Latest news of the domain name industry

Recent Posts

As judge freezes assets, is this OnlineNic domain portfolio really worth $70,000?

A California court has frozen the assets of beleaguered Chinese/American registrar OnlineNic, at the behest of Facebook, which is suing the company for alleged cybersquatting.

The judge in the case Friday mostly granted Facebook’s request for a temporary restraining order, banning OnlineNic from transferring money or domains out of the country.

It had discovered that the registrar had started transferring domains it has registered in its own name — about 600 of them — out of the country, to China-based Ename.

OnlineNic had told the court it could no longer afford to defend the case, and that it would shut up shop July 26.

Following Facebook’s request for a TRO, the registrar said it was merely moving the names to Ename so it could use its secondary market platform to raise $70,000 of the $75,000 needed to pay the so-called “Special Master”.

This is a court-appointed agent who had conducted a review of OnlineNic’s ticketing system records and found the company had deleted or obfuscated huge chunks of potential evidence.

OnlineNic has now told the court that it’s found a potential buyer, willing to pay $70,000 for the names in question.

This is the portfolio (pdf).

I’m no domain broker — I’m not even a domain investor — but even I have to wonder who would pay $70,000, or about $120 per name, for this junk. By sight alone, hardly any of them seem to be worth the base reg fee.

I’m guessing they’re dropped domains with traffic and/or the opportunity of selling them back to a forgetful original registrant.

Facebook’s war on privacy claims first registrar scalp

China’s oldest accredited registrar says it will shut up shop permanently next week after being sued into the ground by Facebook, apparently the first victim of the social media giant’s war against Whois privacy.

Facebook sued OnlineNIC in 2019 alleging widespread cybersquatting of its brands. The complaint cited 20 domains containing the Facebook or Instagram trademarks and asserted that the registrar, and not a customer, was the true registrant.

The complaint named ID Shield, apparently OnlineNIC’s Hong Kong-based Whois privacy service, as a defendant and was amended in March this year to add as a defendant 35.cn, another registrar that Facebook says is an alter ego of OnlineNic.

The amended complaint listed an addition 15 squatted domains, for 35 in total.

This week, OnlineNIC director Carrie Yu (aka Carrie Arden aka Yu Hongxia), told the court:

Defendants do not have the financial resources to continue to defend the instant litigation, and accordingly no longer intend to mount a defense. Defendants do not intend to file any oppositions to any pending filing… Subject to any requirements of ICANN, Defendants intend to cease business operations on July 26, 2021.

But Facebook reckons the registrar is about to do a runner to avoid paying almost $75,000 in court fees already incurred and avoid the jurisdiction of the California court where the case is being heard.

Facebook had asked for $3.5 million in penalties in a proposed judgment and OnlineNIC had not opposed.

While it presents itself as American, it appears that OnlineNIC is little more than a shell in the US.

Its official headquarters are little more than a lock-up garage surrounded by builders’ merchants in a grim, windowless facility just off the interstate near Oakland, California.

Its true base appears to be a business park in Xiamen, China, where 35.cn/35.com operates. The company has boasted in the past of being China’s first and oldest ICANN-accredited registrar, getting its foot in the door when the floodgates opened in 1999.

Facebook is now asking the court for a temporary restraining order freezing the defendants’ financial and domain assets, and for a domain broker to be appointed to liquidate its domain portfolio.

If you’re a legit OnlineNIC customer, you might be about to find yourself in a world of hurt.

OnlineNIC had just over 624,000 gTLD domains under management at the last count. 35.cn had another 200,000.

The lawsuit is one of three Facebook is currently fighting against registrars, one prong of its strategy to pressure the ICANN community to open up Whois records rendered private by EU law and consequent ICANN policy.

OnlineNIC is the low-hanging fruit of the trio and the first to be sued. It already faced cybersquatting cases filed by Verizon, Yahoo and Microsoft in 2009. The Verizon case came with a $33 million judgment.

Facebook has also sued the rather less shady registrars Namecheap and Web.com (now Newfold Digital) on similar grounds.

Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit

Kevin Murphy, April 16, 2021, Domain Registrars

Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.

The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.

While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.

Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.

But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.

While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.

Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.

It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.

Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.

One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.

The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.

Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.

Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.

Here’s the complaint (pdf).

Facebook lawsuit brings one country’s domain to a screeching halt

Kevin Murphy, February 22, 2021, Domain Registries

Bangladesh’s ccTLD registry has reportedly frozen all registrations and transfers after a cybersquatting lawsuit filed by Facebook.

