Got a trademark email from IG today

Hi guys,
I own askinstagram.com domain and got this mail today.
Does this look legit to you?


I got this email on my personal email that i used on the server provider.
and the link to their bulshit.
http://ad-facebook.com/instagram.html

No, phishing 100%. Good strategy though, it’s been around for a while.

I got the same email about month ago, I checked everything and its legitimate. My hosting confirmed too. I shutdown my host and domain immediately. Asked domain provider to close the name. It had also instagram word in my domain, same case as yours…

I thought the same, but its not phishing

There is no link to click or smth like that.
There is a page to the “trademark” page,which i clicked and it was just a normal page with text.
@iki did your domain provider get the same email?

ad-facebook.com is owned by Facebook - if they did not use fake info for the WHOIS
Weird that they don’t use an HTTPS link, but then again it’s FB…

Ray_Von

1 point·[20 hours ago]

Hey I received a domain copyright infringement notice from ad-facebook.com recently.

I found this reddit thread and thought maybe it’s a scam, but I did further digging (long version here: https://pastebin.com/MZEfnnZL) and have concluded that:

It seems the Domain ad-facebook.com is actually owned by Facebook’s Registrar themselves (which does not offer Retail Domains), and may be a specific organisational unit dedicated to pursuing Domain Infringement issues for Facebook, Inc, so I have replied to the email I received from ad-facebook.com about a domain I manage, and I will post back here with updates.

PS. My digging assumes ICANN/DNS/Facebook has not been hacked.

Thanks for your input!

Yes… if you investigate their registar you will find out its from Facebook and its legitimate

Here is a reply from my hosting as I was suspicious at first too but it is legitimate…

Hello,

Thank you for your prompt response and for your cooperation.

The notification is legitimate. RegistrarSEC is Facebook’s subsidiary domain registrar. The email came directly from Facebook or its agents. The posters on Reddit are mistaken.

Evidence is below:

WHOIS results and HTTP redirect of facebook.com’s registrar’s website establish that Facebook owns the ad-facebook.com domain:

> whois facebook.com | grep Registrar\ URL
Registrar URL: http://www.registrarsafe.com
> wget http://www.registrarsafe.com
–2020-09-06 20:52:01-- http://www.registrarsafe.com/
Resolving www.registrarsafe.com (www.registrarsafe.com)… 2a03:2880:f134:183:face:b00c:0:25de, 157.240.19.35
Connecting to www.registrarsafe.com (www.registrarsafe.com)|2a03:2880:f134:183:face:b00c:0:25de|:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://registrarsec.com/ [following]
–2020-09-06 20:52:01-- https://registrarsec.com/
Loaded CA certificate ‘/etc/ssl/certs/ca-certificates.crt’
Resolving registrarsec.com (registrarsec.com)… 192.0.79.33
Connecting to registrarsec.com (registrarsec.com)|192.0.79.33|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.1’

index.html.1 [ <=> ] 22.28K --.-KB/s in 0.003s

2020-09-06 20:52:01 (6.99 MB/s) - ‘index.html.1’ saved [22819]

Received header from notice email indicate that the email was relayed by ad-facebook.com’s authorized relaying infrastructure:

Received: from e229-193.smtp-out.amazonses.com ([23.251.229.193]:33282)

> dig +short TXT ad-facebook.com
“v=spf1 include:_spf.google.com include:amazonses.com -all”
> dig +short TXT amazonses.com
“google-site-verification=aOJq8aXEtCO23r176f6iOTGt-RVuPv81XPtBuIzRTx0”
“mailru-verification: 71ab435de908d6ed”
“v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:23.249.208.0/20 ip4:23.251.224.0/19 ip4:76.223.176.0/20 -all”

Thank you for your cooperation in removing the domain. This abuse ticket is now closed. We will be in touch if anything further arises.

Best regards,

I did investigate both domains.
ad-facebook is owned by fb
tiredacces.com

You are not allowed to use instagram word in any domain… but you can do whatever you think, check it out with your hosting

1 Like

What a scammy business these cunts at FB are doing,emailing people using scammy emails for Gods sake.
A big company like FB and they use 3rd parties dodgy emails and notices to confused people.
Corporation Evil at its best.
@iki did you reply or email them saying that you took action?
They demand i email them saying i will take action.

Reddit user Ray_Von had not heard back yet

Well I asked my domain registrar to close the domain immediately and my hosting was happy with that… I deleted content from it too. I had site setup for selling followers, likes etc. I could risk moving to another host servers but I didnt want to do it

1 Like

This is crazy,anyways even I think you should not use Instagram’s name in your domain,instead use ig/insta and I have seen domains with that name who are still in the air.