Closed L53NET closed 2 months ago
_psl
TXT records foundggff.net
: Fri, 01 Jan 2027 12:52:11 GMT
filegear-sg.me
: Mon, 08 Mar 2027 10:14:53 GMT
On the rationale side, probably worth noting that the domain filegear-sg.me
was related to Filegear, which @renqiz submitted in #713 and was later removed in #2049 by the initial requester's confirmation, so filegear-sg.me
is a re-reg. The re-registration appears to be primarily because it was already included in the PSL as part of the "debris".
While re-registration is probably fine, I'm curious if this could raise a domain dispute, in this case, regarding the brand name or trademark of Filegear, although this is beyond the scope of PSL maintainers to address (cc @renqiz).
Based on youtube search results, it seems users of L53 are largely end-users who want the ability to add subdomains to Cloudflare, making the re-registration practice desirable for anyone looking to run a subdomain registration business. Any thoughts @simon-friedberger @dnsguru ?
L53 also seems to have re-registered a "debris" domain, onflashdrive.app
, which was later flagged as malicious by multiple security vendors (see #2048 and the comments inside) and received a clientHold
. In most cases it is expected that such issues can occur when offering a namespace on the second-level domain, however I wonder if L53 has existing mitigations to prevent future abuse, such as an abuse reporting procedure or detection system that your company handles promptly. This would help deter potential adversaries, especially since it will be added to the Public Suffix List.
The domain ggff.net
appears clean when checked against VirusTotal while filegear-sg.me
was flagged by 11 related pulses in OTX, as seen here, which possibly indicates some past or current incidents of malicious activities from some of the subdomain tenants.
Thank you, @wdhdev, for the domain check. Thank you, @groundcat, for the thorough review.
Please let me in this discussion. These require three topics.
About Domain Abuse Rules: We use the dnsabuseframework as a guide. We maintain a strict no-tolerance policy regarding subdomain complaints and stand firmly against any malicious damage resulting from the use of the subdomain we supply. Subdomain involved in abuse will be redirected to a blackhole or deleted. This is clearly stated in Chapter 6 of the ToS. Tech: L53 has security system for domain registration and abuse check. As of 8.8.2024 , we have suspended 244 subdomains. As you mentioned, 'filegear-sg.me was flagged by 11 related pulses in OTX' because it had previously abused subdomains. These have all been addressed, so it is now in a clean state. Channel: Two channel for abuse. 1) we are continuously suspending the abuse subdomains exposed by the security platform, 2) we have also clearly provided the complaint email support@l53.net on website. We have noticed that PSL is also very concerned about the domain abuse #1699 . As a third-level domain service, it is our responsibility to ensure that this domain is not abused. We will continue to resist domain abuse.
Why did we use the debris domain based on ggff.net ? This was due to a critical case. Starting from L53, we only provided subdomain registration services for ggff.net. One user submitted a critical security ticket, revealing that the use of ggff.net subdomains caused cookie security issues, others can access his IoT devices. After research, we found the Public Suffix List, but as described in the documentation, it takes a long time to take effect. Fortunately, the debris domain helped us quickly resolve this issue. At that time, we already had a domain that could address the security problem, so we did not apply for ggff.net to be added to the PSL. Now, we are once again facing this serious security case with #2049 . The domain onflashdrive.app was not submitted in the PR, it has been out of use for a long time, and we no longer provide registration services for this domain.
Questions about the domain filegear-sg.me related to Filegear The domain filegear-sg.me once belonged to Filegear and has a certain similarity in name, which we acknowledge. L53 and Filegear offer different services and are not in competition, which is also clear. According to the WHOIS history records, we registered the domain in 2024, while the domain expired in June 2023. The domain has been available for registration by anyone for at least half a year, so this is not an act of cybersquatting. We are also willing to ensure that users understand and clarify this relationship. We have added a 'Declare' on the page at www.filegear-sg.me / nic.filegear-sg.me to publicly announce that we have no affiliation with Filegear. Additionally, we have provided a complaint channel to address any subdomains that may be impersonating Filegear products in order to prevent brand impersonation. @renqiz
Public Suffix List (PSL) Pull Request (PR) Template
Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.
Checklist of required steps
[x] Description of Organization
[x] Robust Reason for PSL Inclusion
[x] DNS verification via dig
[x] Run Syntax Checker (make test)
[x] Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place in the respective zone(s) in the affected section
Submitter affirms the following:
For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.
To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.
PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.
(Link: about propagation/expectations)
[x] Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.
Description of Organization
L53.NET offers third-level domain registration services, allowing anyone to register a free domain name for one year. Certified educators, students, and developers are eligible for a free domain name for three years. To ensure continuous service and prevent malicious bulk registrations, users in other cases need to pay to register additional domain names. A domain name is an important part of the internet. Many users use third-level domains because they are great for personal use or early project development. The third-level domains we provide can be used for any legitimate purpose. Users often utilize them to create websites, set up DDNS, establish VPN services, enable remote access, connect home IoT devices, and more.
I am Gerry Keh, the technical lead at L53, responsible for the maintenance and improvement of domain names.
Organization Website: https://www.l53.net
Abuse Contact: support@l53.net
Reason for PSL Inclusion
Our domain service is designed to allow registration on a subdomain basis, meaning each website on a subdomain is independent. For security reasons, we need to restrict cookies to their own subdomain and ensure that the data is isolated between each subdomain to prevent potential security risks. For instance, in cases like IoT(HomeAssistant) or FileShare web manager, cookies for each site need to be separate, so users can not access cross-subdomain data.
Number of users this request is being made to serve:
Number of registered users: 16968 Number of registered domain names: ggff.net. 3318 Number of registered domain names: filegear-sg.me 7211 By 2024.08.06
https://www.google.com/search?q=site%3Aggff.net https://www.google.com/search?q=site%3Afilegear-sg.me
https://crt.sh/?q=ggff.net https://crt.sh/?q=filegear-sg.me
Registry Expiry Date: ggff.net: 2027-01-01 filegear-sg.me: 2027-03-08 We shall maintain more than 2 years term in order to remain listed.
DNS Verification via dig
Results of Syntax Checker (
make test
)