According to local reports a couple weeks back, Bangladesh Telecommunications Company Ltd has implemented Draconian pre-registration roadblocks to registration, such that only exact-match domain names are available to individuals and organizations.

And Western corporate registrar CSC said today that BTCL has “implemented a temporary suspension to registration and transfer orders due to an ongoing legal matter” and is “diligently working to draft new regulations and procedures for registration orders.”

Registrants can still manage their Whois and DNS settings as normal, CSC said.

Facebook sued the registrant of the domain facebook.com.bd last November, asking for the domain to be cancelled and for $50,000 in damages, dragging BTCL into the case.

According to reports, the domain had been registered in 2008 when the registry used a largely paper-based system, but Facebook only resorted to the courts last year when the registrant listed it for sale for $6 million.

It’s a textbook case of cybersquatting, but .bd evidently does not have the mechanisms — such as UDRP — to handle such malfeasance outside of the courts.

While a Dhaka court reportedly issued an injunction against the domain in question, it’s still resolving and still listed for sale at $6 million.

Security firm sues Facebook to overturn UDRP loss of “good faith” typo domains

Kevin Murphy, February 11, 2021, Domain Services

Security company Proofpoint has sued Facebook in order to keep hold of several typo domains that are deliberately intended to look like its Facebook and Instagram brands.

Proofpoint wants an Arizona court to declare that facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net and instagrarn.org are not cases of cybersquatting because they were not registered in bad faith.

Proofpoint — a $7 billion company that certainly does not phish — uses the domains in anti-phishing employee training services, as it describes in its complaint:

Proofpoint uses intentionally domain names that look like typo-squatted versions of recognizable domain names, such as , and the other Domain Names at issue in these proceedings.

By using domain names similar to those of well-known companies, Proofpoint is able to execute a more effective training program because the workforce is more likely to learn to distinguish typo-squatted domains, which are commonly abused by bad actors to trick workers, from legitimate domain names.

Employees who click the bogus links are taken to harmless web pages describing how they were duped.

The court case comes shortly after Facebook prevailed in a UDRP case filed with WIPO.

In that case, the panelist decided that Proofpoint had no legitimate interest in the domains because they led to web sites that linked to Proofpoint’s web site, where commercial services are offered.

He therefore found that the names had been registered in bad faith, because visitors could assume that Facebook or Instagram in some way endorsed these services.

Proofpoint wants the court to reverse that decision and allow it to keep the names. Here’s the complaint (pdf).

It strikes me as at the very least bad form for Facebook to go after these domains, given that Proofpoint is tackling the Facebook phishing problem at source — user idiocy — rather than the reactive, interminable UDRP whack-a-mole Facebook seems to be engaging in.

Facebook to enter the retail registrar business?

Kevin Murphy, October 26, 2020, Domain Registrars

Worryingly perhaps for the retail registrar market, Facebook has revealed it’s due to launch a set of business web-hosting services.

The company said in a blog post last week that it plans to reveal Facebook Hosting Services “over the coming months”.

While very little is known about these services, Facebook appears to be interested in leveraging its popular WhatsApp messaging platform. The company blogged:

Facebook Hosting Services – Businesses have varying technology needs and want choice in the companies they work with to host and manage customer communications, particularly with remote work increasing. Which is why over the coming months, we plan to expand our partnerships with business solution providers we’ve worked with over the last two years. We will also provide a new option for businesses to manage their WhatsApp messages via hosting services that Facebook plans to offer. Providing this option will make it easier for small and medium size businesses to get started, sell products, keep their inventory up to date, and quickly respond to messages they receive – wherever their employees are.

There’s no mention of domains there, but domains almost always go hand in hand with hosting.

The fact that a company with Facebook’s reach is venturing into hosting will surely worry registrars that already make a huge chunk of their revenue from such services.

Facebook URLs are already considered a valid alternative to domain names for many small and micro-businesses, so there’s a question mark next to Facebook’s intention with regards domains.

Facebook already owns at least two ICANN-accredited registrars, RegistrarSEC and RegistrarSafe, but they do not sell domains to third parties.

The two registrars are currently basically an insurance policy against Facebook’s hugely valuable domains being suspended or transferred by third-party registrars in response to court orders.

RegistrarSEC appears to be the preferred registrar for Facebook’s defensive domains. Its domains under management number has been growing by hundreds per month for the last few years. It has over 8,500 names currently.

