
652 F.Supp.2d 1092 (2009)
SOLID HOST, NL, Plaintiff,
v.
NAMECHEAP, INC., a Delaware Corp. d/b/a Namecheap and Whois Guard Protected; Demand Media, Inc., a Washington Corp. with its principal place of business in Los Angeles, d/b/a eNom, and John Doe 1, Defendants.
Case No. CV 08-5414 MMM (Ex).
United States District Court, C.D. California.
May 19, 2009.
*1094 G. Randall Garrou, John H. Weston, Weston Garrou Walters and Mooney, Los Angeles, CA, Marc J. Randazza, Weston Garrou Walters and Mooney, Altamonte Springs, FL, for Plaintiff.
Eugene Rome, Rome & Associates APC, Los Angeles, CA, Frank E. Merideth, Jr., Gregory A. Nylen, Wendy M. Mantell, Greenberg Traurig, LLP, Santa Monica, CA, for Defendants.

ORDER DENYING DEFENDANT NAMECHEAP'S MOTION TO DISMISS
MARGARET M. MORROW, District Judge.
On August 17, 2008, plaintiff Solid Host, NL filed this action against defendants NameCheap, Inc., dba Whois Guard Protected; Demand Media, Inc., dba eNom, Inc.; and John Doe 1.[1] Solid Host alleges that Doe "hijacked" its domain name, . On March 20, 2009, NameCheap filed a motion to dismiss the claims asserted against it for failure to state a claim under Rule 12(b)(6) of the Federal Rules of Civil Procedure.

I. FACTUAL AND PROCEDURAL BACKGROUND

A. Technical Background
This action requires knowledge of certain of the technical aspects of registering domain names for internet web sites. The court will briefly summarize this technical background before outlining the facts of the case.
The location of individual sites on the internet is denoted by an internet protocol ("IP") address composed of a string of four groups of digits separated by periods. Each site has a unique numeric internet address. Lockheed Martin Corporation v. Network Solutions, Inc., 141 F.Supp.2d 648, 650-51 (N.D.Tex.2001) ("Lockheed Martin II"); see also Smith v. Network Solutions, Inc., 135 F.Supp.2d 1159, 1160 (N.D.Ala.2001). For ease of access, the numeric addresses typically correspond to more easily remembered alphanumeric "domain names" (such as ), which internet users can enter in their web browser to access specific sites. Lockheed Martin II, 141 F.Supp.2d at 650-51; Smith, 135 F.Supp.2d at 1160. A domain name is composed of two parts, separated by a period. The portion to the right of the period, i.e., the "com" in , is known as the "top level domain" or "TLD." Smith, 135 F.Supp.2d at 1160-61; see also American Girl, LLC v. Nameview, Inc., 381 F.Supp.2d 876, 879 (E.D.Wis.2005). The portion to the left of the period, generally a series of a numbers and letters chosen by the operator of the site, i.e., the "google" in , is known as the "second level domain" or "SLD." Smith, 135 F.Supp.2d at 1160-61.
One wishing to use a specific domain name must register the name with one of numerous competing companies known as *1095 registrars. In 1993, pursuant to a contract with the National Science Foundation, Network Solutions, Inc. ("NSI") became the sole registrar for domain names in the most commonly used TLD's (".com," ".net," ".org," and ".edu"). Id. at 1161. In 1998, the federal government adopted a policy favoring competitive domain name registration. "In furtherance of this policy, a private, non-profit corporation, the Internet Corporation for Assigned Names and Numbers (`ICANN'),[[2]] was formed to assume responsibilities `for managing the allocation of Internet Protocol numbers and the domain name system. Also as part of the transition to a competitive system, NSI's domain name registration service was divided into two separate units: a registrar and a registry." Id. The registry maintains a centralized, publicly accessible database of information concerning all domain names in a TLD, known as the Whois (or WHOIS) database;[3] this database is compiled from information submitted by registrars. Id. While there is only a single registry for each TLD, there are numerous competing registrars. Id. Registrars control the IP addresses associated with particular domain names.[4] Customers seeking to register specific domain names interact with registrars; the registrars submit information regarding domain names to the registry, which includes the information in the public Whois database. A registrar must be accredited by ICANN for each TLD in which it operates. As part of the certification process, all registrars must sign the ICANN Registrar Accreditation Agreement (the "ICANN agreement").[5]
Generally, an individual seeking to use a domain name submits an online application to a registrar. Id. at 1161-62. "[I]f someone submits an application for a particular domain name that already exists in the Registry WHOIS database by virtue of a prior registration, that name cannot be registered again, and the applicant is advised that the sought domain name is unavailable.... If there is no existing registration for a given SLD name within a given TLD, [however,] that domain name is considered available and generally may be registered on a first-come, first served basis." Id. at 1162. The registrant must provide personal and contact information that becomes part of the Whois database. American Girl, 381 F.Supp.2d at 879. The Whois database "allows all registrars to determine almost instantaneously which domain names are already registered and therefore unavailable to others," and "allow[s] a person whose registration application for a particular domain name has been denied as unavailable to determine which registrar registered the name he desires with the Registry." Smith, 135 F.Supp.2d at 1160-62.
*1096 The fact that "every person who wants to register a domain name either consents to put some sort of publicly accessible contact information on line, or is unable to register the domain name" has drawn criticism from privacy and free speech advocates. See Matthew Bierlin & Gregory Smith, Privacy Year in Review: Growing Problems with Spyware and Phishing, Judicial and Legislative Developments in Internet Governance, and the Impacts on Privacy, 1 I/S: J.L. & POL'Y FOR INFO. SOC'Y 279, 313-14 (2005); see also, e.g., Dawn C. Nunziato, Freedom of Expression, Democratic Norms, and Internet Governance, 52 EMORY L.J. 187, 256 (Winter 2003) ("Because of the important role anonymous speech serves within expressive forums which in turn are integral to democratic governmentsICANN should, in reevaluating its policies to accord meaningful protection for freedom of expression, revise its policy requiring domain name holders publicly to disclose their names and addresses. While protecting anonymous Internet speech is clearly an important component of free speech within the United States, it is even more important for ICANN to protect the identity of speakers from countries that are more inclined to retaliate against speakers based on the ideas they express"). ICANN has been reconsidering its policies in light of these concerns. Bierlin & Smith, supra, at 314. In addition, there has been a growth in "companies that will register domain names for individuals and act as a proxy by using the company's contact information." Id. Such services allow domain name registrants concerned with maintaining their privacy to remain anonymous. Naturally, these services also appeal to registrants who wish to conceal their identities for illegitimate purposes. Name-Cheap's provision of an anonymity service to Doe is central to the dispute before the court.

B. Allegations in Solid Host's Complaint

1. The Parties
Solid Host is a corporation based in the Netherlands, which is in the business of providing various internet-related services, including web hosting.[6] Defendant eNom is an ICANN-accredited registrar and a signatory to the ICANN agreement.[7] Defendant NameCheap is also an ICANN-accredited registrar and signatory to the ICANN agreement; Solid Host alleges that it "does not currently know whether [NameCheap] may have acted as [a registrar] in connection with the facts of this particular case."[8] In addition to functioning as a registrar, NameCheap offers an anonymity service known as "Whois-Guard," whereby NameCheap becomes the registered owner of a domain name desired by a customer, and licenses the domain name to the customer.[9] As a result, NameCheap's contact information rather than the customer's appears in the Whois database.[10] Defendant Doe is an anonymous individual described by Solid Host as a "hacker."[11]

2. Doe's Hijacking of Solid Host's Domain Name
Solid Host alleges that it is the owner of the domain name .[12] It *1097 registered this name through eNom in December 2004, and has used the domain name to conduct its business since that time.[13]
Solid Host asserts that on Monday, August 4, 2008, due to a "security breach" at eNom, "Doe unlawfully gained access to [Solid Host's] domain registration account," obtained Solid Host's login and password information, and "stole" the domain name .[14] According to the complaint, Doe "either by himself, or through his agent, defendant Name-Cheap... moved [Solid Host's] domain name to another domain registration account with ... eNom."[15] Doe "or Name-Cheap acting at Doe's direction" altered the IP address associated with , so that internet users accessing  viewed a website "controlled solely by Doe" rather than Solid Host's site.[16] The website stated that the domain name  was for sale, and provided an email address for inquiries.[17] Solid Host alleges that Doe and NameCheap entered into a contract pursuant to which NameCheap agreed to become the registrant for  listed in the Whois database and to "license[ ] the domain's operability and functionality back to Doe."[18] Once the registration for  was switched to a new account, Solid Host's owner, Andre Van Vliet, could no longer alter the IP address associated with the domain name to re-direct internet traffic to Solid Host's website.[19]
After discovering that he could no longer control the  web site, Van Vliet attempted to regain access of the domain name. Van Vliet contacted the email address listed on  and received an offer to sell the domain name for $12,000 from a different email address.[20] Because Doe demanded payment via wire transfer, Van Vliet refused to pay.[21]
Solid Host's counsel then made various unsuccessful attempts to recover the domain name through eNom; these are not pertinent to the present motion.[22] On August 8, 2008, Solid Host's counsel contacted NameCheap in a further attempt to regain control of the domain name.[23] Although Solid Host does not specifically allege how it learned of NameCheap's involvement, it presumably discovered that NameCheap was listed as the registrant for the domain name in the Whois database prior to contacting the company. Solid Host's counsel requested that Name-Cheap reveal the identity of the customer who had used NameCheap's "WhoisGuard" service to register  and asked that the company "immediately take whatever steps were in its power to cause the return of the [domain name] ... to [Solid Host's] control."[24]
NameCheap's counsel requested evidence of the purported theft.[25] Solid Host *1098 alleges that it provided "evidence, including (but not limited to) a sworn declaration of Andre Van Vliet attesting to the relevant facts."[26] NameCheap contacted Doe, who claimed that he had legitimately purchased the domain name.[27] NameCheap communicated this information to Solid Host's counsel, who denied that the domain named had been sold, and expressed the opinion that Doe's story was not credible.[28] NameCheap indicated that it would "remain neutral" in what it perceived to be a dispute between Solid Host and Doe, and refused to reveal Doe's identity.[29]

C. Procedural Background
Solid Host filed its initial complaint on August 18, 2008.[30] On August 21, 2008, it filed an ex parte application for temporary restraining order. The court granted the application on August 26, 2008.[31] The court directed eNom to transfer  to Solid Host's control, directed NameCheap to cooperate with eNom, and required it to transfer the domain name to Solid Host if eNom failed to effect a transfer. That same day, eNom returned control of the domain name to Solid Host.[32] On September 4, 2008, NameCheap revealed Doe's identity to Solid Host's counsel.[33] Solid Host has not sought to amend its complaint to substitute this individual for the fictitious Doe defendant.
The order granting Solid Host's application for temporary restraining order set September 4, 2008 as the date for a hearing on an order to show cause why a preliminary injunction should not issue. The parties stipulated to continue this hearing numerous times. Finally, on January 7, 2009, the parties stipulated to entry of a preliminary injunction. Solid Host filed an amended complaint on February 20, 2009, and a second amended complaint on February 27, 2009. On March 20, 2009, NameCheap filed the present motion.
The second amended complaint alleges three causes of action against NameCheap: cybersquatting in violation of the Anticybersquatting Consumer Protection Act ("ACPA"), 15 U.S.C. § 1125(d); breach of contract as a third party beneficiary; and unfair competition in violation of California's Unfair Competition Law (the "UCL"), California Business and Professions Code § 17200 et seq. NameCheap argues that because it is an accredited registrar, it is not subject to liability for cyberpiracy under the ACPA; that the complaint fails to state a claim for cybersquatting and breach of contract as a third party beneficiary; and that Solid Host's UCL claim fails because it is based on the cybersquatting claim and is not brought on behalf of the general public.[34]


