Rename 'aquila.it' to 'laquila.it'

[raffysommy]

This PR requests the removal of aquila.it from the Public Suffix List, as it does not represent a valid public suffix for administrative subdomains in Italy and replace it with laquila.it.

• The Province and Municipality of L’Aquila use laquila.it as their authoritative domain. This is publicly verifiable from the official municipal website:

https://www.comune.laquila.it/

The domain aquila.it is not the administrative suffix under which municipal or provincial subdomains are delegated. Its inclusion in the PSL therefore misrepresents the real domain hierarchy.

• WHOIS evidence

A WHOIS lookup further confirms the mismatch between administrative use and domain ownership:

$ whois laquila.it
Domain: laquila.it
Status: UNASSIGNABLE

This indicates that laquila.it is reserved and not registrable, consistent with its role as an institutional domain.

$ whois aquila.it
Domain: aquila.it
Status: ok
Created: 2012-11-30

Registrant:
Organization: Puglia.com Srls

Admin / Technical Contact:
Domain Profit Srl

Registrar:
Algorithmedia S.r.l.

This shows that aquila.it is a privately registered domain, owned and operated by commercial entities, and not delegated by any public authority.

• Observed impact

While investigating certificate issuance patterns, we observed thousands of TLS certificates issued for arbitrary subdomains of aquila.it, many of which resemble phishing or impersonation attempts (for example comune.aquila.it):

https://crt.sh/?q=comune.aquila.it

At the time of writing, aquila.it resolves using a wildcard configuration, responding to essentially any subdomain with the same IP address.

[groundcat]

Good catch.

Although it appears that both LAquila.it and Aquila.it exist in the most recent version of the registry’s publication
(https://www.nic.it/sites/default/files/documenti/2022/Regulation_assignation_v8.0.pdf), on page 25,
checking the NS records for Aquila.it shows that it resolves to:

lunlun.ns.giantpanda.com
yangyang.ns.giantpanda.com

These do not appear to be controlled by NIC.IT and are highly likely in the hands of someone other than the registry.

The ones controlled by the registry usually resolves to something look like this:

a.dns.it.
r.dns.it.
m.dns.it.

Additionally, there are three more entries in the .it section

trentinosudtirol.it
valdaosta.it
altoadige.it

which show similar indicator (privately-controlled nameservers) in WHOIS, suggesting they might also not be controlled by the registry.

aquila.it

*********************************************************************

Domain:             aquila.it
Status:             ok
Signed:             no
Created:            2012-11-30 16:54:00
Last Update:        2025-12-30 00:43:07
Expire Date:        2026-12-14

Registrant
  Organization:     Puglia.com Srls
  Address:          Via XVI settembre 1959 8
                    Barletta
                    76121
                    BT
                    IT
  Created:          2025-03-28 12:02:24
  Last Update:      2025-03-28 12:02:24

Admin Contact
  Name:             Domain Profit Srl
  Address:          Via Alessandro Manzoni 48
                    Cinisello Balsamo
                    20092
                    MI
                    IT
  Created:          2024-05-29 10:29:05
  Last Update:      2025-07-04 12:53:50

Technical Contacts
  Name:             Domain Profit Srl
  Address:          Via Alessandro Manzoni 48
                    Cinisello Balsamo
                    20092
                    MI
                    IT
  Created:          2024-05-29 10:29:05
  Last Update:      2025-07-04 12:53:50

Registrar
  Organization:     Algorithmedia S.r.l.
  Name:             AM-REG
  Web:              http://www.algorithmedia.com
  DNSSEC:           no


Nameservers
  lunlun.ns.giantpanda.com
  yangyang.ns.giantpanda.com

---

Spam websites:

---

trentinosudtirol.it

*********************************************************************

Domain:             trentinosudtirol.it
Status:             ok
Signed:             no
Created:            2000-05-24 00:00:00
Last Update:        2025-05-30 00:45:25
Expire Date:        2026-05-14

