“Cybersquatting” Domain Name Registrar Sued by Facebook

Facebook, Instagram, and WhatsApp have sued domain registrars Namecheap and Whoisguard for cybersquatting, trademark infringement, false designation of origin and trademark dilution.

Facebook states that Namecheap and its alter ego Whoisguard is a domain name registrar that provides a proxy service to cybercriminals by hiding malicious domain names from the public. “These proxy services, like the services offered by Defendants, are increasingly used by cybercriminals and spammers as they cycle through domain names in order to conceal their identities and evade detection.”

“Whoisguard registers the domain name (as the registrant) and licenses the domain name to the individual or entity who uses the domain name…Whoisguard is listed as the registrant for the domain names which use the WhoisGuard service on publicly available domain name registration records,” the plaintiffs stated.

 Licensees of these domain names often use the service for “online abuse, including phishing, malware, spam and trademark infringement,” the plaintiffs alleged, and Namecheap has not taken action against abusive actors as required in the ICANN Registrar Accreditation Agreement. Whoisguard has also not provided information about the licensee, even when significant evidence is present that a licensee has inflicted harm. 

These domain name services result in the infringement of Facebook and its subsidiaries’ trademarks. Facebook states that both Namecheap and Whoisguard are both liable for harm as a result of their actions. The plaintiffs alleged that the defendants have violated the Lanham Act and the Anti-Cybersquatting Consumer Protection Act.

Facebook, Instagram, and WhatsApp each have registered trademarks including the wordmark and stylized wordmark.  They alleged that “Whoisguard registered, trafficked in, or used at least forty-five domain names that are identical or confusingly similar to the Facebook Trademarks, FB Trademarks, Instagram Trademarks, and WhatsApp Trademarks.” For example, “facebok-securty.com”; “facebo0k-login.com”; “instagramlogin.site”; “whatapp.services” and “joinwhatsappgroup.online.”

The defendants have not disclosed who has licensed these domain names, despite proven harm. According to the complaint, Namecheap’s domain name registration agreement states that “it will cancel its proxy service if a domain name is alleged to infringe on a third party’s trademark or if it receives valid evidence of trademark infringement.” The plaintiffs sent multiple notices to the defendants about the infringement.

Facebook accused Namecheap and Whoisguard of “bad faith intent to profit.” These infringing domains are allegedly “intended to divert consumers to websites using domain names that were identical or confusingly similar…the Infringing Domain Names have been used for malicious activity, including misdirecting visitors to commercial sites or to websites involved in scams, phishing, and selling purported tools for hacking.” Whoisguard has more than one thousand complaints against it for cybersquatting.

The plaintiffs have sought a permanent injunction, divestment of funds earned through unjust enrichment, an award of $100,000 per infringing domain name, attorney’s fees, and other relief as deemed by the court.

The suit is filed in the Arizona District Court. Facebook and the other defendants are represented by Snell & Wilmer, as well as Tucker Ellis.