*1099 II. DISCUSSION

A. Legal Standard Governing Motions to Dismiss under Rule 12(b)(6)
A Rule 12(b)(6) motion tests the legal sufficiency of the claims asserted in the complaint. Dismissal is proper only where there is either a "lack of a cognizable legal theory" or "the absence of sufficient facts alleged under a cognizable legal theory." Balistreri v. Pacifica Police Dep't, 901 F.2d 696, 699 (9th Cir.1988). The court must accept all factual allegations pleaded in the complaint as true, and construe them and draw all reasonable inferences from them in favor of the nonmoving party. Cahill v. Liberty Mutual Ins. Co., 80 F.3d 336, 337-38 (9th Cir.1996); Mier v. Owens, 57 F.3d 747, 750 (9th Cir.1995). It need not, however, accept as true unreasonable inferences or legal conclusions cast in the form of factual allegations. See Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 127 S.Ct. 1955, 1965, 167 L.Ed.2d 929 (2007) ("While a complaint attacked by a Rule 12(b)(6) motion to dismiss does not need detailed factual allegations, a plaintiff's obligation to provide the `grounds' of his `entitle[ment] to relief' requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do. Factual allegations must be enough to raise a right to relief above the speculative level, on the assumption that all the allegations in the complaint are true (even if doubtful in fact)" (citations omitted)).
In deciding a Rule 12(b)(6) motion, the court generally looks only to the face of the complaint and documents attached thereto. Van Buskirk v. Cable News Network, Inc., 284 F.3d 977, 980 (9th Cir. 2002); Hal Roach Studios, Inc. v. Richard Feiner & Co., Inc., 896 F.2d 1542, 1555 n. 19 (9th Cir.1990). It may, however, consider documents that are incorporated by reference, but not physically attached to, the complaint if they are central to plaintiffs claim and no party questions their authenticity. See Marder v. Lopez, 450 F.3d 445, 448 (9th Cir.2006) (in ruling on a motion to dismiss for failure to state a claim "[a] court may consider evidence on which the complaint `necessarily relies' if: (1) the complaint refers to the document; (2) the document is central to the plaintiff's claim; and (3) no party questions the authenticity of the copy attached to the 12(b)(6) motion," citing Branch v. Tunnell, 14 F.3d 449, 453-54 (9th Cir.1994), overruled on other grounds, Galbraith v. County of Santa Clara, 307 F.3d 1119 (9th Cir.2002)); see also Sanders v. Brown, 504 F.3d 903, 910 (9th Cir.2007) ("Review is generally limited to the contents of the complaint, but a court can consider a document on which the complaint relies if the document is central to the plaintiff's claim, and no party questions the authenticity of the document," citing Warren v. Fox Family Worldwide, Inc., 328 F.3d 1136, 1141 n. 5 (9th Cir.2003), and Chambers v. Time Warner, Inc., 282 F.3d 147, 153 n. 3 (2d Cir.2002)). The court may also properly consider matters that can be judicially noticed under Rule 201 of the Federal Rules of Evidence. Hal Roach Studios, Inc., 896 F.2d at 1555 n. 19; Branch, 14 F.3d at 454.

B. Whether Solid Host Has Stated a Cybersquatting Claim Against NameCheap

1. Standard Governing Liability for Cybersquatting Under the ACPA
Congress passed the ACPA in 1999 as an amendment to the Lanham Act. The statute is designed to reach activities that might otherwise fall outside the scope of the Lanham Act, i.e., the bad faith registration of domain names with intent to profit from the goodwill associated with the trademarks of another, or "cybersquatting." See S.Rep. No. 106-140, at 4 *1100 (1999); see also Porsche Cars N. Am., Inc. v. Porsche.Net, 302 F.3d 248, 260-61 (4th Cir.2002) ("We may and do conclude that the enactment of the ACPA eliminated any need to force trademark-dilution law beyond its traditional bounds in order to fill a past hole, now otherwise plugged, in protection of trademark rights. As the Second Circuit recently remarked, the ACPA `was adopted specifically to provide courts with a preferable alternative to stretching federal dilution law when dealing with cybersquatting,'" quoting Sporty's Farm L.L.C. v. Sportsman's Mkt., Inc., 202 F.3d 489, 497 (2d Cir.2000)).
According to the Senate Report accompanying the ACPA, cybersquatters are those who (1) "register well-known domain names in order to extract payment from the rightful owners of the marks"; (2) "register well-known marks as domain names and warehouse those marks with the hope of selling them to the highest bidder"; (3) "register well-known marks to prey on customer confusion by misusing the domain name to divert customers from the mark owner's site to the cybersquatter's own site"; or (4) "target distinctive marks to defraud customers, including to engage in counterfeiting activities." S.Rep. No. 106-140, quoted in Lucas Nursery and Landscaping, Inc. v. Grosse, 359 F.3d 806, 809 (6th Cir.2004); see also Bosley Medical Institute, Inc. v. Kremer, 403 F.3d 672, 680 (9th Cir.2005) ("[C]ybersquatting occurs when a person other than the trademark holder registers the domain name of a well known trademark and then attempts to profit from this by either ransoming the domain name back to the trademark holder or by using the domain name to divert business from the trademark holder to the domain name holder," quoting DaimlerChrysler v. The Net Inc., 388 F.3d 201, 204 (6th Cir.2004) (alteration original)); Interstellar Starship Services v. Epix, Inc., 304 F.3d 936, 946 (9th Cir.2002) ("Cybersquatting is the Internet version of a land grab. Cybersquatters register well-known brand names as Internet domain names in order to force the rightful owners of the marks to pay for the right to engage in electronic commerce under their own name"); N. Light Tech. v. N. Lights Club, 97 F.Supp.2d 96, 115 (D.Mass.2000) (noting that the ACPA was enacted "primarily in an effort to stop `cybersquatters who register numerous domain names containing American trademarks or tradenames only to hold them ransom in exchange for money,'" quoting H.R.Rep. No. 106-412, at 5), aff'd, 236 F.3d 57 (1st Cir.2001).
To establish liability under the ACPA, a plaintiff must prove, "without regard to the goods or services [offered by] the parties," that the defendant:
"(i) has a bad faith intent to profit from [a] mark . . .; and
(ii) registers, traffics in, or uses a domain name that
(I) in the case of a mark that is distinctive at the time of registration of the domain name, is identical or confusingly similar to that mark;
(II) in the case of a famous mark that is famous at the time of registration of the domain name, is identical or confusingly similar to or dilutive of that mark; or
(III) is a trademark, word, or name protected by reason of section 706 of Title 18 [the Red Cross] or section 220506 of Title 36 [the Olympics]." 15 U.S.C. § 1125(d)(1)(A).
See also Bosley Medical Institute, 403 F.3d at 681 ("[A] `trademark owner asserting a claim under the ACPA must establish the following: (1) it has a valid trademark entitled to protection; (2) its mark is distinctive or famous; (3) the defendant's domain name is identical or confusingly similar to, or in the case of famous marks, dilutive of, the owner's mark; and (4) the defendant used, registered, or trafficked in *1101 the domain name (5) with a bad faith intent to profit,'" quoting DaimlerChrysler, 388 F.3d at 204). The statute identifies nine non-exclusive factors that are relevant in evaluating a defendant's "bad faith intent." 15 U.S.C. § 1125(d)(1)(B)(i).[35]
ACPA also contains a safe harbor provision, which states: "Bad faith intent described under subparagraph (A) shall not be found in any case in which the court determines that the person believed and had reasonable grounds to believe that the use of the domain name was a fair use or otherwise lawful." 15 U.S.C. § 1125(d)(1)(B)(ii). In addition, several provisions of the statute shield domain name registrars from liability under certain circumstances. 15 U.S.C. § 1114(2)(D)(i) provides that "[a] domain name registrar, a domain name registry, or other domain name registration authority" shall not be liable for damages or, with certain exceptions, subject to injunctive relief for "refusing to register, removing from registration, transferring, temporarily disabling, or permanently canceling a domain name" in compliance with a court order or "in the implementation of a reasonable policy ... prohibiting the registration of a domain name that is identical to, confusingly similar to, or dilutive of another's mark." 15 U.S.C. § 1114(2)(D)(iii) provides that "[a] domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name."
This particular case raises several novel interpretative issues regarding the ACPA. In considering these issues, the court is mindful that the statute's scope is narrow. See Harrods Ltd. v. Sixty Internet Domain Names, 110 F.Supp.2d 420, 426 (E.D.Va.2000) ("Our statutory interpretation is consistent with the legislative history of the ACPA, which makes clear that *1102 the statute's scope is narrow"). ACPA was enacted to counter cybersquatting, a narrow class of wrongdoing defined as registering, trafficking in, or using domain names "similar to trademarks with the bad-faith intent to profit from the goodwill of the trademarks." Id. (quoting H.R.Rep. No. 106-412 (1999) and citing S.Rep. No. 106-140 (cybersquatting refers to the "deliberate, bad-faith, and abusive registration of Internet domain names in violation of the rights of trademark owners")); see also, e.g., Bosley Medical Institute, 403 F.3d at 680 ("[C]ybersquatting occurs when a person other than the trademark holder registers the domain name of a well known trademark and then attempts to profit from this by either ransoming the domain name back to the trademark holder or by using the domain name to divert business from the trademark holder to the domain name holder").
Several of the statutory interpretation questions before the court stem from the parties' efforts to apply the ACPA to a situation that does not involve traditional cybersquatting. The court therefore prefaces its analysis by noting the various ways in which this action differs from the "paradigmatic" cybersquatting scenario. See Lucas Nursery, 359 F.3d at 810 (citing Ford Motor Co. v. Catalanotte, 342 F.3d 543, 549 (6th Cir.2003) ("Registering a famous trademark as a domain name and then offering it for sale to the trademark owner is exactly the wrong Congress intended to remedy when it passed the ACPA")).
Typically, a cybersquatter registers a well-known trademark as a domain name before the trademark owner is able to register it. The prototypical cybersquatter is not, as Doe allegedly is, a "hacker" who "steals" an existing domain name. Rather, he is a speculator who registers a domain name not yet in use, taking advantage of the first-come first-served registration system, with the expectation that the domain name will be of value to the trademark owner. Unlike the usual cybersquatting victim, which has not yet registered its trade name, Solid Host alleges that it was the registrant of the domain name at issue, and had been for several years prior to the alleged theft.
This distinction between prototypical cybersquatting and hacking is not the only aspect of the case that differs from the norm. Doe purportedly obtained control of  by "hacking" into eNom's system and transferring the registration to a different account; he did not register the domain name himself in the first instance. After obtaining the registration, however, Doe proceeded as a typical cybersquatter would, attempting to ransom the domain name to Solid Host, the alleged trademark owner. Thus, analyzing Doe's liability under the ACPA would appear to be relatively straightforward. Doe's liability is not presently at issue, however. Rather, Solid Host seeks to hold NameCheap liable for cybersquatting because it refused to reveal Doe's identity. For its part, despite the fact that it did not act as a registrar in this case, NameCheap invokes the safe harbor provisions of the statute that were intended to shield registrars from liability for accepting domain name applications. The court first considers NameCheap's argument that it is immune from liability under the ACPA.

