Citations

Full opinion text

ORDER DENYING DEFENDANT NAMECHEAP’S MOTION TO DISMISS MARGARET M. MORROW, District Judge. On August 17, 2008, plaintiff Solid Host, NL filed this action against defendants NameCheap, Inc., dba Whois Guard Protected; Demand Media, Inc., dba eNom, Inc.; and John Doe l. Solid Host alleges that Doe “hijacked” its domain name, < solidhost.com >. On March 20, 2009, NameCheap filed a motion to dismiss • the claims asserted against it for failure to state a claim under Rule 12(b)(6) of the Federal Rules of Civil Procedure. I. FACTUAL AND PROCEDURAL BACKGROUND A. Technical Background This action requires knowledge of certain of the technical aspects of registering domain names for internet web sites. The court will briefly summarize this technical background before outlining the facts of the case. The location of individual sites on the internet is denoted by an internet protocol (“IP”) address composed of a string of four groups of digits separated by periods. Each site has a unique numeric internet address. Lockheed Martin Corporation v. Network Solutions, Inc., 141 F.Supp.2d 648, 650-51 (N.D.Tex.2001) (“Lockheed Martin II”); see also Smith v. Network Solutions, Inc., 135 F.Supp.2d 1159, 1160 (N.D.Ala.2001). For ease of access, the numeric addresses typically correspond to more easily remembered alphanumeric “domain names” (such as <google.com>), which internet users can enter in their web browser to access specific sites. Lockheed Martin II, 141 F.Supp.2d at 650-51; Smith, 135 F.Supp.2d at 1160. A domain name is composed of two parts, separated by a period. The portion to the right of the period, i.e., the “com” in <google.com >, is known as the “top level domain” or “TLD.” Smith, 135 F.Supp.2d at 1160-61; see also American Girl, LLC v. Nameview, Inc., 381 F.Supp.2d 876, 879 (E.D.Wis.2005). The portion to the left of the period, generally a series of a numbers and letters chosen by the operator of the site, i.e., the “google” in < google.com >, is known as the “second level domain” or “SLD.” Smith, 135 F.Supp.2d at 1160-61. One wishing to use a specific domain name must register the name with one of numerous competing companies known as registrars. In 1993, pursuant to a contract with the National Science Foundation, Network Solutions, Inc. (“NSI”) became the sole registrar for domain names in the most commonly used TLD’s (“.com,” “.net,” “.org,” and “.edu”). Id. at 1161. In 1998, the federal government adopted a policy favoring competitive domain name registration. “In furtherance of this policy, a private, non-profit corporation, the Internet Corporation for Assigned Names and Numbers (‘ICANN’), [] was formed to assume responsibilities for managing the allocation of Internet Protocol numbers and the domain name system. Also as part of the transition to a competitive system, NSI’s domain name registration service was divided into two separate units: a registrar and a registry.” Id. The registry maintains a centralized, publicly accessible database of information concerning all domain names in a TLD, known as the Whois (or WHOIS) database; this database is compiled from information submitted by registrars. Id. While there is only a single registry for each TLD, there are numerous competing registrars. Id. Registrars control the IP addresses associated with particular domain names. Customers seeking to register specific domain names interact with registrars; the registrars submit information regarding domain names to the registry, which includes the information in the public Whois database. A registrar must be accredited by ICANN for each TLD in which it operates. As part of the certification process, all registrars must sign the ICANN Registrar Accreditation Agreement (the “ICANN agreement”). Generally, an individual seeking to use a domain name submits an online application to a registrar. Id. at 1161-62. “[I]f someone submits an application for a particular domain name that already exists in the Registry WHOIS database by virtue of a prior registration, that name cannot be registered again, and the applicant is advised that the sought domain name is unavailable .... If there is no existing registration for a given SLD name within a given TLD, [however,] that domain name is considered available and generally may be registered on a first-come, first served basis.” Id. at 1162. The registrant must provide personal and contact information that becomes part of the Whois database. American Girl, 381 F.Supp.2d at 879. The Whois database “allows all registrars to determine almost instantaneously which domain names are already registered and therefore unavailable to others,” and “allow[s] a person whose registration application for a particular domain name has been denied as unavailable to determine which registrar registered the name he desires with the Registry.” Smith, 135 F.Supp.2d at 1160-62. The fact that “every person who wants to register a domain name either consents to put some sort of publicly accessible contact information on line, or is unable to register the domain name” has drawn criticism from privacy and free speech advocates. See Matthew Bierlin & Gregory Smith, Privacy Year in Review: Growing Problems with Spyware and Phishing, Judicial and Legislative Developments in Internet Governance, and the Impacts on Privacy, 11/S: J.L. & Pol’y for Info. Soc’y 279, 313-14 (2005); see also, e.g., Dawn C. Nunziato, Freedom of Expression, Democratic Norms, and Internet Governance, 52 Emory L.J. 187, 256 (Winter 2003) (“Because of the important role anonymous speech serves within expressive forums— which in turn are integral to democratic governments — ICANN should, in reevaluating its policies to accord meaningful protection for freedom of expression, revise its policy requiring domain name holders publicly to disclose their names and addresses. While protecting anonymous Internet speech is clearly an important component of free speech within the United States, it is even more important for ICANN to protect the identity of speakers from countries that are more inclined to retaliate against speakers based on the ideas they express”). ICANN has been reconsidering its policies in light of these concerns. Bierlin & Smith, supra, at 314. In addition, there has been a growth in “companies that will register domain names for individuals and act as a proxy by using the company’s contact information.” Id. Such services allow domain name registrants concerned with maintaining their privacy to remain anonymous. Naturally, these services also appeal to registrants who wish to conceal their identities for illegitimate purposes. Name-Cheap’s provision of an anonymity service to Doe is central to the dispute before the court. B. Allegations in Solid Host’s Complaint 1. The Parties Solid Host is a corporation based in the Netherlands, which is in the business of providing various internet-related services, including web hosting. Defendant eNom is an ICANN-accredited registrar and a signatory to the ICANN agreement. Defendant NameCheap is also an ICANNaccredited registrar and signatory to the ICANN agreement; Solid Host alleges that it “does not currently know whether [NameCheap] may have acted as [a registrar] in connection with the facts of this particular case.” In addition to functioning as a registrar, NameCheap offers an anonymity service known as “WhoisGuard,” whereby NameCheap becomes the registered owner of a domain name desired by a customer, and licenses the domain name to the customer. As a result, NameCheap’s contact information rather than the customer’s appears in the Whois database. Defendant Doe is an anonymous individual described by Solid Host as a “hacker.” 