Closed wdhdev closed 3 weeks ago
Perhaps this domain will be unable to be safely removed from the PSL because some clients may still be using it, unless the original requester signals intention to withdraw or the domain expires.
Creation Date: 2020-03-11T22:01:31Z
indicates that this domain is possibly still under control of original requester @joelkennedy if it hadn't been transferred.
Please read the original WHOIS records below:
Domain Name: bip.sh
Registry Domain ID: 94fbc66ee7f747149a6728aa22396783-DONUTS
Registrar WHOIS Server: whois.1api.net
Registrar URL: http://www.1api.net
Updated Date: 2024-03-13T12:08:34Z
Creation Date: 2020-03-11T22:01:31Z
Registry Expiry Date: 2025-03-11T22:01:31Z
Registrar: 1API GmbH
Registrar IANA ID: 1387
Registrar Abuse Contact Email: abuse@1api.net
Registrar Abuse Contact Phone: +49.68949396850
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization:
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Cornwall
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: GB
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: amos.ns.cloudflare.com
Name Server: kelly.ns.cloudflare.com
DNSSEC: signedDelegation
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2024-07-25T03:00:19Z <<<
Sources: whois utility generated at 2024-07-24 23:00:31
See @wdhdev 's comments above.
Sources:
Records still exists, indicating the intention of inclusion.
Responses from multiple DNS servers for the _psl
TXT record of the domain:
Response from 8.8.8.8
: "https://github.com/publicsuffix/list/pull/1098"
Response from 1.1.1.1
: "https://github.com/publicsuffix/list/pull/1098"
Response from 208.67.222.222
: "https://github.com/publicsuffix/list/pull/1098"
Sources: dig command using DNS servers: Google (8.8.8.8), Cloudflare (1.1.1.1), OpenDNS (208.67.222.222)
As a potential indicator of domain usage, we scan the following records:
NS records (bip.sh)
returns amos.ns.cloudflare.com. kelly.ns.cloudflare.com.
Additionally, we scan the following records for possible website usage at the root level:
A record (bip.sh)
returns 138.199.37.227
A record (www.bip.sh)
returns bipsh.b-cdn.net. 169.150.247.40
MX records (bip.sh)
returns 59 route1.mx.cloudflare.net. 69 route2.mx.cloudflare.net. 75 route3.mx.cloudflare.net.
Sources: dig
command for A, NS, and MX records
For possible website usage, we queried multiple different search engines:
Sources:
For potential usage of subdomains that are not discovered by the search engines, we used the following tools and here are the obtained observations:
https://subdomainfinder.c99.nl/scans/2024-07-24/bip.sh
Sources:
For potential website usage of subdomains that are not discovered by the search engines, we checked the Certificate Transparency Logs and here are the obtained observations:
Sources:
To check for possible security issues, we used VirusTotal and here are the obtained observations:
Sources:
this undoes #1098 / bip.sh entry
@joelkennedy Please comment on proceeding with the removal or advise us on the desired outcome. We are reviewing a rollback from @wdhdev to remove bip.sh from the PSL as it appears that the service has been shut down.
It appears that the PSL TXT records are intact, and we're not seeing signals of abuse of existing customer/subdomain operators.
I've emailed contact@bip.sh (which is listed on their website for enquiries) asking them to comment on this PR, as I'm assuming they are not actively checking their GitHub notifications.
Also, @groundcat in your subdomain scan of bip.sh, I believe those are old websites that used to be hosted with the service as going to any of them will just return their service closed page (for example: https://abc999.bip.sh/), so it is most likely a wildcard they have setup.
@dnsguru I have not received a response from Bip. However I would say it is safe to remove as there does not seem to be user content hosted on any subdomains as they just have a wildcard response to all subdomains saying the service has shutdown (see my comment mentioning groundcat above.)
@simon-friedberger I think this is safe to remove as the service has shut down and there does not seem to be any user hosted content on subdomains.
Reasons for removal:
Original PR was #1098 opened by @joelkennedy. Would be good to get approval from the original submitter to make sure this can be removed from the PSL safely.