2. Whether NameCheap's Status as a Registrar Shields it from Liability
NameCheap advances two arguments in support of its contention that it cannot be held liable for cybersquatting because it is a registrar. Citing Lockheed Martin II, 141 F.Supp.2d 648, it asserts that "[b]y its own terms, the ACPA does not apply to domain name registrars such as NameCheap."[36]*1103 Additionally, it contends that the safe harbor provisions of § 1114(2)(D) shield it from liability.[37]
Drawing all inferences in Solid Host's favor, although NameCheap is an ICANN-accredited registrar, it did not act in that capacity in this case.[38] A registrar is a company that accepts and processes applications for domain name registrations. Solid Host initially registered  through eNom. Although Doe gained control of  in a manner that the complaint does not detail fully, it appears clear that he did not gain access to the domain name by submitting an application to NameCheap to register it. Had he attempted to register  through a registrar, in fact, he would have been informed that the domain name was already in use. Instead, Doe gained access to eNom's system and made two changes related to . He altered the IP address associated with the domain name so that it corresponded to an IP address in his control, and he altered the registration information to indicate that NameCheap, rather than Solid Host, was the registrant.[39] NameCheap did not use the domain name but licensed it back to Doe.
As can be seen, Solid Host does not allege that NameCheap acted as a registrar; that is, it did not allege that NameCheap processed the registration for , either for Doe or on its own behalf. Although some registrars, perhaps including NameCheap, offer anonymity services at the time of registration, see Ian J. Block, Comment, Hidden Whois and Infringing Domain Names: Making the Case for Registrar Liability, 2008 U. CHI. LEGAL F. 431, 431-32 (2008), Solid Host alleges that Doe used NameCheap's anonymity service independent of its domain name registration service. Whether the statutory protection afforded registrars in § 1114(2)(D) applies to registrars who provide services other than processing applications for domain name registration, simply by virtue of their status as accredited registrars, is apparently a question of first impression.[40] Before examining the specific safe harbors set forth in § 1114(2)(D), the court addresses NameCheap's argument that registrars cannot be held liable under the ACPA under any circumstances.

a. Whether Lockheed Martin II Grants Registrars Blanket Immunity from Liability Under the ACPA
Although the safe harbors for registrars provided by § 1114(2)(D) apply only in specific circumstances, NameCheap argues that registrars can never be held liable *1104 under the ACPA. In asserting an entitlement to blanket immunity, NameCheap relies solely on Lockheed Martin II. There, Lockheed Martin Corporation sued NSI, a domain name registrar, arguing that NSI had "failed to protect" it by accepting the registration of domain names that infringed its trademarks.[41]Lockheed Martin II, 141 F.Supp.2d at 649-50. The court concluded that NSI was entitled to summary judgment on Lockheed Martin's ACPA claim. It stated: "Having studied the language of § 1125(d) in the light of the summary judgment record, the court cannot conclude that it creates a cause of action against defendant as a domain name registrar or registry." Id. at 655. Citing this sentence, NameCheap contends that the statute affords registrars blanket immunity from liability. NameCheap overlooks the context of the court's statement. The court concluded "in the light of the summary judgment record" before it that NSI could not be held liable. It did not purport to extend the ruling to every potential factual scenario involving a registrar.
Indeed, a close examination of Lockheed Martin II reveals that it stands merely for the proposition that a registrar is not liable under § 1125(d) when it acts a registrar, i.e., when it accepts registrations for domain names from customers. The court first noted that there was "no summary judgment evidence that [defendant was] a person who ... had a `bad faith intent to profit from' specific marks, 15 U.S.C. 1125(d)(1)(A)(i), that [were] registered with it or contained in its registry." Id. at 654. It then explained that "none of the conditions and conduct listed" in § 1125(d)(1)(B)(i) as relevant to a finding of bad faith "would be applicable to a person functioning solely as a registrar or registry of domain names." Id. at 655 (emphasis added). Next, the court observed that none of the actions triggering liability under the statute is the type of conduct in which registrars engage when acting in their capacity as registrars:
"Moreover, the court has concluded that there is no summary judgment evidence that defendant fits within the (ii) clause of § 1125(d)(1)(A). There is no evidence that defendant is a person that `registers, traffics in, or uses a domain name....' The word `registers,' when considered in context, obviously refers to a person who presents a domain name for registration, not to the registrar. The `traffics in' part of clause (ii) is defined by § 1125(d)(1)(E) to mean `transactions that include, but are not limited to, sales, purchases, loans, pledges, licenses, exchanges of currency, and any other transfer for consideration or receipt in exchange for consideration.' There is no summary judgment evidence that defendant has engaged in transactions of any of those kinds in reference to domain names. Section 1125(d)(1)(D) expressly limits the `uses' feature to the domain name registrant or the registrant's authorized licensee." Id.

Thus, Lockheed Martin held only that, where the record indicates that a defendant did nothing more than act as a registrar, no liability under § 1125(d) will lie.
As the court explained, to be liable under § 1125(d), a defendant must register, traffic in, or use a domain name. As used in the statute, to "register" means to register *1105 a domain name by submitting an application to a registrar. "Trafficking" refers to selling and licensing domain names and similar activity. A registrar that processes domain name registration applications does not register or traffic in domain names as those terms are used in the statute (although the registrar presumably "registers" the domain name from which it conducts its business as a registrar). Similarly, § 1125(d)(1)(D) implicitly limits registrars' liability for "use" of an infringing domain name. That section provides that "[a] person shall be liable for using a domain name under subparagraph (A) only if that person is the domain name registrant or that registrant's authorized licensee." Because a registrar, in its capacity as such, is merely an intermediary that registers domain names, and does not typically act as a domain name registrant or licensee (except, again, of its own domain name), this provision provides some protection for registrars. Nothing in Lockheed Martin II, however, suggests that a registrar is immune under the ACPA when it acts other than as a registrar. Indeed, to the extent that NameCheap was the registrant of the domain name and "used" the name, this section would support the imposition of liability on it, not a grant of immunity to it.
NameCheap's blanket immunity argument, moreover, is inconsistent with the fact that ACPA provides safe harbors for registrars in limited circumstances. The provision of limited safe harbors would be unnecessary if the statute provided sweeping immunity. The court therefore turns to whether the safe harbors apply to actions taken by a registrar in some other capacity.

b. Whether NameCheap Is Immune Under Section 1114(2)(D)
As noted, § 1114(2)(D) provides statutory safe harbors for registrars under various circumstances. Section 1114(2)(D)(i) provides that "[a] domain name registrar, a domain name registry, or other domain name registration authority" shall not be liable for damages or, with some exceptions, subject to injunctive relief, for "refusing to register, removing from registration, transferring, temporarily disabling, or permanently canceling a domain name" when such action is in compliance with a court order or "in the implementation of a reasonable policy ... prohibiting the registration of a domain name that is identical to, confusingly similar to, or dilutive of another's mark."
ACPA's legislative history indicates that this section was intended to "encourage[] domain name registrars and registries to work with trademark owners to prevent cybersquatting...." See S.Rep. No. 106-140, at 11. It contemplates that registrars will respond to trademark owners' complaints and help to resolve disputes between domain name registrants and trademark holders, either by adopting policies targeted at preventing cybersquatting, or, where the parties have taken their dispute to court, through compliance with court orders. Based on the factual allegations in the complaint, NameCheap is not in a position in this case to "work with [the] trademark owner[] to prevent cybersquatting" in the manner contemplated by the safe harbor. Instead of occupying the neutral position envisioned for registrars by the statute, NameCheap is, by virtue of the anonymity service it provides, the registrant of a domain name that allegedly infringes Sold Host's trademark. NameCheap is not "work[ing] with trademark owners to prevent cybersquatting" by providing an anonymity service; although the service has legitimate uses, as this action demonstrates, preventing cybersquatting is not one of them. The court thus concludes that § 1114(2)(D)(i) was not intended to shield registrars from liability for actions outside their core function as registrars. While § 1114(2)(D)(I) might protect *1106 NameCheap if it acted as the registrar for , given the allegations in the complaint, the court must assume for purposes of this motion that it did not act as registrar of the name. Further, the complaint does not allege that Name Cheap registered, removed from registration, temporarily disabled or permanently cancelled the Solid Host domain name.
Section 1114(2)(D)(iii) provides that "[a] domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name." The purpose of this provision is to "promote[] the continued ease and efficiency users of the current registration system enjoy by codifying current case law limiting the secondary liability of domain name registrars and registries for the act of registration of a domain name." S.Rep. No. 106-140, at 11. Thus, this safe harbor applies to "the act of registration of a domain name," an action that the complaint alleges eNom, not NameCheap, took here. Given the facts alleged by Solid Host, the provision is inapplicable. Additionally, because "bad faith intent to profit" is an element of liability under § 1125(d), the provision adds little to the basic liability analysis.
For all of these reasons, the court concludes that NameCheap's status as an accredited registrar does not shield it from liability in cases where it did not act as a registrar. Because the court assumes for purposes of this motion that NameCheap did not act as registrar for , the fact that NameCheap is an accredited registrar does not prevent from Solid Host from stating a claim against it. The court thus considers whether Solid Host has adequately pled the elements of a cybersquatting claim against it.