2. Doe’s Hijacking of Solid Host’s Domain Name Solid Host alleges that it is the owner of the domain name <solidhost.com>. It registered this name through eNom in December 2004, and has used the domain name to conduct its business since that time. Solid Host asserts that on Monday, August 4, 2008, due to a “security breach” at eNom, “Doe unlawfully gained access to [Solid Host’s] domain registration account,” obtained Solid Host’s login and password information, and “stole” the domain name <solidhost.com>. According to the complaint, Doe “either by himself, or through his agent, defendant Name-Cheap ... moved [Solid Host’s] domain name to another domain registration account with ... eNom.” Doe “or Name-Cheap acting at Doe’s direction” altered the IP address associated with <solid-host.com>, so that internet users accessing < solidhost.com > viewed a website “controlled solely by Doe” rather than Solid Host’s site. The website stated that the domain name <solidhost.com> was for sale, and provided an email address for inquiries. Solid Host alleges that Doe and NameCheap entered into a contract pursuant to which NameCheap agreed to become the registrant for <solid-host.com > listed in the Whois database and to “license[] the domain’s operability and functionality back to Doe.” Once the registration for <solidhost.com> was switched to a new account, Solid Host’s owner, Andre Van Vliet, could no longer alter the IP address associated with the domain name to re-direct internet traffic to Solid Host’s website. After discovering that he could no longer control the < solidhost.com > web site, Van Vliet attempted to regain access of the domain name. Van Vliet contacted the email address listed on <solidhost.com> and received an offer to sell the domain name for $12,000 from a different email address. Because Doe demanded payment via wire transfer, Van Vliet refused to pay. Solid Host’s counsel then made various unsuccessful attempts to recover the domain name through eNom; these are not pertinent to the present motion. On August 8, 2008, Solid Host’s counsel contacted NameCheap in a further attempt to regain control of the domain name. Although Solid Host does not specifically allege how it learned of NameCheap’s involvement, it presumably discovered that NameCheap was listed as the registrant for the domain name in the Whois database prior to contacting the company. Solid Host’s counsel requested that Name-Cheap reveal the identity of the customer who had used NameCheap’s “WhoisGuard” service to register < solidhost.com > and asked that the company “immediately take whatever steps were in its power to cause the return of the [domain name] ... to [Solid Host’s] control.” NameCheap’s counsel requested evidence of the purported theft. Solid Host alleges that it provided “evidence, including (but not limited to) a sworn declaration of Andre Van Vliet attesting to the relevant facts.” NameCheap contacted Doe, who claimed that he had legitimately purchased the domain name. NameCheap communicated this information to Solid Host’s counsel, who denied that the domain named had been sold, and expressed the opinion that Doe’s story was not credible. NameCheap indicated that it would “remain neutral” in what it perceived to be a dispute between Solid Host and Doe, and refused to reveal Doe’s identity. C. Procedural Background Solid Host filed its initial complaint on August 18, 2008. On August 21, 2008, it filed an ex parte application for temporary restraining order. The court granted the application on August 26, 2008. The court directed eNom to transfer <solid-host.com > to Solid Host’s control, directed NameCheap to cooperate with eNom, and required it to transfer the domain name to Solid Host if eNom failed to effect a transfer. That same day, eNom returned control of the domain name to Solid Host. On September 4, 2008, NameCheap revealed Doe’s identity to Solid Host’s counsel. Solid Host has not sought to amend its complaint to substitute this individual for the fictitious Doe defendant. The order granting Solid Host’s application for temporary restraining order set September 4, 2008 as the date for a hearing on an order to show cause why a preliminary injunction should not issue. The parties stipulated to continue this hearing numerous times. Finally, on January 7, 2009, the parties stipulated to entry of a preliminary injunction. Solid Host filed an amended complaint on February 20, 2009, and a second amended complaint on February 27, 2009. On March 20, 2009, NameCheap filed the present motion. The second amended complaint alleges three causes of action against NameCheap: cybersquatting in violation of the Anticybersquatting Consumer Protection Act (“ACPA”), 15 U.S.C. § 1125(d); breach of contract as a third party beneficiary; and unfair competition in violation of California’s Unfair Competition Law (the “UCL”), California Business and Professions Code § 17200 et seq. NameCheap argues that because it is an accredited registrar, it is not subject to liability for cyberpiracy under the ACPA; that the complaint fails to state a claim for cybersquatting and breach of contract as a third party beneficiary; and that Solid Host’s UCL claim fails because it is based on the cybersquatting claim and is not brought on behalf of the general public. II. DISCUSSION A. Legal Standard Governing Motions to Dismiss under Rule 12(b)(6) A Rule 12(b)(6) motion tests the legal sufficiency of the claims asserted in the complaint. Dismissal is proper only where there is either a “lack of a cognizable legal theory” or “the absence of sufficient facts alleged under a cognizable legal theory.” Balistreri v. Pacifica Police Dep’t, 901 F.2d 696, 699 (9th Cir.1988). The court must accept all factual allegations pleaded in the complaint as true, and construe them and draw all reasonable inferences from them in favor of the nonmoving party. Cahill v. Liberty Mutual Ins. Co., 80 F.3d 336, 337-38 (9th Cir.1996); Mier v. Owens, 57 F.3d 747, 750 (9th Cir.1995). It need not, however, accept as true unreasonable inferences or legal conclusions cast in the form of factual allegations. See Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 127 S.Ct. 1955, 1965, 167 L.Ed.2d 929 (2007) (“While a complaint attacked by a Rule 12(b)(6) motion to dismiss does not need detailed factual allegations, a plaintiffs obligation to provide the ‘grounds’ of his ‘entitle[ment] to relief requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do. Factual allegations must be enough to raise a right to relief above the speculative level, on the assumption that all the allegations in the complaint are true (even if doubtful in fact)” (citations omitted)). In deciding a Rule 12(b)(6) motion, the court generally looks only to the face of the complaint and documents attached thereto. Van Buskirk v. Cable News Network, Inc., 284 F.3d 977, 980 (9th Cir.2002); Hal Roach Studios, Inc. v. Richard Feiner & Co., Inc., 896 F.2d 1542, 1555 n. 19 (9th Cir.1990). It may, however, consider documents that are incorporated by reference, but not physically attached to, the complaint