March 27, 2023

The area identify registrar Freenom, whose free domains have lengthy been a draw for spammers and phishers, has stopped permitting new area identify registrations. The transfer comes simply days after the Dutch registrar was sued by Meta, which alleges the corporate ignores abuse complaints about phishing web sites whereas monetizing site visitors to these abusive domains.

Freenom’s web site contains a message saying it’s not at the moment permitting new registrations.

Freenom is the area identify registry service supplier for 5 so-called “nation code prime stage domains” (ccTLDs), together with .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau.

Freenom has at all times waived the registration charges for domains in these country-code domains, presumably as a solution to encourage customers to pay for associated companies, comparable to registering a .com or .web area, for which Freenom does cost a payment.

On March 3, 2023, social media big Meta sued Freenom in a Northern California courtroom, alleging cybersquatting violations and trademark infringement. The lawsuit additionally seeks details about the identities of 20 completely different “John Does” — Freenom clients that Meta says have been notably energetic in phishing attacks in opposition to Fb, Instagram, and WhatsApp customers.

The lawsuit factors to a 2021 study (PDF) on the abuse of domains carried out by Interisle Consulting Group, which found that these ccTLDs operated by Freenom made up 5 of the High Ten TLDs most abused by phishers.

“The 5 ccTLDs to which Freenom gives its companies are the TLDs of alternative for cybercriminals as a result of Freenom gives free area identify registration companies and shields its clients’ identification, even after being offered with proof that the domains are getting used for unlawful functions,” the grievance prices. “Even after receiving notices of infringement or phishing by its clients, Freenom continues to license new infringing domains to those self same clients.”

Meta additional alleges that “Freenom has repeatedly didn’t take applicable steps to analyze and reply appropriately to studies of abuse,” and that it monetizes the site visitors from infringing domains by reselling them and by including “parking pages” that redirect guests to different industrial web sites, web sites with pornographic content material, and web sites used for malicious exercise like phishing.

Freenom has not but responded to requests for remark. However makes an attempt to register a website by way of the corporate’s web site as of publication time generated an error message that reads:

“Due to technical points the Freenom software for brand spanking new registrations is quickly out-of-order. Please settle for our apologies for the inconvenience. We’re engaged on an answer and hope to renew operations shortly. Thanks in your understanding.”

Picture: Interisle Consulting Group, Phishing Panorama 2021, Sept. 2021.

Though Freenom relies in The Netherlands, a few of its different sister corporations named as defendants within the lawsuit are integrated in america.

Meta initially filed this lawsuit in December 2022, nevertheless it requested the courtroom to seal the case, which might have restricted public entry to courtroom paperwork within the dispute. That request was denied, and Meta amended and re-filed the lawsuit final week.

Based on Meta, this isn’t only a case of one other area identify registrar ignoring abuse complaints as a result of it’s unhealthy for enterprise. The lawsuit alleges that the house owners of Freenom “are a part of an internet of corporations created to facilitate cybersquatting, all for the good thing about Freenom.”

“On data and perception, a number of of the ccTLD Service Suppliers, ID Protect, Yoursafe, Freedom Registry, Fintag, Cervesia, VTL, Joost Zuurbier Administration Companies B.V., and Doe Defendants have been created to cover property, guarantee illegal exercise together with cybersquatting and phishing goes undetected, and to additional the targets of Freenom,” Meta charged.

It stays unclear why Freenom has stopped permitting area registration, nevertheless it could possibly be that the corporate was just lately the topic of some sort of disciplinary motion by the Web Company for Assigned Names and Numbers (ICANN), the nonprofit entity which oversees the area registrars.

In June 2015, ICANN suspended Freenom’s potential to create new domains or provoke inbound transfers of domains for 90 days. Based on Meta, the suspension was premised on ICANN’s willpower that Freenom “has engaged in a sample and observe of trafficking in or use of domains equivalent or confusingly much like a trademark or service mark of a 3rd celebration through which the Registered Title Holder has no rights or professional curiosity.”

ICANN has not but responded to requests for remark.

A replica of the amended grievance in opposition to Freenom, et. al, is obtainable right here (PDF).