3. Whether Solid Host's Has Alleged Ownership of a Protected, Distinctive Mark
To plead a cyberpiracy claim, Solid Host must first allege that it is the owner of a protected, distinctive mark. Bosley Medical Institute, 403 F.3d at 681. Under the Lanham Act, a mark[42] is "distinctive" if it is either "inherently distinctive" or if it has acquired secondary meaning, i.e., if people associate the mark with a particular source. See, e.g., Kendall-Jackson Winery, Ltd. v. E. & J. Gallo Winery, 150 F.3d 1042, 1047 (9th Cir.1998); Levi Strauss & Co. v. Blue Bell, Inc., 632 F.2d 817, 820 (9th Cir.1980).[43]
*1107 Solid Host alleges that its "services using  have been visible and available throughout the United States," and that it has used the mark in interstate and international commerce with American customers."[44] It alleges that it registered the domain name  in December 2004, and that it has used the name actively in conducting its web hosting business since that time.[45] On this basis, it asserts that it has acquired common law trademark rights in the "Solid Host" mark.[46]
NameCheap contends that Solid Host's complaint "offers no evidence or even an allegation showing ... that the Solid Host is a mark that is inherently distinctive or... that the mark has acquired distinctiveness through secondary meaning."[47] Solid Host is, of course, not required to adduce "evidence" to survive a motion to dismiss. Further, because the existence of secondary meaning "may be `inferred from evidence relating to the nature and extent of the public exposure achieved by the designation,' or from proof of intentional copying," see Ashlar, Inc. v. Structural Dynamics Research Corp., No. C-94-4344 WHO, 1995 WL 639599, *5 (N.D.Cal. June 23, 1995) (quoting Paper-Cutter, Inc. v. Fay's Drug Co., 900 F.2d 558, 564 (2d Cir.1990)), a plaintiff asserting *1108 ownership of a common law trademark need not specifically allege the existence of secondary meaning to survive a motion to dismiss. See id. (denying motion to dismiss on ground that counterclaimant who alleged common law trademark failed to plead secondary meaning, and concluding that "[a]lthough Graphsoft may ultimately be unable to prove a secondary meaning,... Graphsoft is not required to plead secondary meaning in its countercomplaint"); see also Mid-West Management, Inc. v. Capstar Radio Operating Co., No. 04-C-720-C, 2005 WL 503817, *4-5 (W.D.Wis. Mar. 1, 2005) (plaintiffs allegations that in 2004, "it began using the phrase `Madison's Progressive Talk' in its WTDY radio broadcasts to identify the source of the broadcasts and that the company ha[d] continued to use the phrase `Madison's Progressive Talk' since that date in its broadcasts and in advertising," liberally construed, were sufficient to "suggest that the phrase ha[d] become associated with WTDY," and "[p]laintiff's failure to allege that the phrase ha[d] acquired secondary meaning in its amended complaint [was] not fatal to its infringement claims"); see generally Thomas McCarthy, McCARTHY ON TRADEMARKS AND UNFAIR COMPETITION § 32:202 (observing that some courts have "held that in alleging infringement of a descriptive term, it is not necessary to specifically allege that the term has acquired a secondary meaning").
Here, Solid Host's allegation that it has consistently used the "Solid Host" mark in commerce with American customers since 2004, construed liberally in its favor, suggests that the phrase "Solid Host" has become associated in customers' minds with the company's services. See Levi Strauss, 632 F.2d at 820 ("The basic element of secondary meaning is a mental recognition in buyers' and potential buyers' minds that products connected with the symbol or device emanate from or are associated with the same source. As recognized in this circuit, `(s)econdary meaning has been defined as association nothing more,'" quoting Carter-Wallace, Inc. v. Procter & Gamble Co., 434 F.2d 794, 802 (9th Cir.1970) (alteration original)); Mid-West Management, 2005 WL 503817 at *4-5 (an allegation that a radio station used a phrase in its broadcasts to identify the source of programming gave rise to an inference that customers identified the phrase with the station, and was sufficient to plead distinctiveness).
In addition, Solid Host has alleged that Doe intentionally took control of the domain name , which raises an inference that the mark is distinctive. See Ashlar, 1995 WL 639599 at *5 (intentional copying is evidence of distinctiveness). Based on these allegations, the court concludes that Solid Host has sufficiently pled ownership of a protected, distinctive mark. Because the domain name  is identical to Solid Host's alleged trademark, the requirement that the domain name be identical or confusingly similar to the protected mark is met as well.

4. Whether Solid Host Sufficiently Alleges NameCheap's Bad Faith with Intent to Profit
To state a cyberpiracy claim, Solid Host must also plead that NameCheap "ha[d] a bad faith intent to profit from [Solid Host's] mark." See 15 U.S.C. § 1125(d)(1)(A)(i). The requirement of bad faith intent to profit from the mark is distinct from the requirement that defendant "register[], traffic[] in, or use[] a domain name." See 15 U.S.C. § 1125(d)(1)(A)(ii); Fare Deals Ltd. v. World Choice Travel.Com, Inc., 180 F.Supp.2d 678, 683 (D.Md.2001) ("Under the federal Anticybersquatting Consumer Protection Act ..., Fare Deals cannot state a valid claim unless it can allege that [defendant] had `a bad faith intent to profit *1109 from' Fare Deal's mark and `register[ed], traffic[ked] in, or use[d]' an infringing domain name," citing Virtual Works, Inc. v. Volkswagen of Am., Inc., 238 F.3d 264, 269-70 (4th Cir.2001)) (engaging in a two-pronged inquiry regarding use and bad faith under the ACPA (emphasis added)).
The bad faith required to support a cybersquatting claim is not general bad faith, but "a bad faith intent to profit from the mark," 15 U.S.C. § 1125(d)(1)(A)(i) (emphasis added). Thus, the defendant must intend to profit specifically from the goodwill associated with another's trademark. See Lucas Nursery, 359 F.3d at 810 ("In its report on the ACPA, the Senate Judiciary Committee distilled the crucial elements of bad faith to mean an `intent to trade on the goodwill of another's mark,'" quoting S.Rep. No. 106-140, at 9); Sporty's Farm, 202 F.3d at 495 (Congress enacted the ACPA "`to protect consumers and American businesses, to promote the growth of online commerce, and to provide clarity in the law for trademark owners by prohibiting bad-faith and abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodwill associated with such marks,'" quoting S.Rep. No. 106-140, at 4 (emphasis added)); id. at 499 n. 13 ("We expressly note that `bad faith [and] intent to profit' are terms of art in the ACPA and hence should not necessarily be equated with `bad faith' in other contexts"); Healix Infusion Therapy, Inc. v. Murphy, Civil Action No. H-08-0337, 2008 WL 4155459, *4 (S.D.Tex. Sept. 2, 2008) ("The ACPA makes a person who in bad faith seeks to profit from the goodwill associated with an owner's mark liable to the mark owner for damages"); H.R. Conf. Rep. No. 106-464 (1999) ("[T]he bill does not extend to innocent domain name registrations by those who are unaware of another's use of the name, or even to someone who is aware of the trademark status of the name but registers a domain name containing the mark for any reason other than with bad faith intent to profit from the goodwill associated with that mark," quoted in Harrods, 110 F.Supp.2d at 426 (emphasis added)); S.Rep. No. 106-140 ("Under the bill ... the abusive conduct that is made actionable is appropriately limited just to badfaith registrations and uses of others' marks by persons who seek to profit unfairly from the goodwill associated therewith," quoted in Harrods, 110 F.Supp.2d at 426 (emphasis added)).
Here, the sum total of Solid Host's allegations regarding NameCheap's bad faith is that NameCheap acted in bad faith by refusing to reveal Doe's identity "after being presented with facts that would cause a reasonable person to conclude that Doe had stolen the domain [name]."[48] The complaint alleges that "NameCheap profited by charging a fee for the anonymity registration service it provided to Doe, [that it] ... also profited by maintaining the anonymous registration ... after being presented with facts that would cause a reasonable person to conclude that Doe had stolen the domain;" and that "Name-Cheap has an economic incentive to resist any attempts to expose [its customers'] identities, even where it is presented with reasonable evidence that it has registered stolen property, i.e., a domain name that was hacked and stolen by the party ... seeking anonymity protection from it."[49] Based on these allegations, Solid Host concludes that "NameCheap had a bad faith intent to profit from [Solid Host's] service mark ...."[50]
Solid Host's reliance on these allegations to infer a bad faith intent to profit from its *1110 mark fails. Nothing in the complaint suggests that by affording Doe the benefits of anonymous registration, NameCheap sought to benefit in any way from the goodwill associated with Solid Host's mark. The only bad faith alleged is NameCheap's provision of an indisputably legal anonymous registration service without attempting to screen out customers who wish to use it to cybersquat; and its decision to maintain its customer's anonymity when presented with evidence that its services had been used for this illegitimate purpose.[51] The only intent to profit alleged is linked to NameCheap's operation and promotion of its anonymity service; none of Solid Host's allegations suggests that NameCheap intended to profit from the goodwill associated with the Solid Host trademarks.
Whether NameCheap's refusal to reveal Doe's identity might constitute bad faith in some other context is irrelevant. See Sporty's Farm, 202 F.3d at 499 n. 13 (bad faith intent to profit is a term of art with a specific legal meaning under the ACPA). Liability under the ACPA requires a bad faith intent to profit from the goodwill of another's mark; the statute was not meant to prohibit actions outside its scope simply because they were undertaken in "bad faith," or with a motive to profit illegitimately. See id.; Harrods, 110 F.Supp.2d at 426 ("[T]he legislative history of the ACPA ... makes clear that the statute's scope is narrow"). Because Solid Host has not pled facts sufficient to support the legal conclusion that NameCheap acted with a bad faith intent to profit from Solid Host's mark, as that term is used in § 1125(d), the second amended complaint fails to state a claim for cybersquatting against NameCheap. See Bell Atlantic, 127 S.Ct. at 1965 (the court need not accept legal conclusions cast as factual allegations).[52]
*1111 This failure, however, may not be fatal. The complaint plainly states a claim for cybersquatting against Doe. It alleges that he offered to sell the domain name to Solid Host after pirating it. This constitutes trafficking in the domain name with a bad faith intent to profit from Solid Host's mark. See Catalanotte, 342 F.3d at 549 ("[W]hen Catalanotte registered the domain name FORDWORLD.COM and later offered it for sale to Ford, he trafficked in the domain name for the purposes of the ACPA"). The court therefore considers whether NameCheap can be held contributorily liable.

5. Whether Solid Host Has Stated a Claim for Contributory Liability

a. Legal Standard Governing Contributory Liability Under the Lanham Act
It appears that, in addition to pleading that NameCheap is directly liable for cybersquatting, Solid Host also asserts a claim for "contributory cybersquatting."[53] See Newborn v. Yahoo!, Inc., 391 F.Supp.2d 181, 190 (D.D.C.2005) ("The Court also notes that it is unclear whether the plaintiff is alleging a direct trademark infringement action against the defendants or a contributory trademark infringement *1112 action. However, it does appear that because the plaintiff alleges that the defendants `have allowed other parties['] unauthorized use of Plaintiff's registered domain names' ... that he is raising a contributory trademark infringement claim").
In general, "[c]ontributory [trademark] infringement occurs when the defendant either intentionally induces a third party to infringe the plaintiff's mark or supplies a product to a third party with actual or constructive knowledge that the product is being used to infringe the service mark." Lockheed Martin Corp. v. Network Solutions, Inc., 194 F.3d 980, 983 (9th Cir.1999) ("Lockheed Martin I") (citing Inwood Lab., Inc. v. Ives Lab., Inc., 456 U.S. 844, 853-54, 102 S.Ct. 2182, 72 L.Ed.2d 606 (1982)); see also Perfect 10, Inc. v. Visa Intern. Service Ass'n, 494 F.3d 788, 807 (9th Cir.2007) ("To be liable for contributory trademark infringement, a defendant must have (1) `intentionally induced' the primary infringer to infringe, or (2) continued to supply an infringing product to an infringer with knowledge that the infringer is mislabeling the particular product supplied," citing Inwood Lab., 456 U.S. at 855, 102 S.Ct. 2182). Where the defendant supplies the infringer with a service rather than a product, however, courts "consider the extent of control exercised by the defendant over the third party's means of infringement" in analyzing whether a claim for contributory infringement lies. Lockheed Martin I, 194 F.3d at 984 (citing Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d 259, 265 (9th Cir.1996), and Hard Rock Cafe Licensing Corp. v. Concession Servs., Inc., 955 F.2d 1143, 1148-49 (7th Cir.1992)); see also Perfect 10, 494 F.3d at 807 ("When the alleged direct infringer supplies a service rather than a product, under the second prong of this test, the court must `consider the extent of control exercised by the defendant over the third party's means of infringement,'" quoting Lockheed Martin I, 194 F.3d at 984); Louis Vuitton Malletier, S.A. v. Akanoc Solutions, Inc., 591 F.Supp.2d 1098, 1111 (N.D.Cal.2008) ("[W]hen a defendant offers a service instead of a product, a plaintiff can base its contributory trademark infringement claim on the `extent of control' theory or the `intentional inducement' theory").
Under the extent of control theory, "a plaintiff must prove that the defendant had knowledge and `[d]irect control and monitoring of the instrumentality used by the third party to infringe the plaintiff's mark.'" Louis Vuitton, 591 F.Supp.2d at 1111 (quoting Lockheed Martin I, 194 F.3d at 984); see also Perfect 10, 494 F.3d at 807 ("For liability to attach, there must be `[d]irect control and monitoring of the instrumentality used by a third party to infringe the plaintiff's mark,'" quoting Lockheed Martin I, 194 F.3d at 984). Courts have applied this theory to cybersquatting claims under the ACPA. See Ford Motor Co. v. Greatdomains.Com, Inc., 177 F.Supp.2d 635, 646 (E.D.Mich.2001).