if they are central to plaintiffs claim and no party questions their authenticity. See Marder v. Lopez, 450 F.3d 445, 448 (9th Cir.2006) (in ruling on a motion to dismiss for failure to state a claim “[a] court may consider evidence on which the complaint ‘necessarily relies’ if: (1) the complaint refers to the document; (2) the document is central to the plaintiffs claim; and (3) no party questions the authenticity of the copy attached to the 12(b)(6) motion,” citing Branch v. Tunnell, 14 F.3d 449, 453-54 (9th Cir.1994), overruled on other grounds, Galbraith v. County of Santa Clara, 307 F.3d 1119 (9th Cir.2002)); see also Sanders v. Brown, 504 F.3d 903, 910 (9th Cir.2007) (“Review is generally limited to the contents of the complaint, but a court can consider a document on which the complaint relies if the document is central to the plaintiffs claim, and no party questions the authenticity of the document,” citing Warren v. Fox Family Worldwide, Inc., 328 F.3d 1136, 1141 n. 5 (9th Cir.2003), and Chambers v. Time Warner, Inc., 282 F.3d 147, 153 n. 3 (2d Cir.2002)). The court may also properly consider matters that can be judicially noticed under Rule 201 of the Federal Rules of Evidence. Hal Roach Studios, Inc., 896 F.2d at 1555 n. 19; Branch, 14 F.3d at 454. B. Whether Solid Host Has Stated a Cybersquatting Claim Against NameCheap 1. Standard Governing Liability for Cybersquatting Under the ACPA Congress passed the ACPA in 1999 as an amendment to the Lanham Act. The statute is designed to reach activities that might otherwise fall outside the scope of the Lanham Act, i.e., the bad faith registration of domain names with intent to profit from the goodwill associated with the trademarks of another, or “cybersquatting.” See S.Rep. No. 106-140, at 4 (1999); see also Porsche Cars N. Am., Inc. v. Porsche.Net, 302 F.3d 248, 260-61 (4th Cir.2002) (“We may and do conclude that the enactment of the ACPA eliminated any need to force trademark-dilution law beyond its traditional bounds in order to fill a past hole, now otherwise plugged, in protection of trademark rights. As the Second Circuit recently remarked, the ACPA ‘was adopted specifically to provide courts with a preferable alternative to stretching federal dilution law when dealing with cybersquatting,’ ” quoting Sporty’s Farm L.L.C. v. Sportsman’s Mkt, Inc., 202 F.3d 489, 497 (2d Cir.2000)). According to the Senate Report accompanying the ACPA, cybersquatters are those who (1) “register well-known domain names in order to extract payment from the rightful owners of the marks”; (2) “register well-known marks as domain names and warehouse those marks with the hope of selling them to the highest bidder”; (3) “register well-known marks to prey on customer confusion by misusing the domain name to divert customers from the mark owner’s site to the cybersquatter’s own site”; or (4) “target distinctive marks to defraud customers, including to engage in counterfeiting activities.” S.Rep. No. 106-140, quoted in Lucas Nursery and Landscaping, Inc. v. Grosse, 359 F.3d 806, 809 (6th Cir.2004); see also Bosley Medical Institute, Inc. v. Kremer, 403 F.3d 672, 680 (9th Cir.2005) (“[C]ybersquatting occurs when a person other than the trademark holder registers the domain name of a well known trademark and then attempts to profit from this by either ransoming the domain name back to the trademark holder or by using the domain name to divert business from the trademark holder to the domain name holder,” quoting DaimlerChrysler v. The Net Inc., 388 F.3d 201, 204 (6th Cir.2004) (alteration original)); Interstellar Starship Services v. Epix, Inc., 304 F.3d 936, 946 (9th Cir.2002) (“Cybersquatting is the Internet version of a land grab. Cybersquatters register well-known brand names as Internet domain names in order to force the rightful owners of the marks to pay for the right to engage in electronic commerce under their own name”); N. Light Tech. v. N. Lights Club, 97 F.Supp.2d 96, 115 (D.Mass.2000) (noting that the ACPA was enacted “primarily in an effort to stop ‘cybersquatters who register numerous domain names containing American trademarks or tradenames only to hold them ransom in exchange for money,’ ” quoting H.R.Rep. No. 106-412, at 5), aff'd, 236 F.3d 57 (1st Cir.2001). To establish liability under the ACPA, a plaintiff must prove, “without regard to the goods or services [offered by] the parties,” that the defendant: “(i) has a bad faith intent to profit from [a] mark ...; and (ii) registers, traffics in, or uses a domain name that— (I) in the case of a mark that is distinctive at the time of registration of the domain name, is identical or confusingly similar to that mark; (II) in the case of a famous mark that is famous at the time of registration of the domain name, is identical or confusingly similar to or dilutive of that mark; or (III) is a trademark, word, or name protected by reason of section 706 of Title 18 [the Red Cross] or section 220506 of Title 36 [the Olympics].” 15 U.S.C. § 1125(d)(1)(A). See also Bosley Medical Institute, 403 F.3d at 681 (“[A] ‘trademark owner asserting a claim under the ACPA must establish the following: (1) it has a valid trademark entitled to protection; (2) its mark is distinctive or famous; (3) the defendant’s domain name is identical or confusingly similar to, or in the case of famous marks, dilutive of, the owner’s mark; and (4) the defendant used, registered, or trafficked in the domain name (5) with a bad faith intent to profit,’ ” quoting DaimlerChrysler, 388 F.3d at 204). The statute identifies nine non-exclusive factors that are relevant in evaluating a defendant’s “bad faith intent.” 15 U.S.C. § 1125(d)(1)(B)(i). ACPA also contains a safe harbor provision, which states: “Bad faith intent described under subparagraph (A) shall not be found in any case in which the court determines that the person believed and had reasonable grounds to believe that the use of the domain name was a fair use or otherwise lawful.” 15 U.S.C. § 1125(d)(l)(B)(ii). In addition, several provisions of the statute shield domain name registrars from liability under certain circumstances. 15 U.S.C. § 1114(2)(D)(i) provides that “[a] domain name registrar, a domain name registry, or other domain name registration authority” shall not be liable for damages or, with certain exceptions, subject to injunctive relief for “refusing to register, removing from registration, transferring, temporarily disabling, or permanently canceling a domain name” in compliance with a court order or “in the implementation of a reasonable policy ... prohibiting the registration of a domain name that is identical to, confusingly similar to, or dilutive of another’s mark.” 15 U.S.C. § 1114(2)(D)(iii) provides that “[a] domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name.” This particular case raises several novel interpretative issues regarding the ACPA. In considering these issues, the court is mindful that the statute’s scope is narrow. See Harrods Ltd. v. Sixty Internet Domain Names, 110 F.Supp.2d 420, 426 (E.D.Va.2000) (“Our statutory interpretation is consistent with the legislative history of the ACPA, which makes clear that the statute’s scope is narrow”). ACPA was enacted to counter cybersquatting, a narrow class of wrongdoing defined as registering, trafficking in, or using domain names “similar to trademarks with the bad-faith intent to