Registrant
  Organization:     Francesco Solidoro
  Address:          via delle Ghiaie 20/1
                    Trento
                    38122
                    TN
                    IT
  Created:          2017-05-13 13:31:18
  Last Update:      2017-05-13 13:31:18

Admin Contact
  Name:             Francesco Solidoro
  Organization:     Francesco Solidoro
  Address:          via delle Ghiaie 20/1
                    Trento
                    38122
                    TN
                    IT
  Created:          2017-05-13 13:31:18
  Last Update:      2017-05-13 13:31:18

Technical Contacts
  Name:             Francesco Solidoro
  Organization:     Francesco Solidoro
  Address:          via delle Ghiaie 20/1
                    Trento
                    38122
                    TN
                    IT
  Created:          2017-05-13 13:31:18
  Last Update:      2017-05-13 13:31:18

Registrar
  Organization:     Aruba Business s.r.l.
  Name:             WIDE-REG
  Web:              https://www.arubabusiness.it
  DNSSEC:           yes


Nameservers
  dns.widhost.net
  dns2.widhost.net

valdaosta.it

*********************************************************************

Domain:             valdaosta.it
Status:             ok
Signed:             no
Created:            2000-03-02 00:00:00
Last Update:        2025-12-27 00:34:59
Expire Date:        2026-12-11

Registrant
  Organization:     ALSITECH SRL
  Address:          Via del Rizzo 16
                    Vercurago
                    23808
                    LC
                    IT
  Created:          2024-12-10 15:08:14
  Last Update:      2024-12-10 15:08:14

Admin Contact
  Name:             Alberto Pietro De Francesco
  Organization:     ALSITECH SRL
  Address:          VIa Del Selvetto 6
                    Galbiate
                    23851
                    LC
                    IT
  Created:          2024-12-12 15:58:24
  Last Update:      2024-12-12 15:58:24

Technical Contacts
  Name:             Alberto Pietro De Francesco
  Organization:     ALSITECH SRL
  Address:          VIa Del Selvetto 6
                    Galbiate
                    23851
                    LC
                    IT
  Created:          2024-12-12 15:58:24
  Last Update:      2024-12-12 15:58:24

Registrar
  Organization:     Aruba s.p.a.
  Name:             ARUBA-REG
  Web:              http://www.aruba.it
  DNSSEC:           yes


Nameservers
  dns.technorail.com
  dns2.technorail.com
  dns3.arubadns.net
  dns4.arubadns.cz

altoadige.it

*********************************************************************

Domain:             altoadige.it
Status:             ok
Signed:             no
Created:            1998-07-08 00:00:00
Last Update:        2025-09-02 00:41:34
Expire Date:        2026-08-17

Registrant
  Organization:     S.I.E. S.p.A. Società Iniziative Editoriali
  Address:          Via Missioni Africane, 17
                    Trento
                    38121
                    TN
                    IT
  Created:          2017-08-16 12:41:32
  Last Update:      2023-10-17 13:40:14

Admin Contact
  Name:             DONATINI ORFEO
  Organization:     S.I.E. S.p.A. Società Iniziative Editoriali
  Address:          Via Missioni Africane, 17
                    Trento
                    38121
                    TN
                    IT
  Created:          2017-08-16 12:41:32
  Last Update:      2023-10-17 13:40:14

Technical Contacts
  Name:             Nicadm Brennercom
  Address:          Brennercom AG SpA
                    Via Pacinotti, 12
                    Bolzano
                    39100
                    BZ
                    IT
  Created:          2001-12-07 00:00:00
  Last Update:      2017-03-16 11:05:50

Registrar
  Organization:     Retelit Digital Services s.p.a.
  Name:             RETELIT-REG
  Web:              http://www.retelit.it
  DNSSEC:           no


Nameservers
  rita.ns.cloudflare.com
  guy.ns.cloudflare.com

[groundcat]

I sent an email to the NIC.IT contact (cc'd @simon-friedberger and @dnsguru )