b. The Extent of NameCheap's Control over Doe's Means of Cybersquatting
NameCheap supplied an anonymous domain name registration service, which Doe allegedly used to "steal" Solid Host's domain name and hold it for ransom. Because NameCheap offered a service rather than an infringing product, Solid Host must show that NameCheap either intentionally induced Doe to cybersquat or directly controlled and monitored the instrumentality used by Doe. There are no allegations that NameCheap induced Doe's cybersquatting. As respects direct control and monitoring of the instrumentality Doe used to infringe, the court finds the Ninth Circuit's analysis in Lockheed Martin I instructive on the application of this framework to domain name piracy.
*1113 There, the court considered whether NSI, as a registrar, could be liable for contributory infringement because it accepted for registration domain names that infringed Lockheed Martin's trademarks.[54]Lockheed Martin I, 194 F.3d at 983. The court first noted that the case "involve[d] a fact pattern squarely on the `service' side of the product/service distinction suggested by Inwood Lab. and its offspring" Id. It then explained that the "direct control and monitoring" rule in service-based contributory infringement cases evolved in the "context of renting booth space at a flea market." See id. at 984 (citing Hard Rock Cafe, 955 F.2d at 1148-49). In Hard Rock Cafe, the Seventh Circuit concluded that a flea market operator could be held liable for the sale of infringing products at the market, citing "the close comparison between the legal duty owed by a landlord to control illegal activities on his or her premises and by a manufacturer to control illegal use of his or her product." See id. (construing Hard Rock Cafe). The Ninth Circuit adopted the analysis of the Hard Rock Cafe court in Fonovisa, "holding that a flea market could be liable for contributory infringement if it `suppl[ied] the necessary marketplace' for the sale of infringing products." See id. (quoting Fonovisa, 76 F.3d at 265).
In Lockheed Martin I, the Ninth Circuit rejected Lockheed Martin's efforts to characterize the case in a way that would fit the Hard Rock Cafe framework. The court first observed that "[w]here domain names are used to infringe, the infringement does not result from NSI's publication of the domain name list, but from the registrant's use of the name on a web site or other Internet form of communication in connection with goods or services.... NSI's involvement with the use of domain names does not extend beyond registration." Id. at 985 (quoting district court, Lockheed Martin Corp. v. Network Solutions, Inc., 985 F.Supp. 949, 962 (C.D.Cal. 1997)). Next, the court observed that NSI's service did not "entail the kind of direct control and monitoring required to justify an extension of the `supplies a product' requirement." Id. It noted that "[w]hile the landlord of a flea market might reasonably be expected to monitor the merchandise sold on his premises, NSI [could not] reasonably be expected to monitor the Internet." Id. (quoting the district court's opinion at 985 F.Supp. at 962). Finally, the court addressed "Lockheed['s] characteriz[ation] [of] NSI's service as a licensing arrangement with alleged third-party infringers." Id. While the court acknowledged that the registration agreement constituted a license, it did not find this dispositive; rather, the issue was whether NSI as registrar retained direct control over the thing licensed:
"Although we accept Lockheed's argument that NSI licenses its routing service to domain-name registrants, the routing service is just thata service. In Fonovisa and Hard Rock, by contrast, the defendants licensed real estate, with the consequent direct control over the activity that the third-party alleged infringers engaged in on the premises. Hard Rock, 955 F.2d at 1149; see Fonovisa, 76 F.3d at 265." See id.

See also Fare Deals, 180 F.Supp.2d at 689 (discussing Lockheed Martin I and stating that "[t]he key distinction between the potentially infringing conduct in Hard Rock Cafe and Fonovisa and that of NSI lay in what the defendants were licensing").
In Ford Motor Co., 177 F.Supp.2d at 646, the district court applied the direct *1114 control and monitoring test to a cybersquatting claim, and held that the owner of an auction website was not contributorily liable under the ACPA. The website facilitated users' sales of domain names and defendant, the site's owner, collected commissions on the sales. Id. Plaintiff claimed that domain names sold through the site infringed its trademarks, and sought to hold defendant contributorily liable for cybersquatting. It asserted that, like a flea market owner, defendant "provided `the necessary marketplace' for the ... alleged cybersquatting." Id. (quoting Lockheed Martin I, 194 F.3d at 984-85). Addressing this argument, the court considered expansion of the direct control and monitoring rule to the cybersquatting context:
"Although the `flea market' analysis generally has been applied in the infringement context, a similar standard arguably could be applied to allegations of cybersquatting. However, because the ACPA requires a showing of `bad faith intent'a subjective element not required under traditional infringement, unfair competition, or dilution claims the standard would be somewhat heightened. For example, it would be insufficient that an entity such as [defendant] were merely aware that domain names identical or similar to protected marks were being sold over its website. Rather, because legitimate uses of others marks are protected under the ACPA, a plaintiff would have to demonstrate that the `cyber-landlord' knew or should have known that its vendors had no legitimate reason for having registered the disputed domain names in the first place. Because an entity such as [defendant] could not be expected to ascertain the good or bad faith intent of its vendors, contributory liability would apply, if at all, in only exceptional circumstances." See id. at 647.
As "[n]o such exceptional circumstances [were] alleged" in the case before it, the court concluded that plaintiff had failed to state a claim for cybersquatting. Id.
In Fare Deals, 180 F.Supp.2d at 689-91, the district court applied Lockheed Martin I to analyze a trademark claim based on an infringing domain name. While the plaintiff, Fare Deals, Ltd., alleged a traditional infringement claim rather than a cybersquatting claim, Fare Deals is nonetheless instructive. Fare Deals asserted that the operators of a website with the domain name  infringed its trademark. Id. at 681. Among the defendants was HRN, a company that maintained a different website where customers could book hotel reservations. Id. HRN entered into an affiliate agreement with the operators of "faredeals.com," whereby  displayed banner advertisements linking to HRN's website, and the operators of  received a commission on every sale generated by the links. Id. Because HRN did not own or control , the court concluded that it could not be held directly liable for infringement. Id.
It next examined whether HRN could be held contributorily liable for 's infringement. See id. at 689-91. Citing Lockheed Martin I's discussion of the direct control and monitoring rule, the court considered the flea market context in which the rule originated. It observed that "the flea-market operators were providing the very medium through which the infringing vendors conducted their businesses. If the flea-market operators had stopped providing the vendors space, the vendors would have been forced to shut down completely." See id. at 689-90. The court contrasted this with that HRN's service, which was not necessary to 's infringement; rather, it stated, "[i]f HRN severed its link to , the infringement could readily continue." Id. *1115 at 690. The court thus found HRN's position more analogous to that of the temporary worker who assembles an infringer's booth at a flea market than to the owner of the market itself. Unlike the owner, the temporary worker is not liable for contributory infringement. Id.
The court also considered the knowledge element required for a finding of contributory infringement. It noted that there were no facts suggesting that HRN had any knowledge of the infringement before Fare Deals, mistakenly believing that HRN owned and controlled the site, sent it a letter demanding that  be taken down. Id. The court observed that "[t]he demand letter ... gave HRN knowledge of Fare Deals' ... position with respect to infringement by the  site; it may also have given HRN reason to suspect [that] it might be linked to a site infringing Fare Deals' mark and so have given rise to an obligation on the part of HRN to investigate the matter." Id.
The court noted, in this regard, that, under Hard Rock Cafe, "willful blindness"defined as a "deliberate failure to investigate suspected wrongdoing"could satisfy the knowledge requirement for contributory infringement. Id. (citing Hard Rock Cafe, 955 F.2d at 1149). It concluded, however, that notice of Fare Deals' position "did not ... obligate HRN to immediately terminate the link from the disputed web site." See id. (comparing Hard Rock Cafe, 955 F.2d at 1149 (suggesting that a flea market operator, without knowing more, may not have been obligated to take action against a vendor simply because it learned that the vendor was selling inexpensive T-shirts with cut labels) with Fonovisa, 76 F.3d at 261 (holding that a flea market operator had sufficient knowledge of infringement and should have taken action when the sheriff raided the market, seized 38,000 counterfeit music recordings, and notified the operator that there were ongoing sales of infringing materials)).
The Fare Deals court found it unclear "what an investigation by HRN could have uncovered," since an investigation "would have disclosed no more than that the site's domain name was indeed . It would not, self-evidently, have disclosed any infringement of the `Fare Deals' mark, which was, as yet, unregistered." Id. at 690-91. The court therefore concluded that even if Fare Deals could have established that HRN directly monitored or controlled the means of infringement, it could not establish HRN's knowledge of the infringement. Id. at 691.
Turning to the present case, NameCheap's position is closer to that of a flea market operator or the owner of the auction site in Ford Motor Co. than it is to that of HRN in Fare Deals or a registrar like NSI in Lockheed Martin I. NameCheap acted as the registrant for the domain name utilized in Doe's cybersquatting scheme, which it then licensed to Doe. Solid Host alleges that, while the website was "controlled solely by Doe," NameCheap had the ability to transfer the domain name to Solid Host or to reveal Doe's identity.[55] Thus, NameCheap was, to borrow a phrase from Ford Motor Co., the "cyber-landlord" of the internet real estate stolen by Doe, i.e., the domain name . See Ford Motor Co., 177 F.Supp.2d at 647. Just as the auction website in Ford Motor Co. provided an essential forum for traffic in domain names, NameCheap's anonymity service was central to Doe's cybersquatting scheme. If NameCheap had returned the domain name to Solid Host, Doe's illegal activity would have ceased. This crucial *1116 factor distinguishes NameCheap from defendants like HRN in Fare Deals, who merely receive link traffic from an infringing website, and from a registrar like NSI, which provides nothing more than a registration service. As alleged in the complaint, NameCheap's ability to monitor and control the instrumentality used by Doe to engage in cybersquatting satisfies the direct control and monitoring requirement necessary to plead a contributory liability claim.
Solid Host must also allege that NameCheap knew of Doe's cybersquatting, however. See Louis Vuitton, 591 F.Supp.2d at 1111. To allege this element, Solid Host must plead not only that NameCheap knew that Doe was trafficking in a domain name similar or identical to Solid Host's mark, but also that knew that Doe was doing so with bad faith intent to profit from Solid Host's mark. See 15 U.S.C. § 1125(d)(1)(A)(i)-(ii); Ford Motor Co., 177 F.Supp.2d at 647 ("[B]ecause the ACPA requires a showing of `bad faith intent'a subjective element not required under traditional infringement, unfair competition, or dilution claims ... it would be insufficient that an entity such as [defendant] were merely aware that domain names identical or similar to protected marks were being sold over its website"). Because some people use its services for legitimate reasons, NameCheap cannot be expected to analyze the good or bad faith of every customer who wishes to remain anonymous online. See Ford Motor Co., 177 F.Supp.2d at 647 ("[A]n entity such as [defendant] could not be expected to ascertain the good or bad faith intent of its vendors"); cf. Lockheed Martin I, 194 F.3d at 984-85 ("While the landlord of a flea market might reasonably be expected to monitor the merchandise sold on his premises, NSI cannot reasonably be expected to monitor the Internet"). Because of this, and because a defendant in NameCheap's position may not easily be able to ascertain a customer's good or bad faith, the court agrees with the Ford Motor Co. court that "exceptional circumstances" must be shown to prove the degree of knowledge required to impose contributory liability for cybersquatting. See Ford Motor Co., 177 F.Supp.2d at 647.
The complaint alleges that Solid Host gave NameCheap "evidence, including (but not limited to) a sworn declaration of Andre Van Vliet attesting to the relevant facts," which "would have led a normal and prudent person to conclude that the domain it registered had been stolen."[56] Based on this allegation, the court cannot conclude, as matter of law, that Solid Host will be unable to prove exceptional circumstances satisfying the knowledge requirement for contributory liability. What constitutes exceptional circumstances, and whether they can be proved in this case are matters that can only be addressed on a more fully developed factual record. The court, however, offers a few preliminary observations. As Fare Deals suggests, in the case of cybersquatting, mere receipt of a demand from a third party will not generally suffice to provide notice of the illegitimate use of a domain name so as to justify the imposition of contributory liability. See Fare Deals, 180 F.Supp.2d at 690. The demand gives notice only of the third party's position regarding the matter. Where the demand is accompanied by sufficient evidence of a violation, the defendant may have a duty to investigate. The extent of that duty, however, will be circumscribed by the relative difficulty of confirming or denying the accusation under the facts of a particular case. See id. at 690-91.
*1117 In general, cybersquatting is less easily detected than standard trademark infringement, both because it involves the consideration of intent and because it is less "transparent" than "handbags labeled Louis Vuitton and Gucci, cheaply made, lined with purple vinyl, and sold by itinerant peddlers at bargain-basement prices." See id. at 691 (citing Louis Vuitton S.A. v. Lee, 875 F.2d 584, 590 (7th Cir.1989)). This may be especially true where the trademark forming the basis of the cybersquatting allegation is unregistered. See id. Nonetheless, at this stage of the litigation, the court concludes that Solid Host has alleged sufficient facts to plead a claim for contributory liability for cybersquatting. Consequently, it denies Name-Cheap's motion to dismiss Solid Host's cybersquatting claim against it.[57]