profit from the goodwill of the trademarks.” Id. (quoting H.R.Rep. No. 106-412 (1999) and citing S.Rep. No. 106-140 (cybersquatting refers to the “deliberate, bad-faith, and abusive registration of Internet domain names in violation of the rights of trademark owners”)); see also, e.g., Bosley Medical Institute, 403 F.3d at 680 (“[C]ybersquatting occurs when a person other than the trademark holder registers the domain name of a well known trademark and then attempts to profit from this by either ransoming the domain name back to the trademark holder or by using the domain name to divert business from the trademark holder to the domain name holder”). Several of the statutory interpretation questions before the court stem from the parties’ efforts to apply the ACPA to a situation that does not involve traditional cybersquatting. The court therefore prefaces its analysis by noting the various ways in which this action differs from the “paradigmatic” cybersquatting scenario. See Lucas Nursery, 359 F.3d at 810 (citing Ford Motor Co. v. Catalanotte, 342 F.3d 543, 549 (6th Cir.2003) (“Registering a famous trademark as a domain name and then offering it for sale to the trademark owner is exactly the wrong Congress intended to remedy when it passed the ACPA”)). Typically, a cybersquatter registers a well-known trademark as a domain name before the trademark owner is able to register it. The prototypical cybersquatter is not, as Doe allegedly is, a “hacker” who “steals” an existing domain name. Rather, he is a speculator who registers a domain name not yet in use, taking advantage of the first-come first-served registration system, with the expectation that the domain name will be of value to the trademark owner. Unlike the usual cybersquatting victim, which has not yet registered its trade name, Solid Host alleges that it was the registrant of the domain name at issue, and had been for several years prior to the alleged theft. This distinction between prototypical cybersquatting and hacking is not the only aspect of the case that differs from the norm. Doe purportedly obtained control of < solidhost.com > by “hacking” into eNom’s system and transferring the registration to a different account; he did not register the domain name himself in the first instance. After obtaining the registration, however, Doe proceeded as a typical cybersquatter would, attempting to ransom the domain name to Solid Host, the alleged trademark owner. Thus, analyzing Doe’s liability under the ACPA would appear to be relatively straightforward. Doe’s liability is not presently at issue, however. Rather, Solid Host seeks to hold NameCheap liable for cybersquatting because it refused to reveal Doe’s identity. For its part, despite the fact that it did not act as a registrar in this case, NameCheap invokes the safe harbor provisions of the statute that were intended to shield registrars from liability for accepting domain name applications. The court first considers NameCheap’s argument that it is immune from liability under the ACPA. 2. Whether NameCheap’s Status as a Registrar Shields it from Liability NameCheap advances two arguments in support of its contention that it cannot be held liable for cybersquatting because it is a registrar. Citing Lockheed Martin II, 141 F.Supp.2d 648, it asserts that “[b]y its own terms, the ACPA does not apply to domain name registrars such as Name-Cheap.” Additionally, it contends that the safe harbor provisions of § 1114(2)(D) shield it from liability. Drawing all inferences in Solid Host’s favor, although NameCheap is an ICANNaccredited registrar, it did not act in that capacity in this case. A registrar is a company that accepts and processes applications for domain name registrations. Solid Host initially registered <solid-host.com > through eNom. Although Doe gained control of < solidhost.com > in a manner that the complaint does not detail fully, it appears clear that he did not gain access to the domain name by submitting an application to NameCheap to register it. Had he attempted to register <solid-host.eom> through a registrar, in fact, he would have been informed that the domain name was already in use. Instead, Doe gained access to eNom’s system and made two changes related to < solidhost.com >. He altered the IP address associated with the domain name so that it corresponded to an IP address in his control, and he altered the registration information to indicate that NameCheap, rather than Solid Host, was the registrant. NameCheap did not use the domain name but licensed it back to Doe. As can be seen, Solid Host does not allege that NameCheap acted as a registrar; that is, it did not allege that Name-Cheap processed the registration for <solidhost.com>, either for Doe or on its own behalf. Although some registrars, perhaps including NameCheap, offer anonymity services at the time of registration, see Ian J. Block, Comment, Hidden Whois and Infringing Domain Names: Making the Case for Registrar Liability, 2008 U. Chi. Legal F. 431, 431-32 (2008), Solid Host alleges that Doe used NameCheap’s anonymity service independent of its domain name registration service. Whether the statutory protection afforded registrars in § 1114(2)(D) applies to registrars who provide services other than processing applications for domain name registration, simply by virtue of their status as accredited registrars, is apparently a question of first impression. Before examining the specific safe harbors set forth in § 1114(2)(D), the court addresses Name-Cheap’s argument that registrars cannot be held liable under the ACPA under any circumstances. a. Whether Lockheed Martin II Grants Registrars Blanket Immunity from Liability Under the ACPA Although the safe harbors for registrars provided by § 1114(2)(D) apply only in specific circumstances, NameCheap argues that registrars can never be held liable under the ACPA. In asserting an entitlement to blanket immunity, NameCheap relies solely on Lockheed, Martin II. There, Lockheed Martin Corporation sued NSI, a domain name registrar, arguing that NSI had “failed to protect” it by accepting the registration of domain names that infringed its trademarks. Lockheed Martin II, 141 F.Supp.2d at 649-50. The court concluded that NSI was entitled to summary judgment on Lockheed Martin’s ACPA claim. It stated: “Having studied the language of § 1125(d) in the light of the summary judgment record, the court cannot conclude that it creates a cause of action against defendant as a domain name registrar or registry.” Id. at 655. Citing this sentence, NameCheap contends that the statute affords registrars blanket immunity from liability. NameCheap overlooks the context of the court’s statement. The court concluded “in the light of the summary judgment record” before it that NSI could not be held liable. It did not purport to extend the ruling to every potential factual scenario involving a registrar. Indeed, a close examination of Lockheed Martin II reveals that it stands merely for the proposition that a registrar is not liable under § 1125(d) when it acts a registrar, i.e., when it accepts registrations for domain names from customers. The court first noted that there was “no summary judgment evidence that [defendant was] a person who ... had a ‘bad faith intent to profit from’ specific marks, 15 U.S.C. 1125(d)(1)(A)(i), that [were] registered with it or contained in its