The area identify registrar Freenom, whose free domains have lengthy been a draw for spammers and phishers, has stopped permitting new area identify registrations. The transfer comes simply days after the Dutch registrar was sued by Meta, which alleges the corporate ignores abuse complaints about phishing web sites whereas monetizing visitors to these abusive domains.
Freenom’s web site includes a message saying it’s not presently permitting new registrations.
Freenom is the area identify registry service supplier for 5 so-called “country code top level domains” (ccTLDs), together with .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau.
Freenom has at all times waived the registration charges for domains in these country-code domains, presumably as a technique to encourage customers to pay for associated companies, akin to registering a .com or .web area, for which Freenom does cost a price.
On March 3, 2023, social media big Meta sued Freenom in a Northern California courtroom, alleging cybersquatting violations and trademark infringement. The lawsuit additionally seeks details about the identities of 20 totally different “John Does” — Freenom clients that Meta says have been significantly energetic in phishing assaults towards Facebook, Instagram, and WhatsApp customers.
The lawsuit factors to a 2021 research (PDF) on the abuse of domains carried out by Interisle Consulting Group, which found that these ccTLDs operated by Freenom made up 5 of the Top Ten TLDs most abused by phishers.
“The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers’ identity, even after being presented with evidence that the domain names are being used for illegal purposes,” the criticism prices. “Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers.”
Meta additional alleges that “Freenom has repeatedly failed to take appropriate steps to investigate and respond appropriately to reports of abuse,” and that it monetizes the visitors from infringing domains by reselling them and by including “parking pages” that redirect guests to different business web sites, web sites with pornographic content material, and web sites used for malicious exercise like phishing.
Freenom has not but responded to requests for remark. But makes an attempt to register a site by means of the corporate’s web site as of publication time generated an error message that reads:
“Because of technical issues the Freenom application for new registrations is temporarily out-of-order. Please accept our apologies for the inconvenience. We are working on a solution and hope to resume operations shortly. Thank you for your understanding.”
Image: Interisle Consulting Group, Phishing Landscape 2021, Sept. 2021.
Although Freenom relies in The Netherlands, a few of its different sister corporations named as defendants within the lawsuit are included within the United States.
Meta initially filed this lawsuit in December 2022, nevertheless it requested the courtroom to seal the case, which might have restricted public entry to courtroom paperwork within the dispute. That request was denied, and Meta amended and re-filed the lawsuit final week.
According to Meta, this isn’t only a case of one other area identify registrar ignoring abuse complaints as a result of it’s unhealthy for enterprise. The lawsuit alleges that the homeowners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.”
“On information and belief, one or more of the ccTLD Service Providers, ID Shield, Yoursafe, Freedom Registry, Fintag, Cervesia, VTL, Joost Zuurbier Management Services B.V., and Doe Defendants were created to hide assets, ensure unlawful activity including cybersquatting and phishing goes undetected, and to further the goals of Freenom,” Meta charged.
It stays unclear why Freenom has stopped permitting area registration. In June 2015, ICANN suspended Freenom’s potential to create new domains or provoke inbound transfers of domains for 90 days. According to Meta, the suspension was premised on ICANN’s dedication that Freenom “has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest.”
A spokesperson for ICANN stated the group has no perception as to why Freenom may need stopped registering domains. But it stated Freenom (d/b/a OpenTLD B.V.) additionally obtained formal enforcement notices from ICANN in 2017 and 2020 for violating totally different obligations.
A replica of the amended criticism towards Freenom, et. al, is out there right here (PDF).
March 8, 6:11 p.m. ET: Updated story with response from ICANN. Corrected attribution of the area abuse report.