C. Whether Solid Host Has Stated a Claim for Breach of Contract as a Third Party Beneficiary Against NameCheap

1. Legal Standard Governing Third Party Beneficiaries' Ability to Sue for Breach of Contract
Under California law, a third party may sue to enforce a contract if that party "can show that the contracting parties intended to benefit the third party and that the contract terms evidence that intent." Panavision International, L.P. v. Toeppen, 945 F.Supp. 1296, 1305 (C.D.Cal.1996) (citing Karo v. San Diego Symphony Orchestra Ass'n, 762 F.2d 819, 821-22 (9th Cir.1985), and Jones v. Aetna Casualty & Sur. Co., 26 Cal.App.4th 1717, 1724, 33 Cal.Rptr.2d 291 (1994)); see also Spinks v. Equity Residential Briarwood Apartments, 171 Cal.App.4th 1004, 1021, 90 Cal. Rptr.3d 453 (2009) ("California law permits third party beneficiaries to enforce the terms of a contract made for their benefit," quoting Principal Mutual Life Ins. Co. v. Vars, Pave, McCord & Freedman, 65 Cal. App.4th 1469, 1485, 77 Cal.Rptr.2d 479 (1998)).
The third party "need not be named or identified individually to be an express beneficiary." Spinks, 171 Cal. App.4th at 1023, 90 Cal.Rptr.3d 453 (quoting Kaiser Engineers, Inc. v. Grinnell Fire Protection Systems Co., 173 Cal. App.3d 1050, 1055, 219 Cal.Rptr. 626 (1985)). Rather, "[a] third party may enforce a contract where he shows that he is a member of a class of persons for whose benefit it was made." Id. (quoting Garratt v. Baker, 5 Cal.2d 745, 748, 56 P.2d 225 (1936)); see also Panavision International, 945 F.Supp. at 1305 ("The third party need not be mentioned by name in the contract but must at least be a member of a class referred to in the contract and intended to benefit from the contract," citing Karo, 762 F.2d at 821); Boliver v. Surety Co., 140 Cal.Rptr. 259, 72 Cal. App.3d Supp. 22, 27 (1977) ("It is not necessary that an express beneficiary be specifically identified in the contract; he may recover on it if he can show that he is one of a class of persons for whose benefit it was made"). As a result, determining whether a third party is an intended beneficiary of a contract requires "construction of the [contracting] parties' intent, gleaned from reading the contract as a whole in light of the circumstances under which it was entered." Hilderman v. Enea TekSci, Inc., 551 F.Supp.2d 1183, 1195 (S.D.Cal. 2008) (quoting Jones v. Aetna Cas. & Surety Co., 26 Cal.App.4th 1717, 1725, 33 Cal.Rptr.2d 291 (1994)); see also Spinks, 171 Cal.App.4th at 1022, 90 Cal.Rptr.3d 453 ("The test for determining whether a contract was made for the benefit of a *1118 third person is whether an intent to benefit a third person appears from the terms of the contract.... If the terms of the contract necessarily require the promisor to confer a benefit on a third person, then the contract, and hence the parties thereto, contemplate a benefit to the third person. The parties are presumed to intend the consequences of a performance of the contract," quoting Johnson v. Holmes Tuttle Lincoln-Merc., 160 Cal.App.2d 290, 297, 325 P.2d 193 (1958)). In conducting this inquiry, the court employs ordinary principles of contract interpretation. Spinks, 171 Cal.App.4th at 1023, 90 Cal. Rptr.3d 453.

2. Solid Host's Breach of Contract Claim
Solid Host's breach of contract claim is based on paragraph 3.7.7.3 of the ICANN agreement, which all accredited registrars must sign.[58] It provides:
"3.7.7 Registrar shall require all Registered Name Holders to enter into an electronic or paper registration agreement with Registrar including at least the following provisions: ...
3.7.7.3. Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm."[59]
Solid Host argues that it was an intended beneficiary of NameCheap's promise to "promptly disclose the identity" of the licensee for  once it provided "reasonable evidence of actionable harm," and that NameCheap breached this promise. Solid Host asserts that NameCheap made the promise by entering into the agreement with ICANN, and by entering into a separate agreement with eNom, which incorporated paragraph 3.7.7.3 of the ICANN agreement. NameCheap executed the eNom agreement when it became the "Registered Name Holder"i.e., the "registrant"of .[60]

3. Whether Solid Host Has Stated a Claim for Breach of the ICANN Agreement
In support of its motion to dismiss, NameCheap cites paragraph 5.10 of the ICANN agreement, which provides: "No Third-Party Beneficiaries. This Agreement shall not be construed to create any obligation by either ICANN or Registrar to any non-party to this Agreement, including any Registered Name Holder."[61] This provision unambiguously manifests *1119 the parties' intents not to benefit third parties. Moreover, paragraph 3.7.7.3 is not itself a term of the ICANN agreement; the agreement merely required that NameCheap include such a provision in future contracts between it and parties to whom it registered domain names. For these reasons, the court concludes that Solid Host has failed to state a claim for breach of the agreement between ICANN and NameCheap.

4. Whether Solid Host Has Stated a Claim for Breach of the Agreement Between eNom and NameCheap
Solid Host also alleges breach of a separate agreement between eNom and NameCheap that incorporated paragraph 3.7.7.3 of the ICANN agreement. This contract bound NameCheap to the substance of paragraph 3.7.7.3. The eNom/NameCheap agreement, however, is not before the court. Solid Host's complaint does not allege any facts regarding the formation of the contract, nor does it allege that either eNom or NameCheap had an intent to benefit trademark owners faced with cybersquatting by anonymous domain name licensees. Construing all allegations in Solid Host's favor, however, the court infers such intent from the language of paragraph 3.7.7.3, which is quoted in Solid Host's complaint.[62] Because they involve factual questions of intent, third party beneficiary claims are often not appropriate for resolution via motion to dismiss. See Hotel Employees and Restaurant Employees Local 2 v. Vista Inn Management Co., 393 F.Supp.2d 972, 986-87 (N.D.Cal.2005) ("Without consideration of the purchase agreement and other evidentiary submissions concerning the contracting parties' intent, this court has no basis on which to evaluate whether plaintiff was an intended third-party beneficiary. Such an inquiry depends ultimately on questions of fact that are inappropriate on the present motion to dismiss"); Barnett v. Carnival Corp., No. 06-22521-CIV, 2007 WL 1746900, *4 (S.D. Fla. June 15, 2007) ("The defendant correctly points out that intent, either expressed by the parties, or in the provisions of the contract, is one of the key factors in a third party beneficiary claim. To determine the parties' intent ... necessarily would require the Court to look at matters outside of the complaint. As such, the issue of intent is not appropriate for resolution on a motion to dismiss," citing Westinghouse Electric Supply Co. v. Wesley Construction Co., 414 F.2d 1280, 1281-82 (5th Cir. 1969) (reversing the district court's order dismissing a third party beneficiary claim)). Given the substance of paragraph 3.7.7.3, the court concludes, at this stage, that Solid Host has adequately alleged a breach of the eNom/NameCheap contract as a third party beneficiary. It therefore denies NameCheap's motion to dismiss Solid Host's third party beneficiary claim.[63]