registry.” Id. at 654. It then explained that “none of the conditions and conduct listed” in § 1125(d)(1)(B)(i) as relevant to a finding of bad faith “would be applicable to a person functioning solely as a registrar or registry of domain names.” Id. at 655 (emphasis added). Next, the court observed that none of the actions triggering liability under the statute is the type of conduct in which registrars engage when acting in their capacity as registrars: “Moreover, the court has concluded that there is no summary judgment evidence that defendant fits within the (ii) clause of § 1125(d)(1)(A). There is no evidence that defendant is a person that ‘registers, traffics in, or uses a domain name____’ The word ‘registers,’ when considered in context, obviously refers to a person who presents a domain name for registration, not to the registrar. The ‘traffics in’ part of clause (ii) is defined by § 1125(d)(1)(E) to mean ‘transactions that include, but are not limited to, sales, purchases, loans, pledges, licenses, exchanges of currency, and any other transfer for consideration or receipt in exchange for consideration.’ There is no summary judgment evidence that defendant has engaged in transactions of any of those kinds in reference to domain names. Section 1125(d)(1)(D) expressly limits the ‘uses’ feature to the domain name registrant or the registrant’s authorized licensee.” Id. Thus, Lockheed Martin held only that, where the record indicates that a defendant did nothing more than act as a registrar, no liability under § 1125(d) will lie. As the court explained, to be liable under § 1125(d), a defendant must register, traffic in, or use a domain name. As used in the statute, to “register” means to register a domain name by submitting an application to a registrar. “Trafficking” refers to selling and licensing domain names and similar activity. A registrar that processes domain name registration applications does not register or traffic in domain names as those terms are used in the statute (although the registrar presumably “registers” the domain name from which it conducts its business as a registrar). Similarly, § 1125(d)(1)(D) implicitly limits registrars’ liability for “use” of an infringing domain name. That section provides that “[a] person shall be liable for using a domain name under subparagraph (A) only if that person is the domain name registrant or that registrant’s authorized licensee.” Because a registrar, in its capacity as such, is merely an intermediary that registers domain names, and does not typically act as a domain name registrant or licensee (except, again, of its own domain name), this provision provides some protection for registrars. Nothing in Lockheed Martin II, however, suggests that a registrar is immune under the ACPA when it acts other than as a registrar. Indeed, to the extent that NameCheap was the registrant of the domain name and “used” the name, this section would support the imposition of liability on it, not a grant of immunity to it. NameCheap’s blanket immunity argument, moreover, is inconsistent with the fact that ACPA provides safe harbors for registrars in limited circumstances. The provision of limited safe harbors would be unnecessary if the statute provided sweeping immunity. The court therefore turns to whether the safe harbors apply to actions taken by a registrar in some other capacity. b. Whether NameCheap Is Immune Under Section 1114(2)(D) As noted, § 1114(2)(D) provides statutory safe harbors for registrars under various circumstances. Section 1114(2)(D)(i) provides that “[a] domain name registrar, a domain name registry, or other domain name registration authority” shall not be liable for damages or, with some exceptions, subject to injunctive relief, for “refusing to register, removing from registration, transferring, temporarily disabling, or permanently canceling a domain name” when such action is in compliance with a court order or “in the implementation of a reasonable policy ... prohibiting the registration of a domain name that is identical to, confusingly similar to, or dilutive of another’s mark.” ACPA’s legislative history indicates that this section was intended to “encourage[ ] domain name registrars and registries to work with trademark owners to prevent cybersquatting....” See S.Rep. No. 106— 140, at 11. It contemplates that registrars will respond to trademark owners’ complaints and help to resolve disputes between domain name registrants and trademark holders, either by adopting policies targeted at preventing cybersquatting, or, where the parties have taken their dispute to court, through compliance with court orders. Based on the factual allegations in the complaint, NameCheap is not in a position in this case to “work with [the] trademark owner[] to prevent cybersquatting” in the manner contemplated by the safe harbor. Instead of occupying the neutral position envisioned for registrars by the statute, NameCheap is, by virtue of the anonymity service it provides, the registrant of a domain name that allegedly infringes Sold Host’s trademark. Name-Cheap is not “work[ing] with trademark owners to prevent cybersquatting” by providing an anonymity service; although the service has legitimate uses, as this action demonstrates, preventing cybersquatting is not one of them. The court thus concludes that § 1114(2)(D)(i) was not intended to shield registrars from liability for actions outside their core function as registrars. While § 1114(2)(D)(I) might protect NameCheap if it acted as the registrar for < solidhost.com >, given the allegations in the complaint, the court must assume for purposes of this motion that it did not act as registrar of the name. Further, the complaint does not allege that Name Cheap registered, removed from registration, temporarily disabled or permanently cancelled the Solid Host domain name. Section 1114(2)(D)(iii) provides that “[a] domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name.” The purpose of this provision is to “promote! ] the continued ease and efficiency users of the current registration system enjoy by codifying current case law limiting the secondary liability of domain name registrars and registries for the act of registration of a domain name.” S.Rep. No. 106-140, at 11. Thus, this safe harbor applies to “the act of registration of a domain name,” an action that the complaint alleges eNom, not NameCheap, took here. Given the facts alleged by Solid Host, the provision is inapplicable. Additionally, because “bad faith intent to profit” is an element of liability under § 1125(d), the provision adds little to the basic liability analysis. For all of these reasons, the court concludes that NameCheap’s status as an accredited registrar does not shield it from liability in cases where it did not act as a registrar. Because the court assumes for purposes of this motion that NameCheap did not act as registrar for <solid-host.com >, the fact that NameCheap is an accredited registrar does not prevent from Solid Host from stating a claim against it. The court thus considers whether Solid Host has adequately pled the elements of a cybersquatting claim against it. 3. Whether Solid Host’s Has Alleged Ownership of a Protected, Distinctive Mark To plead a cyberpiracy claim, Solid Host must first allege that it is the owner of a protected, distinctive mark. Bosley Medical Institute, 403 F.3d