I’m not sure what’s more foolish—attempting to capitalize off the name, image, and likeness of Ariana Grande, the world’s most-followed woman on Instagram, or attempting to pull a fast one over Facebook by registering a domain or series of web-addresses, with hopes of confusing consumers? Either way, there is some serious legal coming out of both.

Don’t Register Domains With the Words ‘Facebook’ or ‘Instagram’

Last week, Facebook’s Platform Enforcement and Litigation division announced that it filed a trademark infringement lawsuit in the U.S. District Court for the Northern District of California against domain name registrar, OnlineNIC (“Defendant OnlineNIC”) and its privacy/proxy service ID Shield (“Defendant ID Shield”) for allegedly registering domain names, or web addresses that pretended to be affiliated with Facebook.

Grit Daily obtained and reviewed the court documents from the PACER system.

The High Cost of ‘Cybersquatting’ –And Yes, It’s a Federal Crime

The basis for Facebook’s lawsuit against OnlineNIC and ID Shield involves the companies continuous, ongoing behavior of “cybersquatting.”

“Cybersquatting” is the intentional act of registering web addresses that are extremely similar to an existing popular, recognized trademark that rightfully belongs to that particular trademark holder. In plain English, it’s basically phishing, but

Under Section 43(d) of the Lanham Act, or the Anti-Cybersquatting Piracy Act (ACPA), trademark holders have a cause of action available to them against anyone who, with a bad faith intent to profit from the goodwill of another’s trademark, registers, traffics in, or uses a domain name that is identical to, or confusingly similar to a distinctive mark, or dilutive of a famous mark, without regard to the goods or services of the parties.

According to the Complaint, the Defendants “registered, used, or trafficked in, at least the following 20 domain names (“Infringing Domain Names”) that are identical or confusingly similar” to Facebook and Instagram’s trademarks, respectively:

  • Facebook-fans-buy.com
  • Facebook-mails.com
  • Facebook-pass.com
  • Facebook-pw.com
  • Facebookphysician.com
  • Facebookvideodownload.net
  • Findfacebookid.com
  • Hackingfacebook.net
  • Hacksomeonesfacebook.com
  • 1amsocialfacebook.net
  • Trollfacebook.com
  • www-facebook-login.com
  • www-facebook-pages.com
  • buyinstagramfans.com
  • instaface.org
  • instagram01.com
  • iiinstagram.com
  • login-1instargram.com
  • m-facebook-login.com
  • singin-Instargram.com

Defendant ID Shield is the registrant for each of the Infringing Domain Names, according to the complaint, whereby Defendant OnlineNIC controls certain business operations of Defendant ID Shield, including sharing the same technical support staff and technical support services being provided by the same person(s).

Should There Be Penalties for a ‘Reckless Disregard’ for the Intellectual Property of Others?

Having reviewed the attached Exhibits, this is nothing short of a group of black-hatters that care only for deceiving and (hopefully) obtaining the personal information of users by capitalizing off the value that is Facebook and Instagram’s name, image, likeness, and overall registered intellectual property.

Even more concerning about these registered domain names are that to the average consumer, some of these appear legitimate enough to click on from a search engine or even an online advertisement. And therein lies the problem.

Simply visiting any of these websites directly, should trigger a warning from your ad-blocker or virus-scanner that the site is potentially harmful—and no shit, look at the efforts the Defendants’ have gone through.

Source: PACER

Source: PACER

Source: PACER

Source: PACER

But according to legal documents, this isn’t the first time Defendant OnlineNIC has been called out for cybersquatting upon well-recognized trademarks.

Verizon v. OnlineNic

Back on December 19, 2008, OnlineNIC was “found liable for registering over 600 domain names that were confusingly similar to VERIZON’s trademark.”

In the Verizon case, the Court awarded $33.15 million in damages and denied OnlineNIC’s motion to set aside or reduce the judgment.

Yahoo v. OnlineNIC

On that same day, but in a separate action, Verizon’s subsidiary Yahoo! Inc. alleged that OnlineNIC registered close to “554 domain names that were identical or confusingly similar to its trademarks.”

Over the years, Defendant OnlineNIC has been named in administrative complaints filed under the Uniform Domain-Name Dispute-Resolution Policy (“UDRP”), where in each of these complaints, the company has admitted to providers that it was the registrant of those domain names at issue.

Under the UDRP, all web registrars are required to resolve trademark-based domain-name disputes by agreement, court action, or arbitration before a registrar will cancel, suspend, or transfer a domain name. Disputes alleged to arise from abusive registration, such as the case Facebook/Instagram is pursuing against the Defendants’, may be addressed by expedited administrative proceedings that the holder of trademark rights (Facebook/Instagram) initiates by filing a complaint with an approved dispute-resolution service provider, which it did.

For more information on the UDRP policy, click here.

The problem with both Defendants here is how they operate under one or more aliases, including “Junlon Zhen,” “lenawoo,” and “China-Channel,” to hide its involvement in registering as a registrant. No different than a straight-out fraud.

Hell, on the Defendant’s website, they actually state that “OnlineNIC ID Shield acts as a firewall between [user] and outside world, instead of your personal information being available to the public, the eyes of information prier will target at OnlineNIC ID Shield.” In other words, some real sketchy black-hat shit.

Source: PACER

In connection with these registered domain names, the complaint further alleges that in some instances, the Infringing Domain Names have been used for “malicious activity, including to host websites directing visitors to other commercial sites, phishing, selling purported tools for hacking.” The complaint sets forth several exhibits and attachments of those websites.

In connection with these phishing scams, the complaint identified the following domain name email servers that were configured to facilitate email:

  • facebook-mails.com
  • facebook-pass.com
  • facebook-pw.com
  • facebookvideodownload.net
  • findfacebookid.com
  • hackinfacebook.net
  • hacksomeonesfacebook.com
  • login-Instargram.com
  • m-facebook-login.com
  • singin-Instargram.com, and
  • trollfacebook.com

The Exhibits attached to the Complain show that Defendant OnlineNIC agreed that Defendant ID Shield “shall accept liability for harm caused by wrongful use of the Registered Name, unless it discloses the current contact information provided by the licensee and the identity of the licensee within seven (7) days to a party providing [ID Shield] reasonable evidence of actionable harm.

Even more fucked up is that these service agreements that both Defendants require the other to sign, anticipates this very instance, where one or both will be sued for the misuse and abuse of domain names, including claims for trademark infringement and cybersquatting, requiring parties to those agreements to indemnify against such claims.

Source: PACER

According to the complaint, Defendant ID Shield failed to disclose the identity or any contact information of the licensee when presented with reasonable evidence of actionable harm by Facebook or their authorized representatives with respect to the infringement and cybersquatting claims—and get this, Defendant ID Shield never responded to notices Facebook sent to cease and desist.


By and through counsel, Tucker Ellis LLP, Facebook and Instagram have demanded a jury trial to decide all the issues identified and plead in the complaint.

Track This Case— 3:19cv7071, Facebook, Inc. Et Al V. Onlinenic Inc Et Al