*1120 D. Whether Solid Host Has Stated a UCL Claim Against NameCheap
Under the UCL, any person or entity that has engaged, is engaging, or threatens to engage "in unfair competition may be enjoined in any court of competent jurisdiction." CAL. BUS. & PROF.CODE §§ 17201, 17203. "Unfair competition" includes "any unlawful, unfair or fraudulent business act or practice and unfair deceptive, untrue or misleading advertising." Id., § 17200. The California Supreme Court has construed this term broadly. See Cel-Tech Communications, Inc. v. Los Angeles Cellular Telephone Co., 20 Cal.4th 163, 180, 83 Cal.Rptr.2d 548, 973 P.2d 527 (1999) ("[Section 17200] defines `unfair competition' to include any unlawful, unfair or fraudulent business act or practice.... Its coverage is sweeping, embracing anything that can properly be called a business practice and that at the same time is forbidden by law.... By proscribing any unlawful business practice, section 17200 borrows violations of other laws and treats them as unlawful practices that the unfair competition law makes independently actionable.... However, the law does more than just borrow. The statutory language referring to any unlawful, unfair or fraudulent practice ... makes clear that a practice may be deemed unfair even if not specifically proscribed by some other law. Because Business and Professions Code section 17200 is written in the disjunctive, it establishes three varieties of unfair competitionacts or practices which are unlawful, or unfair, or fraudulent" (internal quotations omitted)); see also Paulus v. Bob Lynch Ford, Inc., 139 Cal.App.4th 659, 676-77, 43 Cal.Rptr.3d 148 (2006) ("The purpose of the UCL is to protect both consumers and competitors by promoting fair competition in commercial markets for goods and services. Thus, the scope of the UCL is broad. It covers a wide range of conduct" (citations, internal quotation marks and footnote omitted)).
NameCheap's primary argument for dismissal of Solid Host's UCL claim is that the claim fails because it is based on Solid Host's cybersquatting claim. The court has concluded that Solid Host's complaint adequately pleads a cybersquatting claim against NameCheap on a contributory liability theory. Consequently, its derivative argument regarding the UCL claim is unavailing. Because Solid Host has sufficiently alleged that NameCheap engaged in a business practice that violated a law other than the UCL, i.e., the ACPA, it has stated an unfair competition claim. See, e.g., Aadventure Products, Inc. v. Simply Smashing, Inc., No. 07cv499 BTM(AJB), 2007 WL. 2775128, *3 (S.D.Cal. Sept. 20, 2007) (holding that plaintiff's UCL cause of action "state[d] a claim because ... [p]laintiff ha[d] sufficiently pled trade dress infringement and false advertising"); Smith v. State Farm Mut. Auto. Ins. Co., 93 Cal.App.4th 700, 717-18, 113 Cal.Rptr.2d 399 (2001) (the "unlawful" prong proscribes "anything that can be properly be called a business practice and that at the same time is forbidden by law" (internal quotations omitted)).
NameCheap asserts that Solid Host's UCL claim "is not adequately brought on behalf of the general public because it is unique and necessarily dependent upon the individual facts of [p]laintiff's own claim."[64]*1121 The court is not aware of any requirement that a UCL claim be brought on behalf of the general public or be independent of "the individual facts" of a particular plaintiffs claim. California courts have held that, in addition to actions brought on behalf of the general public, private actions under § 17200 may be maintained. See, e.g., CAL. BUS. & PROF.CODE § 17204 (providing that a § 17200 action may be brought "by a person who has suffered injury in fact and has lost money or property as a result of the unfair competition"); see also Hernandez v. Atlantic Finance Co., 105 Cal.App.3d 65, 72, 164 Cal.Rptr. 279 (1980) (noting that the statute permits a member of the public "to sue on his own behalf or on behalf of the public generally" (emphasis added)).
NameCheap cites Committee on Children's Television, Inc. v. General Foods Corp., 35 Cal.3d 197, 197 Cal.Rptr. 783, 673 P.2d 660 (1983), in support of its argument; it provides no pin cite, quotation, or discussion of the manner in which the opinion limits Solid Host's right to sue under § 17200, however. Childrens' Television held that, in enacting the UCL, "[t]he Legislature ... provided that suit may be brought by any person acting in his own behalf or on behalf of the general public." Id. at 215, 197 Cal.Rptr. 783, 673 P.2d 660 (emphasis original).[65] The case thus does not support NameCheap's position that UCL claims must be brought on behalf of the general public.
In its reply, NameCheap quotes the opinion in Gregory v. Albertson's, Inc., 104 Cal.App.4th 845, 854, 128 Cal.Rptr.2d 389 (2002), which states that "where a claim of an unfair act or practice is predicated on public policy ... the public policy which is a predicate to the action must be `tethered' to specific constitutional, statutory or regulatory provisions."[66] The application of this rule to the present case is unclear. Solid Host's claim is based on a specific statutory violation. The Gregory court was applying a rule derived from the California Supreme Court's opinion in Cel-Tech, 20 Cal.4th 163, 83 Cal.Rptr.2d 548, 973 P.2d 527; as it explained, the Cel-Tech court stated that the rule applied only to UCL claims based on "unfair" business practices, not "fraudulent" or "unlawful ones." See Cel-Tech, 20 Cal.4th at 187 n. 12, 83 Cal.Rptr.2d 548, 973 P.2d 527 ("Nothing we say relates to actions by consumers or by competitors alleging other kinds of violations of the unfair competition law such as `fraudulent' or `unlawful' business practices"); see also id. at 180, 83 Cal.Rptr.2d 548, 973 P.2d 527 (the UCL "establishes three varieties of unfair competitionacts or practices which are unlawful, or unfair, or fraudulent"). Accordingly, NameCheap's argument that Solid Host's claim is insufficient because it is not asserted on behalf of the general public *1122 fails. Similarly, its argument respecting the lack of a specific statutory provision on which the claim is based fails. As a result, the court concludes that the complaint states a claim for violation of the UCL.[67]

III. CONCLUSION
For the reasons stated, the court denies NameCheap's motion to dismiss.
NOTES
[1]  For convenience, the court refers to Name-Cheap, dba Whois Guard, as "NameCheap" and to Demand Media, dba eNom, as "eNom."
[2]  "ICANN has four mandates.... First, ICANN bears responsibility for overseeing the infrastructure of the Internet. Second, it bears responsibility for ensuring competition among domain name registrars of the TLDs. Third, ICANN bears partial responsibility for establishing domain name dispute resolution policies. And, fourth, ICANN bears responsibility for determining whether and when to add new TLDs." Lockheed Martin II, 141 F.Supp.2d at 651.
[3]  "Technically, WHOIS is not the database, itself, but a protocol for submitting a query to a database in order to find contact information for the owner of a domain name." Matthew Bierlin & Gregory Smith, Privacy Year in Review: Growing Problems with Spyware and Phishing, Judicial and Legislative Developments in Internet Governance, and the Impacts on Privacy, 1 I/S: J.L. & POL'Y FOR INFO. SOC'Y 279, 313 (2005). Because it is common to refer to the "Whois database," however, the court adopts that terminology.
[4]  Second Amended Complaint, ¶ 33.
[5]  Id., ¶¶ 29-31.
[6]  Second Amended Complaint, ¶ 6.
[7]  Id., ¶¶ 29, 30.
[8]  Id., ¶ 31. There are no allegations in the complaint suggesting that NameCheap acted as a registrar with regard to the domain name at issue in this case.
[9]  Id., ¶¶ 34, 37.
[10]  Id.
[11]  Id., ¶ 16.
[12]  Id., ¶ 13.
[13]  Id., ¶¶ 13-14.
[14]  Id., ¶ 10, 16-19.
[15]  Id., ¶ 19.
[16]  Id., ¶¶ 17, 20.
[17]  Id., ¶¶ 38, 53.
[18]  Id., ¶¶ 25-26.
[19]  Id., ¶ 21.
[20]  Id., ¶ 58.
[21]  Id., ¶ 60.
[22]  Id., ¶¶ 70-80.
[23]  Id., ¶ 82.
[24]  Id.
[25]  Id., ¶ 83.
[26]  Id., ¶ 84.
[27]  Id., ¶ 85.
[28]  Id., ¶ 86.
[29]  Id., ¶ 87.
[30]  Id., ¶ 95.
[31]  Id., ¶ 96. Although the analysis below suggests that Solid Host may encounter some difficulty proving its cybersquatting claim, the TRO application was based on claims not at issue in this motion.
[32]  Id.
[33]  Id., ¶ 97.
[34]  Defendant NameCheap, Inc.'s Notice of Motion and Motion to Dismiss Second Amended Complaint of Solid Host, NL ("Mot."). In addition, NameCheap argues that the permanent injunctive relief sought by Solid Host is "impractical." (Mot. at 14.) This argument does not address whether Solid Host's complaint states a claim, and is based on numerous factual assertions that are unsupported and outside the complaint. Accordingly, the court declines to address it. The court will consider the propriety of the injunctive relief sought in the complaint if it concludes that Solid Host is entitled to a permanent injunction.
[35]  The factors are:

"(I) the trademark or other intellectual property rights, if any, in the domain name;
(II) the extent to which the domain name consists of the legal name of the person or a name that is otherwise commonly used to identify that person;
(III) the person's prior use, if any, of the domain name in connection with the bona fide offering of any goods or services;
(IV) the person's bona fide noncommercial or fair use of the mark in a site accessible under the domain name;
(V) the person's intent to divert customers from the mark owner's online location to a site accessible under the domain name that could harm the goodwill represented by the mark, either for commercial gain or with the intent to tarnish or disparage the mark, by creating a likelihood of confusion as to the source, sponsorship, affiliation, or endorsement of the site;
(VI) the person's offer to transfer, sell, or otherwise assign the domain name to the mark owner or any third party for financial gain without having used, or having an intent to use, the domain name in the bona fide offering of any goods or services, or the person's prior conduct indicating a pattern of such conduct;
(VII) the person's provision of material and misleading false contact information when applying for the registration of the domain name, the person's intentional failure to maintain accurate contact information, or the person's prior conduct indicating a pattern of such conduct;
(VIII) the person's registration or acquisition of multiple domain names which the person knows are identical or confusingly similar to marks of others that are distinctive at the time of registration of such domain names, or dilutive of famous marks of others that are famous at the time of registration of such domain names, without regard to the goods or services of the parties; and
(IX) the extent to which the mark incorporated in the person's domain name registration is or is not distinctive and famous within the meaning of subsection (c)(1) of this section."
[36]  Mot. at 4.
[37]  Id. at 5-7.
[38]  Solid Host asserts that it "does not currently know whether [NameCheap] may have acted as [a registrar] in connection with the facts of this particular case." (Second Amended Complaint, ¶ 37.) None of the facts alleged in the complaint, however, indicates that SolidHost acted as a registrar, and, in its opposition to the motion to dismiss, Solid Host argues that it did not.
[39]  The order in which Doe made these changes, and the manner in which he accomplished them, is not clear.
[40]  A student commentator has observed that "no federal court has considered whether the sale of hidden Whois services can open a registrar to liability under the ACPA, and no court to date has applied the ACPA to instances in which the registrar appears as a registrant in the Whois database." Block, supra, at 443. The issue before the court is slightly different, as the comment does not address the possibility that a registrar might supply anonymity services separate and apart from its registration service. No court appears to have considered that scenario either.
[41]  Although it is not entirely clear from the court's opinion, Lockheed Martin apparently asserted claims against NSI both as a registrar and as a registry. As noted, these capacities are separate and distinct. As a registrar, NSI is one of numerous competing companies that processes domain name registration applications. As a registry, it maintains the centralized database of domain names for various TLD's. Lockheed Martin's allegations that NSI wrongly accepted registration of domain names appears to have concerned its actions as a registrar.
[42]  The Lanham Act defines "mark" as including "any trademark, service mark, collective mark, or certification mark." 15 U.S.C. § 1127. "Thus, there is no requirement that the protected `mark' be registered [at the time of suit]: unregistered common law marks are protected by the Act." 4 J. Thomas McCarthy, McCARTHY ON TRADEMARKS AND UNFAIR COMPETITION § 25:78, at 295-96 (4th ed., Release # 39, 2006)); see also Kendall-Jackson Winery, Ltd. v. E. & J. Gallo Winery, 150 F.3d 1042, 1047 n. 7 (9th Cir.1998) ("Registration is not a prerequisite for protection under § 43(a)," citing Two Pesos, Inc. v. Taco Cabana, Inc., 505 U.S. 763, 768, 112 S.Ct. 2753, 120 L.Ed.2d 615 (1992)).
[43]  Trademarks fall into four categories of distinctiveness: (1) generic, (2) descriptive, (3) suggestive, and (4) arbitrary or fanciful. Japan Telecom, Inc. v. Japan Telecom Am. Inc., 287 F.3d 866, 872 (9th Cir.2002) (quoting Self-Realization Fellowship Church v. Ananda Church of Self-Realization, 59 F.3d 902, 911 (9th Cir.1995), and Levi Strauss & Co., 632 F.2d at 820). Generic marks contain "common words or phrases that `describe a class of goods rather than an individual product,'" and thus cannot be protected as trademarks because they do not relate exclusively to the trademark owner's product. Id. (citing New Kids on the Block v. News Am. Publ'g, 971 F.2d 302, 306 (9th Cir.1992)). "Descriptive terms directly describe the quality or features of the product." Brookfield Communications v. West Coast Entertainment Corp., 174 F.3d 1036, 1058 n. 19 (9th Cir.1999). Descriptive marks "suffer from the same problem" as generic marks. Japan Telecom, Inc., 287 F.3d at 872. Although descriptive terms relate more directly to a particular product than do generic terms, since they "describe[] a person, a place or an attribute of [the] product," they do not support the grant of an exclusive property right "[b]ecause they tend to consist of common words that might be the only way to describe [the] category of goods." Id.; see also Kendall-Jackson Winery, 150 F.3d at 1047 n. 8 ("Descriptive marks define qualities or characteristics of a product in a straightforward way that requires no exercise of the imagination to be understood"). Descriptive marks may be protected, however, if they acquire secondary meaning, i.e., if consumers come to associate them with the trademark owner's goods or services. See Rudolph Intern., Inc. v. Realys, Inc., 482 F.3d 1195, 1197-98 (9th Cir.2007) ("Descriptive terms `generally do not enjoy trademark protection' but may be protected if they acquire `"secondary meaning" in the minds of consumers, i.e., [they] become distinctive of the trademark applicant's goods in commerce'").

