add ggff.net and filegear-sg.me

[L53NET]

Public Suffix List (PSL) Pull Request (PR) Template

Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.

Checklist of required steps

• [x] Description of Organization

• [x] Robust Reason for PSL Inclusion

• [x] DNS verification via dig

• [x] Run Syntax Checker (make test)

• [x] Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place in the respective zone(s) in the affected section

Submitter affirms the following:

• [x] This request was not submitted with the objective of working around other third-party limits

• [x] The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• [x] The Guidelines were carefully read and understood, and this request conforms
• [x] The submission follows the guidelines on formatting and sorting

---

For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• [x] Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

Description of Organization

L53.NET offers third-level domain registration services, allowing anyone to register a free domain name for one year. Certified educators, students, and developers are eligible for a free domain name for three years. To ensure continuous service and prevent malicious bulk registrations, users in other cases need to pay to register additional domain names. A domain name is an important part of the internet. Many users use third-level domains because they are great for personal use or early project development. The third-level domains we provide can be used for any legitimate purpose. Users often utilize them to create websites, set up DDNS, establish VPN services, enable remote access, connect home IoT devices, and more.

I am Gerry Keh, the technical lead at L53, responsible for the maintenance and improvement of domain names.

Organization Website: https://www.l53.net

Abuse Contact: support@l53.net

Reason for PSL Inclusion

Our domain service is designed to allow registration on a subdomain basis, meaning each website on a subdomain is independent. For security reasons, we need to restrict cookies to their own subdomain and ensure that the data is isolated between each subdomain to prevent potential security risks. For instance, in cases like IoT(HomeAssistant) or FileShare web manager, cookies for each site need to be separate, so users can not access cross-subdomain data.

Number of users this request is being made to serve:

Number of registered users: 16968 Number of registered domain names: ggff.net. 3318 Number of registered domain names: filegear-sg.me 7211 By 2024.08.06

https://www.google.com/search?q=site%3Aggff.net https://www.google.com/search?q=site%3Afilegear-sg.me

https://crt.sh/?q=ggff.net https://crt.sh/?q=filegear-sg.me

Registry Expiry Date: ggff.net: 2027-01-01 filegear-sg.me: 2027-03-08 We shall maintain more than 2 years term in order to remain listed.

DNS Verification via dig

dig +short TXT _psl.ggff.net
"https://github.com/publicsuffix/list/pull/2085"

dig +short TXT _psl.filegear-sg.me
"https://github.com/publicsuffix/list/pull/2085"

Results of Syntax Checker (make test)

PASS: libpsl_icu_load_dafsa_fuzzer
PASS: libpsl_icu_fuzzer
PASS: libpsl_icu_load_fuzzer
============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 3
# PASS:  3
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in tests
  CC       test-is-public.o
  CC       common.o
  CC       test-is-public-all.o
  CC       test-is-cookie-domain-acceptable.o
  CC       test-is-public-builtin.o
  CC       test-registrable-domain.o
  CCLD     test-is-cookie-domain-acceptable
  CCLD     test-is-public-builtin
  CCLD     test-is-public
  CCLD     test-is-public-all
  CCLD     test-registrable-domain
PASS: test-is-public-builtin
PASS: test-is-public
PASS: test-is-cookie-domain-acceptable
PASS: test-registrable-domain
PASS: test-is-public-all
============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

[wdhdev]

• [x] _psl TXT records found
• [x] Domain expiry 2y+
  • [x] ggff.net: Fri, 01 Jan 2027 12:52:11 GMT
  • [x] filegear-sg.me: Mon, 08 Mar 2027 10:14:53 GMT
• [x] Rationale - seems good to me, however I'm not a PSL maintainer so I cannot make that decision.
• [x] SSL certificate logs check out

[groundcat]

On the rationale side, probably worth noting that the domain filegear-sg.me was related to Filegear, which @renqiz submitted in #713 and was later removed in #2049 by the initial requester's confirmation, so filegear-sg.me is a re-reg. The re-registration appears to be primarily because it was already included in the PSL as part of the "debris".

While re-registration is probably fine, I'm curious if this could raise a domain dispute, in this case, regarding the brand name or trademark of Filegear, although this is beyond the scope of PSL maintainers to address (cc @renqiz).

Based on youtube search results, it seems users of L53 are largely end-users who want the ability to add subdomains to Cloudflare, making the re-registration practice desirable for anyone looking to run a subdomain registration business. Any thoughts @simon-friedberger @dnsguru ?

L53 also seems to have re-registered a "debris" domain, onflashdrive.app, which was later flagged as malicious by multiple security vendors (see #2048 and the comments inside) and received a clientHold. In most cases it is expected that such issues can occur when offering a namespace on the second-level domain, however I wonder if L53 has existing mitigations to prevent future abuse, such as an abuse reporting procedure or detection system that your company handles promptly. This would help deter potential adversaries, especially since it will be added to the Public Suffix List.

The domain ggff.net appears clean when checked against VirusTotal while filegear-sg.me was flagged by 11 related pulses in OTX, as seen here, which possibly indicates some past or current incidents of malicious activities from some of the subdomain tenants.

[L53NET]

Thank you, @wdhdev, for the domain check. Thank you, @groundcat, for the thorough review.

Please let me in this discussion. These require three topics.

1. About Domain Abuse Rules: We use the dnsabuseframework as a guide. We maintain a strict no-tolerance policy regarding subdomain complaints and stand firmly against any malicious damage resulting from the use of the subdomain we supply. Subdomain involved in abuse will be redirected to a blackhole or deleted. This is clearly stated in Chapter 6 of the ToS. Tech: L53 has security system for domain registration and abuse check. As of 8.8.2024 , we have suspended 244 subdomains. As you mentioned, 'filegear-sg.me was flagged by 11 related pulses in OTX' because it had previously abused subdomains. These have all been addressed, so it is now in a clean state. Channel: Two channel for abuse. 1) we are continuously suspending the abuse subdomains exposed by the security platform, 2) we have also clearly provided the complaint email support@l53.net on website. We have noticed that PSL is also very concerned about the domain abuse #1699 . As a third-level domain service, it is our responsibility to ensure that this domain is not abused. We will continue to resist domain abuse.

2. Why did we use the debris domain based on ggff.net ? This was due to a critical case. Starting from L53, we only provided subdomain registration services for ggff.net. One user submitted a critical security ticket, revealing that the use of ggff.net subdomains caused cookie security issues, others can access his IoT devices. After research, we found the Public Suffix List, but as described in the documentation, it takes a long time to take effect. Fortunately, the debris domain helped us quickly resolve this issue. At that time, we already had a domain that could address the security problem, so we did not apply for ggff.net to be added to the PSL. Now, we are once again facing this serious security case with #2049 . The domain onflashdrive.app was not submitted in the PR, it has been out of use for a long time, and we no longer provide registration services for this domain.

3. Questions about the domain filegear-sg.me related to Filegear The domain filegear-sg.me once belonged to Filegear and has a certain similarity in name, which we acknowledge. L53 and Filegear offer different services and are not in competition, which is also clear. According to the WHOIS history records, we registered the domain in 2024, while the domain expired in June 2023. The domain has been available for registration by anyone for at least half a year, so this is not an act of cybersquatting. We are also willing to ensure that users understand and clarify this relationship. We have added a 'Declare' on the page at www.filegear-sg.me / nic.filegear-sg.me to publicly announce that we have no affiliation with Filegear. Additionally, we have provided a complaint channel to address any subdomains that may be impersonating Filegear products in order to prevent brand impersonation. @renqiz