:31Z
Registrar: 1API GmbH
Registrar IANA ID: 1387
Registrar Abuse Contact Email: abuse@1api.net
Registrar Abuse Contact Phone: +49.68949396850
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization:
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Cornwall
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: GB
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: amos.ns.cloudflare.com
Name Server: kelly.ns.cloudflare.com
DNSSEC: signedDelegation
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2024-07-25T03:00:19Z <<<Sources: whois utility generated at 2024-07-24 23:00:31
Organization Website and Nature Check
See @wdhdev 's comments above.
Sources:
- Organization website URL from the PSL comments
_psl TXT Record
Records still exists, indicating the intention of inclusion.
Responses from multiple DNS servers for the _psl TXT record of the domain:
Response from 8.8.8.8: "https://github.com/publicsuffix/list/pull/1098"
Response from 1.1.1.1: "https://github.com/publicsuffix/list/pull/1098"
Response from 208.67.222.222: "https://github.com/publicsuffix/list/pull/1098"
Sources: dig command using DNS servers: Google (8.8.8.8), Cloudflare (1.1.1.1), OpenDNS (208.67.222.222)
Root-level Domain Usage Scan
As a potential indicator of domain usage, we scan the following records:
NS records (bip.sh) returns amos.ns.cloudflare.com. kelly.ns.cloudflare.com.
Additionally, we scan the following records for possible website usage at the root level:
A record (bip.sh) returns 138.199.37.227
A record (www.bip.sh) returns bipsh.b-cdn.net. 169.150.247.40
MX records (bip.sh) returns 59 route1.mx.cloudflare.net. 69 route2.mx.cloudflare.net. 75 route3.mx.cloudflare.net.
Sources: dig command for A, NS, and MX records
Search Engine Checks
For possible website usage, we queried multiple different search engines:
Sources:
Subdomain Discovery
For potential usage of subdomains that are not discovered by the search engines, we used the following tools and here are the obtained observations:
https://subdomainfinder.c99.nl/scans/2024-07-24/bip.sh
Sources:
crt.sh Certificate Transparency Logs
For potential website usage of subdomains that are not discovered by the search engines, we checked the Certificate Transparency Logs and here are the obtained observations:
Sources:
VirusTotal Check
To check for possible security issues, we used VirusTotal and here are the obtained observations:
Sources:
dnsguru
wdhdev
Reasons for removal:
Original PR was #1098 opened by @joelkennedy. Would be good to get approval from the original submitter to make sure this can be removed from the PSL safely.