Terms that are suggestive, or arbitrary and fanciful, by contrast, are inherently distinctive, and protectable as trademarks. Japan Telecom, 287 F.3d at 872 (noting that such terms are protectable "without a showing of secondary meaning"); see also Yellow Cab Co. of Sacramento v. Yellow Cab of Elk Grove, Inc., 419 F.3d 925, 92.7 (9th Cir.2005) (suggestive, arbitrary, and fanciful marks are "deemed inherently distinctive and are automatically entitled to protection because they naturally serve to identify a particular source of a product" (citations and quotations omitted)). A suggestive mark "conveys an impression of a good [or service] but requires the exercise of some imagination and perception to reach a conclusion as to the product's nature." Brookfield Communications, 174 F.3d at 1058 n. 19 (use of "Roach Motel" to describe insect traps is suggestive); see also Kendall-Jackson Winery, 150 F.3d at 1047 n. 8 (a suggestive mark is one for which "a consumer must use imagination or any type of multistage reasoning to understand the mark's significance, [because] the mark does not describe the product's features, but suggests them" (emphasis original)). "If the mental leap between the word and the product's attribute is not almost instantaneous, this strongly indicates suggestiveness, not direct descriptiveness." Self-Realization Fellowship Church, 59 F.3d at 911 (quoting 1 J. Thomas McCarthy, McCARTHY ON TRADEMARKS AND UNFAIR COMPETITION § 11.21[1], at 11-108 to -109 (3d ed., Release # 3, 1994)). Here, the parties dispute whether the "Solid Host" mark is suggestive or merely descriptive. The court need not resolve this issue, as the complaint sufficiently pleads that the mark has acquired secondary meaning.
[44]  Second Amended Complaint, ¶ 116.
[45]  Id., ¶¶ 13-14.
[46]  Id., ¶ 116.
[47]  Mot. at 8.
[48]  Second Amended Complaint, ¶ 121
[49]  Id., ¶¶ 122-123.
[50]  Id., ¶ 127.
[51]  NameCheap appears to argue that it acted in good faith because Solid Host requested return of the domain name informally, and did not pursue NameCheap's formal dispute resolution policy. (Mot. at 6.) This argument relies on facts outside the complaint; Solid Host alleges, in fact, that NameCheap did not direct Solid Host to a formal dispute resolution process, but requested further evidence, which Solid Host provided.
[52]  The court's conclusion that the "bad faith" alleged in Solid Host's complaint is outside ACPA's scope is supported by the fact that, in enacting the statute, Congress addressed the anonymous registration of domain names. After weighing competing concerns regarding privacy rights and protection against anonymous cybersquatters, Congress concluded that creating in rem jurisdiction over domain names struck an appropriate balance between the two. See Lucent Technologies, Inc. v. Lucentsucks.com, 95 F.Supp.2d 528, 530 (E.D.Va.2000) ("Supporters of the ACPA were particularly concerned about anonymous trademark violators on the Internet. That is, they were troubled by the increasing trend of individuals registering domain names in violation of trademark rights and then eluding trademark enforcement because they could not be found. The Senate Judiciary Committee observed: `A significant problem faced by trademark owners in the fight against cybersquatting is the fact that many cybersquatters register domain names under aliases or otherwise provide false information in their registration applications in order to avoid identification and service of process by the mark owner.' Sen. Rep. No. 106-140, at 4 (1999). The Judiciary Committee believed that including an in rem provision in the ACPA would alleviate the problem of anonymous cybersquatters, by allowing a mark owner to file an action against the domain name itself, provided it satisfied the court that it exercised due diligence in trying to locate the owner of the domain name but could not do so. Id."); Charles McKenney and George F. Long III, 2 FEDERAL UNFAIR COMPETITION: LANHAM ACT 43(a), Appx. H, Selective Excerpts from the Legislative History Regarding the ACPA (1999) ("Additionally, some have suggested that dissidents or others who are online incognito for similar legitimate reasons might give false information to protect themselves and have suggested the need to preserve a degree of anonymity on the Internet particularly for this reason. Allowing a trademark owner to proceed against the domain names themselves, provided they are, in fact, infringing or diluting under the Trademark Act, decreases the need for trademark owners to join the hunt to chase down and root out these dissidents or others seeking anonymity on the Net. The approach in this bill is a good compromise, which provides meaningful protection to trademark owners while balancing the interests of privacy and anonymity on the Internet" (testimony of Sen. Hatch, 106th Congress, Aug. 5, 1999)).
[53]  Solid Host also alleges that NameCheap was Doe's "agent." (Second Amended Complaint, ¶ 19.) It is not clear whether Solid Host contends that this provides a basis for holding NameCheap liable for Doe's actions. Even if it does, Solid Host has not alleged any facts indicating the existence of an agency relationship between NameCheap and Doe. "To allege an agency relationship, a plaintiff must allege: (1) that the agent or apparent agent holds power to alter legal relations between [the] principal and third persons and between [the] principal and himself; (2) that the agent is a fiduciary with respect to matters within [the] scope of [the] agency; and (3) that the principal has right to control [the] conduct of [the] agent with respect to matters entrusted to him." Palomares v. Bear Stearns Residential Mortg. Corp., No. 07cv01899 WQH (BLM), 2008 WL 686683, *4 (S.D.Cal. Mar. 13, 2008) (citing Garlock Sealing Technologies LLC v. NAK Sealing Technologies Corp., 148 Cal.App.4th 937, 965, 56 Cal.Rptr.3d 177 (2007)); see also Yalter v. Endocare, Inc., No. SACV03 80 DOC (MLGX), 2004 WL 5237598, *5-6 (C.D.Cal. Nov. 8, 2004) ("The essential characteristics of an agency relationship are as follows: (1) An agent or apparent agent holds a power to alter the legal relations between the principal and third persons and between the principal and himself; (2) an agent is a fiduciary with respect to matters within the scope of the agency; and (3) a principal has the right to control the conduct of the agent with respect to matters entrusted to him," citing Alvarez v. Felker Mfring. Co., 230 Cal.App.2d 987, 999, 41 Cal.Rptr. 514 (1964)). Additionally, an agency relationship would not make NameCheap, as the agent, vicariously liable for the torts of its principal, Doe. Rather, vicarious liability runs in the opposite direction. See Rookard v. Mexicoach, 680 F.2d 1257, 1261 (9th Cir.1982) ("[I]f Mexicoach was the agent of Del Pacifico, it has no liability for the torts of its principal.... An agent, absent fault on his part, cannot be vicariously liable for the wrongful acts of his principal"); DeRoche v. Commodore Cruise Line, Ltd., 31 Cal.App.4th 802, 810, 46 Cal.Rptr.2d 468 (1994) ("IMS, as Commodore's travel agent, has no liability for the torts, if any, of its principal and, absent fault on its own part, cannot be vicariously liable for the wrongful acts of its principal"); cf. Palomares, 2008 WL 686683 at *4 ("Principals are liable for the tortious acts of their agents committed within the scope of the agency," citing Holley v. Crank, 400 F.3d 667, 673 (9th Cir.2005), and RESTATEMENT (THIRD) OF AGENCY § 7.03 (2006)).
[54]  Lockheed Martin was decided prior to the enactment of the ACPA, which immunized registrars from liability for accepting registrations. See 15 U.S.C. § 1114(2)(D) and discussion, supra, part II.B.2.
[55]  Second Amended Complaint, ¶ 17.
[56]  Id., ¶¶ 84, 127.
[57]  If NameCheap utilizes a formal dispute resolution process to resolve complaints about anonymous cybersquatters, as it contends it does, that may also be a factor weighing in its favor in conducting the exceptional circumstances analysis.
[58]  Second Amended Complaint, ¶¶ 166-169.
[59]  Request for Judicial Notice in Support of Defendant NameCheap, Inc.'s Motion to Dismiss ("RJN") at 10. NameCheap has submitted a copy of the ICANN agreement with its motion to dismiss. (Id.) Because Solid Host relies on the ICANN agreement, refers to the agreement in its complaint, and does not dispute the authenticity of the copy submitted by NameCheap, the court may consider the agreement under the incorporation by reference doctrine. See Marder, 450 F.3d at 448. Because the incorporation by reference doctrine applies, the court need not decide whether the agreement is also a proper subject of judicial notice.
[60]  Second Amended Complaint, ¶¶ 166-169.
[61]  RJN at 20.
[62]  See Second Amended Complaint, ¶ 166.
[63]  The court recognizes that the district court in Panavision International, addressing a factual scenario similar to this one, concluded, on a motion for summary judgment, that the dispute resolution policy set forth in an agreement between a registrar and a domain name registrant was not intended to benefit trademark owners, but only to protect the registrar. See Panavision International, 945 F.Supp. at 1305 ("The portions of the Toeppen-NSI contract that Panavision claims created third-party rights are found in NSI's domain name dispute policy (`Policy'). However, nothing in the Policy evidences an intent to benefit intellectual property owners. It is clear beyond question that the Policy's sole purpose is to protect NSI. Indeed, as Panavision itself stated in its opposition to defendant NSI's motion to dismiss: `NSI has chosen to take absolutely no action whatsoever to ensure that the domain names it registers do not violate the rights of third parties. In fact, NSI has repeatedly represented that it is out to protect no interests but its own.' Although third-party contract issues are questions of intent and therefore not generally amenable to summary judgment, