Latest news of the domain name industry

Recent Posts

As judge freezes assets, is this OnlineNic domain portfolio really worth $70,000?

A California court has frozen the assets of beleaguered Chinese/American registrar OnlineNic, at the behest of Facebook, which is suing the company for alleged cybersquatting.

The judge in the case Friday mostly granted Facebook’s request for a temporary restraining order, banning OnlineNic from transferring money or domains out of the country.

It had discovered that the registrar had started transferring domains it has registered in its own name — about 600 of them — out of the country, to China-based Ename.

OnlineNic had told the court it could no longer afford to defend the case, and that it would shut up shop July 26.

Following Facebook’s request for a TRO, the registrar said it was merely moving the names to Ename so it could use its secondary market platform to raise $70,000 of the $75,000 needed to pay the so-called “Special Master”.

This is a court-appointed agent who had conducted a review of OnlineNic’s ticketing system records and found the company had deleted or obfuscated huge chunks of potential evidence.

OnlineNic has now told the court that it’s found a potential buyer, willing to pay $70,000 for the names in question.

This is the portfolio (pdf).

I’m no domain broker — I’m not even a domain investor — but even I have to wonder who would pay $70,000, or about $120 per name, for this junk. By sight alone, hardly any of them seem to be worth the base reg fee.

I’m guessing they’re dropped domains with traffic and/or the opportunity of selling them back to a forgetful original registrant.

Facebook’s war on privacy claims first registrar scalp

China’s oldest accredited registrar says it will shut up shop permanently next week after being sued into the ground by Facebook, apparently the first victim of the social media giant’s war against Whois privacy.

Facebook sued OnlineNIC in 2019 alleging widespread cybersquatting of its brands. The complaint cited 20 domains containing the Facebook or Instagram trademarks and asserted that the registrar, and not a customer, was the true registrant.

The complaint named ID Shield, apparently OnlineNIC’s Hong Kong-based Whois privacy service, as a defendant and was amended in March this year to add as a defendant 35.cn, another registrar that Facebook says is an alter ego of OnlineNic.

The amended complaint listed an addition 15 squatted domains, for 35 in total.

This week, OnlineNIC director Carrie Yu (aka Carrie Arden aka Yu Hongxia), told the court:

Defendants do not have the financial resources to continue to defend the instant litigation, and accordingly no longer intend to mount a defense. Defendants do not intend to file any oppositions to any pending filing… Subject to any requirements of ICANN, Defendants intend to cease business operations on July 26, 2021.

But Facebook reckons the registrar is about to do a runner to avoid paying almost $75,000 in court fees already incurred and avoid the jurisdiction of the California court where the case is being heard.

Facebook had asked for $3.5 million in penalties in a proposed judgment and OnlineNIC had not opposed.

While it presents itself as American, it appears that OnlineNIC is little more than a shell in the US.

Its official headquarters are little more than a lock-up garage surrounded by builders’ merchants in a grim, windowless facility just off the interstate near Oakland, California.

Its true base appears to be a business park in Xiamen, China, where 35.cn/35.com operates. The company has boasted in the past of being China’s first and oldest ICANN-accredited registrar, getting its foot in the door when the floodgates opened in 1999.

Facebook is now asking the court for a temporary restraining order freezing the defendants’ financial and domain assets, and for a domain broker to be appointed to liquidate its domain portfolio.

If you’re a legit OnlineNIC customer, you might be about to find yourself in a world of hurt.

OnlineNIC had just over 624,000 gTLD domains under management at the last count. 35.cn had another 200,000.

The lawsuit is one of three Facebook is currently fighting against registrars, one prong of its strategy to pressure the ICANN community to open up Whois records rendered private by EU law and consequent ICANN policy.

OnlineNIC is the low-hanging fruit of the trio and the first to be sued. It already faced cybersquatting cases filed by Verizon, Yahoo and Microsoft in 2009. The Verizon case came with a $33 million judgment.

Facebook has also sued the rather less shady registrars Namecheap and Web.com (now Newfold Digital) on similar grounds.

Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit

Kevin Murphy, April 16, 2021, Domain Registrars

Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.

The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.

While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.

Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.

But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.

While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.

Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.

It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.

Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.

One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.

The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.

Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.

Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.

Here’s the complaint (pdf).

Facebook WILL sue more registrars for cybersquatting

Kevin Murphy, March 13, 2020, Domain Registrars

Facebook has already sued two domain name registrars for alleged cybersquatting and said yesterday that it will sue again.

Last week, Namecheap became the second registrar in Facebook’s legal crosshairs, sued in in its native Arizona after allegedly failing to take down or reveal contact info for 45 domains that very much seem to infringe on its Facebook, Instagram and WhatsApp trademarks.

In the complaint (pdf), which also names Namecheap’s Panama-based proxy service Whoisguard as a defendant, the social media juggernaut claims that Whoisguard and therefore Namecheap is the legal registrant for dozens of clear-cut cases of cybersquatting including facebo0k-login.com, facebok-securty.com, facebokloginpage.site and facebooksupport.email.

In a brief statement, Facebook said these domains “aim to deceive people by pretending to be affiliated with Facebook apps” and “can trick people into believing they are legitimate and are often used for phishing, fraud and scams”.

Namecheap was asked to reveal the true registrants behind these Whoisguard domains between October 2018 and February 2020 but decline to do so, according to Facebook.

The complaint is very similar to one filed against OnlineNIC (pdf) in October.

And, according to Margie Milam, IP enforcement and DNS policy lead at Facebook, it won’t be the last such lawsuit.

Speaking at the second public forum at ICANN 67 yesterday, she said:

This is the second in a series of lawsuits Facebook will file to protect people from the harm caused by DNS abuse… While Facebook will continue to file lawsuits to protect people from harm, lawsuits are not the answer. Our preference is instead to have ICANN enforce and fully implement new policies, such as the proxy policy, and establish better rules for Whois.

Make no mistake, this is an open threat to fence-sitting registrars to either play ball with Facebook’s regular, often voluminous requests for private Whois data, or get taken to court. All the major registrars will have heard her comments.

Namecheap responded to its lawsuit by characterizing it as “just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard”, according to a statement from CEO Richard Kirkendall.

The registrar has not yet had time to file its formal reply to the legal complaint, but its position appears to be that the domains in question were investigated, found to not be engaging in nefarious activity, and were therefore vanilla cases of trademark infringement best dealt with using the UDRP anti-cybersquatting process. Kirkendall said:

We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.

UDRP complaints usually take several weeks to process, which is not much of a tool to be used against phishing attacks, which emerge quickly and usually wind down in a matter of a few days.

Facebook’s legal campaign comes in the context of an ongoing fight about access to Whois data. The company has been complaining about registrars failing to hand over customer data ever since Europe’s GDPR privacy regulation came into effect, closely followed by a new, temporary ICANN Whois policy, in May 2018.

Back then, its requests showed clear signs of over-reach, though the company claims to have scaled-back its requests in the meantime.

The lawsuits also come in the context of renewed attacks at ICANN 67 on ICANN and the domain industry for failing to tackle so-called “DNS abuse”, which I will get to in a follow-up article.