RegistrarSafe is the sponsoring registrar for about 175 of Facebook’s key domains, such as facebook.com and instagram.com.

Facebook’s UDRP wins seem to usually wind up at law firm Hogan Lovells’ registrar.

Facebook WILL sue more registrars for cybersquatting

Kevin Murphy, March 13, 2020, Domain Registrars

Facebook has already sued two domain name registrars for alleged cybersquatting and said yesterday that it will sue again.

Last week, Namecheap became the second registrar in Facebook’s legal crosshairs, sued in in its native Arizona after allegedly failing to take down or reveal contact info for 45 domains that very much seem to infringe on its Facebook, Instagram and WhatsApp trademarks.

In the complaint (pdf), which also names Namecheap’s Panama-based proxy service Whoisguard as a defendant, the social media juggernaut claims that Whoisguard and therefore Namecheap is the legal registrant for dozens of clear-cut cases of cybersquatting including facebo0k-login.com, facebok-securty.com, facebokloginpage.site and facebooksupport.email.

In a brief statement, Facebook said these domains “aim to deceive people by pretending to be affiliated with Facebook apps” and “can trick people into believing they are legitimate and are often used for phishing, fraud and scams”.

Namecheap was asked to reveal the true registrants behind these Whoisguard domains between October 2018 and February 2020 but decline to do so, according to Facebook.

The complaint is very similar to one filed against OnlineNIC (pdf) in October.

And, according to Margie Milam, IP enforcement and DNS policy lead at Facebook, it won’t be the last such lawsuit.

Speaking at the second public forum at ICANN 67 yesterday, she said:

This is the second in a series of lawsuits Facebook will file to protect people from the harm caused by DNS abuse… While Facebook will continue to file lawsuits to protect people from harm, lawsuits are not the answer. Our preference is instead to have ICANN enforce and fully implement new policies, such as the proxy policy, and establish better rules for Whois.

Make no mistake, this is an open threat to fence-sitting registrars to either play ball with Facebook’s regular, often voluminous requests for private Whois data, or get taken to court. All the major registrars will have heard her comments.

Namecheap responded to its lawsuit by characterizing it as “just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard”, according to a statement from CEO Richard Kirkendall.

The registrar has not yet had time to file its formal reply to the legal complaint, but its position appears to be that the domains in question were investigated, found to not be engaging in nefarious activity, and were therefore vanilla cases of trademark infringement best dealt with using the UDRP anti-cybersquatting process. Kirkendall said:

We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.

UDRP complaints usually take several weeks to process, which is not much of a tool to be used against phishing attacks, which emerge quickly and usually wind down in a matter of a few days.

Facebook’s legal campaign comes in the context of an ongoing fight about access to Whois data. The company has been complaining about registrars failing to hand over customer data ever since Europe’s GDPR privacy regulation came into effect, closely followed by a new, temporary ICANN Whois policy, in May 2018.

Back then, its requests showed clear signs of over-reach, though the company claims to have scaled-back its requests in the meantime.

The lawsuits also come in the context of renewed attacks at ICANN 67 on ICANN and the domain industry for failing to tackle so-called “DNS abuse”, which I will get to in a follow-up article.

“Stringent” new online censorship law could affect domain companies

Kevin Murphy, April 8, 2019, Domain Policy

Blame Zuck.

The UK government is planning to introduce what it calls “stringent” new laws to tackle abusive behavior online, and there’s a chance it could wind up capturing domain name registries and registrars in its net.

The Department for Culture, Media and Sport this morning published what it calls the Online Harms White Paper, an initial 12-week consultation document that could lead to legislation being drafted at a later date.

The paper calls for the creation of a new independent regulator, charged with overseeing social media companies’ efforts to reduce the availability of content such as incitements to violence, self-harm, suicide, child abuse, “hate crime” and even “fake news”.

It basically would increase the amount of liability that companies have for user-generated content hosted on their services, even when that content is not necessarily illegal but is nevertheless considered “harmful”.

The regulator would have to create a code of conduct for companies the legislation covers to abide by.

When the code is breached, the regulator would have the authority to issue fines — possibly comparable to the 4% of profits that can be fined under GDPR — against not only the companies themselves but also their senior management.

The paper seems to most directly address ongoing tabloid scandals related to Facebook and its ilk, such as the suicide of Molly Russell, a 14-year-old who viewed material related to self-harm on Instagram before her death.

While it does not mention domain names once, the government clearly anticipates casting a wide net. The paper states:

The scope will include companies from a range of sectors, including social media companies, public discussion forums, retailers that allow users to review products online, along with non-profit organisations, file sharing sites and cloud hosting providers.

That’s a broad enough definition such that it could even cover blogs, including this one, that allow users to post comments.

The paper also discusses asking search engines to remove sites from their indexes, and compelling ISPs to block abusive sites as a “last resort” measure.

There’s a short mental hop from ISP blocking to domain name takedowns, in my view.

The paper also discusses steps the regulator could take to ensure companies with no UK legal presence are still covered by the rules.

While the paper, as I say, does not mention the domain name industry once, subsidiary services provided by registrars, such as hosting, could be directly affected.

There’s no guarantee that the paper will become a bill. There’s already a backlash from those who believe it constitutes unacceptable censorship, comparable to regimes such as in China.

There’s also no guarantee such a bill would eventually become law. The UK government is arguably currently the weakest it has ever been, with a propped-up minority in Parliament and many MPs in open revolt over Brexit.

With talk of an early general election incessant recently, it’s also possible the government may not last long enough to bring its plans to fruition.

Still, it’s probably something the domain industry, including ICANN, should probably keep an eye on.

The full 100-page white paper can be found here (pdf) and an executive summary can be read here.

Whois vacuum AppDetex raises $10 million

Kevin Murphy, March 20, 2019, Domain Registrars

Brand protection registrar AppDetex, which counts Facebook as its key customer, has raised $10 million in funding.

It’s the second round of venture capital for the six-year-old Boise, Idaho company. This one was led by First Analysis, with first-round investors EPIC Ventures and Origin Ventures each also taking an extra piece.

AppDetex says it has raised $17.5 million to date.

The company will be best known to registrars and other DI readers for its attempts last year to vacuum up vast amounts of Whois data, post-GDPR, on behalf of mainly Facebook.

The AppDetex WHOIS Requestor System (AWRS) is a semi-automated service that streamlines the process of requesting unredacted Whois records from registrars. I was given a demo last October.

The company came in for criticism for allegedly misrepresenting the results of its initial testing of the system, using the data to lobby ICANN and to market its product.

But AppDetex is apparently not just about the domains. It also offers brand monitoring services for social media platforms, app stores and web sites.

As a registrar, the company had a little over 1,500 gTLD domains under management at the last count, so the new investment is clearly not based upon its prowess as a volume registrar but rather on its value-added managed services.

AppDetex was founded by Faisal Shah (a founder of MarkMonitor) and Chris Bura (previously of AllDomains.com) in 2012.

The company has been closely affiliated with Facebook for some time.

Back in 2016, Facebook acquired RegistrarSEC, a registrar accreditation run by Shah and Bura that at the time was actually doing business under the name “AppDetex”, in order to protect Instagram.com from a Chinese court.

AppDetex has also hired staff from Facebook, and its general counsel is married to Facebook’s head of domain strategy.

According to data Tucows released a month ago, almost two thirds of the Whois requests it received since GDPR came into effect came from Facebook and AppDetex.

Surprise! Most private Whois look-ups come from Facebook

Kevin Murphy, February 20, 2019, Domain Policy

Facebook is behind almost two-thirds of requests for private Whois data, according to stats published by Tucows this week.

Tucows said that it has received 2,100 requests for Whois data since it started redacting records in the public database when the General Data Protection Regulation came into effect last May.

But 65% of these requests came from Facebook and its proxy, AppDetex, that has been hammering many registrars with Whois requests for months.

AppDetex is an ICANN-accredited brand-protection registrar, which counts Facebook as its primary client. It’s developed a workflow tool that allows it, or its clients, to semi-automatically send out Whois requests to registrars.

It sent at least 9,000 such requests between June and October, and has twice sent data to ICANN complaining about registrars not responding adequately to its requests.

Tucows has arguably been the registrar most vocally opposed to AppDetex’s campaign, accusing it of artificially inflating the number of Whois requests sent to registrars for political reasons.

An ICANN policy working group will soon begin to discuss whether companies such as Facebook, as well as security and law enforcement interests, should be able to get credentials enabling them to access private Whois data.

Tucows notes that it sees spikes in Whois requests coinciding with ICANN meetings.

Tucows said its data shows that 92% of the disclosure requests it has received so far come from “commercial interests”, mostly either trademark or copyright owners.

Of this 92%, 85% were identified as trademark interests, and 76% of those were Facebook.

Law enforcement accounted for 2% of requests, and security researchers 1%, Tucows said.