at 681. Under the Lanham Act, a mark is “distinctive” if it is either “inherently distinctive” or if it has acquired secondary meaning, i.e., if people associate the mark with a particular source. See, e.g., Kendall-Jackson Winery, Ltd. v. E. & J. Gallo Winery, 150 F.3d 1042, 1047 (9th Cir.1998); Levi Strauss & Co. v. Blue Bell, Inc., 632 F.2d 817, 820 (9th Cir.1980). Solid Host alleges that its “services using <solidhost.com> have been visible and available throughout the United States,” and that it has used the mark in interstate and international commerce with American customers.” It alleges that it registered the domain name < solidhost.com > in December 2004, and that it has used the name actively in conducting its web hosting business since that time. On this basis, it asserts that it has acquired common law trademark rights in the “Solid Host” mark. NameCheap contends that Solid Host’s complaint “offers no evidence or even an allegation showing ... that the Solid Host is a mark that is inherently distinctive or ... that the mark has acquired distinctiveness through secondary meaning.” Solid Host is, of course, not required to adduce “evidence” to survive a motion to dismiss. Further, because the existence of secondary meaning “may be ‘inferred from evidence relating to the nature and extent of the public exposure achieved by the designation,’ or from proof of intentional copying,” see Ashlar, Inc. v. Structural Dynamics Research Corp., No. C-94-4344 WHO, 1995 WL 639599, *5 (N.D.Cal. June 23, 1995) (quoting Paper-Cutter, Inc. v. Fay’s Drug Co., 900 F.2d 558, 564 (2d Cir.1990)), a plaintiff asserting ownership of a common law trademark need not specifically allege the existence of secondary meaning to survive a motion to dismiss. See id. (denying motion to dismiss on ground that counterclaimant who alleged common law trademark failed to plead secondary meaning, and concluding that “[although Graphsoft may ultimately be unable to prove a secondary meaning, ... Graphsoft is not required to plead secondary meaning in its countercomplaint”); see also Mid-West Management, Inc. v. Capstar Radio Operating Co., No. 04-C-720-C, 2005 WL 503817, *4-5 (W.D.Wis. Mar. 1, 2005) (plaintiffs allegations that in 2004, “it began using the phrase ‘Madison’s Progressive Talk’ in its WTDY radio broadcasts to identify the source of the broadcasts and that the company ha[d] continued to use the phrase ‘Madison’s Progressive Talk’ since that date in its broadcasts and in advertising,” liberally construed, were sufficient to “suggest that the phrase ha[d] become associated with WTDY,” and “[plaintiff’s failure to allege that the phrase ha[d] acquired secondary meaning in its amended complaint [was] not fatal to its infringement claims”); see generally Thomas McCarthy, Mccartht on Trademarks and Unfair Competition § 32:202 (observing that some courts have “held that in alleging infringement of a descriptive term, it is not necessary to specifically allege that the term has acquired a secondary meaning”). Here, Solid Host’s allegation that it has consistently used the “Solid Host” mark in commerce with American customers since 2004, construed liberally in its favor, suggests that the phrase “Solid Host” has become associated in customers’ minds with the company’s services. See Levi Strauss, 632 F.2d at 820 (“The basic element of secondary meaning is a mental recognition in buyers’ and potential buyers’ minds that products connected with the symbol or device emanate from or are associated with the same source. As recognized in this circuit, ‘(s)econdary meaning has been defined as association nothing more,’ ” quoting Carter-Wallace, Inc. v. Procter & Gamble Co., 434 F.2d 794, 802 (9th Cir.1970) (alteration original)); Mid-West Management, 2005 WL 503817 at *4-5 (an allegation that a radio station used a phrase in its broadcasts to identify the source of programming gave rise to an inference that customers identified the phrase with the station, and was sufficient to plead distinctiveness). In addition, Solid Host has alleged that Doe intentionally took control of the domain name <solidhost.eom>, which raises an inference that the mark is distinctive. See Ashlar, 1995 WL 639599 at *5 (intentional copying is evidence of distinctiveness). Based on these allegations, the court concludes that Solid Host has sufficiently pled ownership of a protected, distinctive mark. Because the domain name <solidhost.com> is identical to Solid Host’s alleged trademark, the requirement that the domain name be identical or confusingly similar to the protected mark is met as well. 4. Whether Solid Host Sufficiently Alleges NameCheap’s Bad Faith with Intent to Profit To state a cyberpiracy claim, Solid Host must also plead that NameCheap “ha[d] a bad faith intent to profit from [Solid Host’s] mark.” See 15 U.S.C. § 1125(d)(1)(A)(i). The requirement of bad faith intent to profit from the mark is distinct from the requirement that defendant “register[], traffic[] in, or use[] a domain name.” See 15 U.S.C. § 1125(d)(1)(A)(ii); Fare Deals Ltd. v. World Choice Travel.Com, Inc., 180 F.Supp.2d 678, 683 (D.Md.2001) (“Under the federal Anticybersquatting Consumer Protection Act ..., Fare Deals cannot state a valid claim unless it can allege that [defendant] had ‘a bad faith intent to profit from’ Fare Deal’s mark and ‘registered], trafficked] in, or use[d]’ an infringing domain name,” citing Virtual Works, Inc. v. Volkswagen of Am., Inc., 238 F.3d 264, 269-70 (4th Cir.2001)) (engaging in a two-pronged inquiry regarding use and bad faith under the ACPA (emphasis added)). The bad faith required to support a cybersquatting claim is not general bad faith, but “a bad faith intent to profit from the mark,” 15 U.S.C. § 1125(d)(1)(A)(i) (emphasis added). Thus, the defendant must intend to profit specifically from the goodwill associated with another’s trademark. See Lucas Nursery, 359 F.3d at 810 (“In its report on the ACPA, the Senate Judiciary Committee distilled the crucial elements of bad faith to mean an ‘intent to trade on the goodwill of another’s mark,’ ” quoting S.Rep. No. 106-140, at 9); Sporty’s Farm, 202 F.3d at 495 (Congress enacted the ACPA “ ‘to protect consumers and American businesses, to promote the growth of online commerce, and to provide clarity in the law for trademark owners by prohibiting bad-faith and abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodunll associated with such marks,’ ” quoting S.Rep. No. 106-140, at 4 (emphasis added)); id. at 499 n. 13 (“We expressly note that ‘bad faith [and] intent to profit’ are terms of art in the ACPA and hence should not necessarily be equated with ‘bad faith’ in other contexts”); Healix Infusion Therapy, Inc. v. Murphy, Civil Action No. H-08-0337, 2008 WL 4155459, *4 (S.D.Tex. Sept. 2, 2008) (“The ACPA makes a person who in bad faith seeks to profit from the goodwill associated with an owner’s mark hable to the mark owner for damages”); H.R. Conf. Rep. No. 106-464 (1999) (“[T]he bill does not extend to innocent domain name registrations by those who are unaware of another’s use of the name, or even to someone who is aware of the trademark status of the name but registers a domain name containing the mark for any reason other than with bad faith intent to profit from the goodunll associated with that mark,” quoted in Harrods, 110 F.Supp.2d at 426 (emphasis added)); S.Rep. No. 106-140 (“Under the bill ... the abusive conduct that is made actionable is appropriately limited just to bad-faith registrations and uses of others’ marks by persons who seek to profit unfairly from the goodwill associated therewith,” quoted in Harrods, 110 F.Supp.2d at 426 (emphasis added)). Here, the sum total of Solid Host’s allegations regarding NameCheap’s bad faith is that NameCheap acted in bad faith by refusing to reveal Doe’s identity “after being presented with facts that would cause a reasonable person to conclude that Doe had stolen the domain [name].” The complaint alleges that “NameCheap profited by charging a fee for the anonymity registration service it provided to Doe, [that it] ... also profited by maintaining the anonymous registration ... after being presented with facts that would cause a reasonable person to conclude that Doe had stolen the domain;” and that “Name-Cheap has an economic incentive to resist any attempts to expose [its customers’] identities, even where it is presented with reasonable evidence that it has registered stolen property, i.e., a domain name that was hacked and stolen by the party ... seeking anonymity protection from it.” Based on these allegations, Solid Host concludes that “NameCheap had a bad faith intent to profit from [Solid Host’s] service mark <solidhost.com>....” Solid Host’s reliance on these allegations to infer a bad faith intent to profit from its mark fails. Nothing in the complaint suggests that by affording Doe the benefits of anonymous registration, NameCheap sought to benefit in any way from the goodwill associated with Solid Host’s mark. The only bad faith alleged is NameCheap’s provision of an indisputably legal anonymous registration service without attempting to screen out customers who wish to use it to cybersquat; and its decision to maintain its customer’s anonymity when presented with evidence that its services had been used for this illegitimate purpose. The only intent to profit alleged is linked to NameCheap’s operation and promotion of its anonymity service; none of Solid Host’s allegations suggests that NameCheap intended to profit from the goodwill associated with the Solid Host trademarks. Whether NameCheap’s refusal to reveal Doe’s identity might constitute bad faith in some other context is irrelevant. See Sporty’s Farm, 202 F.3d at 499 n. 13 (bad faith intent to profit is a term of art with a specific legal meaning under the ACPA). Liability under the ACPA requires a bad faith intent to profit from the goodwill of another’s mark; the statute was not meant to prohibit actions outside its scope simply because they were undertaken in “bad faith,” or with a motive to profit illegitimately. See id.; Harrods, 110 F.Supp.2d at 426 (“[T]he legislative history of the ACPA ... makes clear that the statute’s scope is narrow”). Because Solid Host has not pled facts sufficient to support the legal conclusion that NameCheap acted with a bad faith intent to profit from Solid Host’s mark, as that term is used in § 1125(d), the second amended complaint fails to state a claim for cybersquatting against NameCheap. See Bell Atlantic, 127 S.Ct. at 1965 (the court need not accept legal conclusions cast as factual allegations). This failure, however, may not be fatal. The complaint plainly states a claim for cybersquatting against Doe. It alleges that he offered to sell the domain name to Solid Host after pirating it. This constitutes trafficking in the domain name with a bad faith intent to profit from Solid Host’s mark. See Catalanotte, 342 F.3d at 549 (“[W]hen Catalanotte registered the domain name FORDWORLD.COM and later offered it for sale to Ford, he trafficked' in the domain name for the purposes of the ACPA”). The court therefore considers whether NameCheap can be held contributorily liable. 5. Whether Solid Host Has Stated a Claim for Contributory Liability a. Legal Standard Governing Contributory Liability Under the Lanham Act It appears that, in addition to pleading that NameCheap is directly liable for cybersquatting, Solid Host also asserts a claim for “contributory cybersquatting.” See Newborn v. Yahoo!, Inc., 391 F.Supp.2d 181, 190 (D.D.C.2005) (“The Court also notes that it is unclear whether the plaintiff is alleging a direct trademark infringement action against the defendants or a contributory trademark in~ fringement action. However, it does appear that because the plaintiff alleges that the defendants ‘have allowed other parties!]] unauthorized use of Plaintiffs registered domain names’ ... that he is raising a contributory trademark infringement claim”). In general, “[c]ontributory [trademark] infringement occurs when the defendant either intentionally induces a third party to infringe the plaintiffs mark or supplies a product to a third party with actual or constructive knowledge that the product is being used to infringe the service mark.” Lockheed Martin Corp. v. Network Solutions, Inc., 194 F.3d 980, 983 (9th Cir.1999) (“Lockheed Martin I ”) (citing Inwood Lab., Inc. v. Ives Lab., Inc., 456 U.S. 844, 853-54, 102 S.Ct. 2182, 72 L.Ed.2d 606 (1982)); see also Perfect 10, Inc. v. Visa Intern. Service Ass’n, 494 F.3d 788, 807 (9th Cir.2007) (“To be liable for contributory trademark infringement, a defendant must have (1) ‘intentionally induced’ the primary infringer to infringe, or (2) continued to supply an infringing product to an infringer with knowledge that the infringer is mislabeling the particular product supplied,” citing Inwood Lab., 456 U.S. at 855, 102 S.Ct. 2182). Where the defendant supplies the infringer with a service rather than a product, however, courts “consider the extent of control exercised by the defendant over the third party’s means of infringement” in analyzing whether a claim for contributory infringement lies. Lockheed Martin I, 194 F.3d at 984 (citing Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d 259, 265 (9th Cir.1996), and Hard Rock Cafe Licensing Corp. v. Concession Servs., Inc., 955 F.2d 1143, 1148-49 (7th Cir.1992)); see also Perfect 10, 494 F.3d at 807 (“Wfiien the alleged direct infringer supplies a service rather than a product, under the second prong of this test, the court must ‘consider the extent of control exercised by the defendant over the third party’s means of infringement,’ ” quoting Lockheed Martin I, 194 F.3d at 984); Louis Vuitton Malletier, S.A. v. Akanoc Solutions, Inc., 591 F.Supp.2d 1098, 1111 (N.D.Cal.2008) (“[W]hen a defendant offers a service instead of a product, a plaintiff can base its contributory trademark infringement claim on the ‘extent of control’ theory or the ‘intentional inducement’ theory”). Under the extent of control theory, “a plaintiff must prove that the defendant had knowledge and ‘[d]irect control and monitoring of the instrumentality used by the third party to infringe the plaintiffs mark.’ ” Louis Vuitton, 591 F.Supp.2d at 1111 (quoting Lockheed Martin I, 194 F.3d at 984); see also Perfect 10, 494 F.3d at 807 (“For liability to attach, there must be ‘[d]irect control and monitoring of the instrumentality used by a third party to infringe the plaintiff’s mark,’ ” quoting Lockheed Martin I, 194 F.3d at 984). Courts have applied this theory to cybersquatting claims under the ACPA. See Ford Motor Co. v. Greatdomains.Com, Inc., 177 F.Supp.2d 635, 646 (E.D.Mich.2001). b. The Extent of NameCheap’s Control over Doe’s Means of Cybersquatting NameCheap supplied an anonymous domain name registration service, which Doe allegedly used to “steal” Solid Host’s domain name and hold it for ransom. Because NameCheap offered a service rather than an infringing product, Solid Host must show that NameCheap either intentionally induced Doe to cybersquat or directly controlled and monitored the instrumentality used by Doe. There are no allegations that NameCheap induced Doe’s cybersquatting. As respects direct control and monitoring of the instrumentality Doe used to infringe, the court finds the Ninth Circuit’s analysis in Lockheed Martin I instructive on the application of this framework to domain name piracy. There, the court considered whether NSI, as a registrar, could be liable for contributory infringement because it accepted for registration domain names that infringed Lockheed Martin’s trademarks. Lockheed Martin I, 194 F.3d at 983. The court first noted that the case “involve[d] a fact pattern squarely on the ‘service’ side of the produet/service distinction suggested by Inwood Lab. and its offspring” Id. It then explained that the “direct control and monitoring” rule in service-based contributory infringement cases evolved in the “context of renting booth space at a flea market.” See id. at 984 (citing Hard Rock Cafe, 955 F.2d at 1148-49). In Hard Rock Cafe, the Seventh Circuit concluded that a flea market operator could be held liable for the sale of infringing products at the market, citing “the close comparison between the legal duty owed by a landlord to control illegal activities on his or her premises and by a manufacturer to control illegal use of his or her product.” See id. (construing Hard Rock Cafe). The Ninth Circuit adopted the analysis of the Hard Rock Cafe court in Fonovisa, “holding that a flea market could be hable for contributory infringement if it ‘supplied] the necessary marketplace’ for the sale of infringing products.” See id. (quoting Fonovisa, 76 F.3d at 265). In Lockheed Martin I, the Ninth Circuit rejected Lockheed Martin’s efforts to characterize the case in a way that would fit the Hard Rock Cafe framework. The court first observed that “[wjhere domain names are used to infringe, the infringement does not result from NSI’s publication of the domain name list, but from the registrant’s use of the name on a web site or other Internet form of communication in connection with goods or services.... NSI’s involvement with the use of domain names does not extend beyond registration.” Id. at 985 (quoting district court, Lockheed Martin Corp. v. Network Solutions, Inc., 985 F.Supp. 949, 962 (C.D.Cal. 1997)). Next, the court observed that NSI’s service did not “entail the kind of direct control and monitoring required to justify an extension of the ‘supplies a product’ requirement.” Id. It noted that “[wjhile the landlord of a flea market might reasonably be expected to monitor the merchandise sold on his premises, NSI [could not] reasonably be expected to monitor the Internet.” Id. (quoting the district court’s opinion at 985 F.Supp. at 962). Finally, the court addressed “Lockheed[’s] characterization] [of] NSI’s service as a licensing arrangement with alleged third-party infringers.” Id. While the court acknowledged that the registration agreement constituted a license, it did not find this dispositive; rather, the issue was whether NSI as registrar retained direct control over the thing licensed: “Although we accept Lockheed’s argument that NSI licenses its routing service to domain-name registrants, the routing service is just that — -a service. In Fonovisa and Hard Rock, by contrast, the defendants licensed real estate, with the consequent direct control over the activity that the third-party alleged infringers engaged in on the premises. Hard Rock, 955 F.2d at 1149; see Fonovisa, 76 F.3d at 265.” See id. See also Fare Deals, 180 F.Supp.2d at 689 (discussing Lockheed Martin I and stating that “[t]he key distinction between the potentially infringing conduct in Hard Rock Cafe and Fonovisa and that of NSI lay in what the defendants were licensing”). In Ford Motor Co., 177 F.Supp.2d at 646, the district court applied the direct control and monitoring test to a cybersquatting claim, and held that the owner of an auction website was not contributorily liable under the ACPA. The website facilitated users’ sales of domain names and defendant, the site’s owner, collected commissions on the sales. Id. Plaintiff claimed that domain names sold through the site infringed its trademarks, and sought to hold defendant contributorily liable for cybersquatting. It asserted that, like a flea market owner, defendant “provided ‘the necessary marketplace’ for the ... alleged cybersquatting.” Id. (quoting Lockheed Martin I, 194 F.3d at 984-85). Addressing this argument, the court considered expansion of the direct control and monitoring rule to the cybersquatting context: “Although the ‘flea market’ analysis generally has been applied in the infringement context, a similar standard arguably could be applied to allegations of cybersquatting. However, because the ACPA requires a showing of ‘bad faith intent’ — a subjective element not required under traditional infringement, unfair competition, or dilution claims— the standard would be somewhat heightened. For example, it would be insufficient that an entity such as [defendant] were merely aware that domain names identical or similar to protected marks were being sold over its website. Rather, because legitimate uses of others marks are protected under the ACPA, a plaintiff would have to demonstrate that the ‘cyber-landlord’ knew or should have known that its vendors had no legitimate reason for having registered the disputed domain names in the first place. Because an entity such as [defendant] could not be expected to ascertain the good or bad faith intent of its vendors, contributory liability would apply, if at all, in only exceptional circumstances.” See id. at 647. As “[n]o such exceptional circumstances [were] alleged” in the case before it, the court concluded that plaintiff had failed to state a claim for cybersquatting. Id. In Fare Deals, 180 F.Supp.2d at 689-91, the district court applied Lockheed Martin I to analyze a trademark claim based on an infringing domain name. While the plaintiff, Fare Deals, Ltd., alleged a traditional infringement claim rather than a cybersquatting claim, Fare Deals is nonetheless instructive. Fare Deals asserted that the operators of a website with the domain name < faredeals.com > infringed its trademark. Id. at 681. Among the defendants was HRN, a company that maintained a different website where customers could book hotel reservations. Id. HRN entered into an affiliate agreement with the operators of “faredeals.com,” whereby <faredeals.eom> displayed banner advertisements linking to HRN’s website, and the operators of <faredeals.com> received a commission on every sale generated by the links. Id. Because HRN did not own or control <faredeals.com>, the court concluded that it could not be held directly liable for infringement. Id. It next examined whether HRN could be held contributorily liable for <fare-deals.com>’s infringement. See id. at 689-91. Citing Lockheed Martin I’s discussion of the direct control and monitoring rule, the court considered the flea market context in which the rule originated. It observed that “the flea-