API tools faq
paste
anonPB123

ad-facebook.com digging

anonPB123
Oct 15th, 2020 (edited)
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.06 KB | None | 0 0
raw download clone embed print report
  1. Link back to reddit: https://www.reddit.com/r/LegalAdviceUK/comments/hgmg6v/trademark_infringement_email_from_facebook/
  2.  
  3. Hi guys!
  4. I have also received a domain copyright notice email from ad-facebook.com recently and I am also trying to find out if ad-facebook.com is legit.
  5.  
  6. After reading your posts, I thought it's a scam, BUT I have found something which I THINK, suggests that ad-facebook.com could be legitimately part of the real Facebook:
  7.  
  8. Here are the ICANN Lookup (https://lookup.icann.org/) results (trimmed for relevancy) for both domains:
  9.  
  10. Domain: facebook.com:
  11. Registrar Information
  12. Name: RegistrarSafe, LLC
  13. IANA ID: 3237
  14. Abuse contact email: abusecomplaints@registrarsafe.com
  15. Registrar Server URL: https://rdap.registrarsafe.com/domain/FACEBOOK.COM
  16.  
  17. Domain: ad-facebook.com:
  18. Registrar Information
  19. Name: RegistrarSEC LLC
  20. IANA ID: 2475
  21. Abuse contact email: abusecomplaints@registrarsec.com
  22. Registrar Server URL: https://rdap.registrarsec.com/domain/AD-FACEBOOK.COM
  23.  
  24. So, those domains apparently use two different Registrars:
  25.  
  26. facebook.com uses: RegistrarSafe, LLC (http://registrarsafe.com)
  27. ad-facebook.com uses: RegistrarSEC LLC (http://registrarsec.com)
  28.  
  29. Now, visiting FB's registrar Domain (registrarsafe.com) in a Browser:
  30. - The nameserver's and webserver's IP's for the domain registrarsafe.com are owned by Facebook.
  31.  
  32. HTTP: (http://registrarsafe.com) is redirected to: https://registrarsec.com/ (which is the Registrar Domain of ad-facebook.com)
  33. HTTPS: (https://registrarsafe.com) get's a browser warning, because the TLS Certificate domain name does not match registrarsafe.com, BUT the TLS Certificate provided by the webserver here, is the main, valid TLS Certificate, for facebook.com and all it's facebook web services.
  34. - If you advance past the Browser warning, you get the same redirect to: https://registrarsec.com/.
  35.  
  36. So, as long as nothing is hacked here (ICANN/DNS/Facebook), we can see that Facebook themselves (or at LEAST, their Registrar from ICANN), are redirecting web requests for the domain registrarsafe.com to registrarsec.com.
  37.  
  38. So in a Browser now we visit the ad-facebook.com Registrar Domain, which is also where Facebook redirects it's Registrar URL to.
  39. - The nameserver's and webserver's IP's for registrarsec.com are owned by Amazon Web Services (AWS).
  40. https://registrarsec.com/
  41. Which shows this (trimmed for relevance):
  42.  
  43. 'RegistrarSEC, LLC and RegistrarSafe, LLC are ICANN-accredited registrars formed in Delaware and are wholly-owned subsidiaries of Facebook, Inc. We are not accepting retail domain name registrations.'
  44.  
  45. So, I THINK, if we trust all this chain: ICANN->DNS->Facebook.com->& The content on https://registrarsec.com:
  46. Then ad-facebook.com is legit.
  47.  
  48. There is more info on https://registrarsec.com with Mailing address/Staff names etc, but my investigation ability ends here.
  49.  
  50. I am simply going to reply to ad-facebook.com as I think it may be legit, given the info above.
  51.  
  52. I will update in reddit thread (same as top link):
  53. https://www.reddit.com/r/LegalAdviceUK/comments/hgmg6v/trademark_infringement_email_from_facebook/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!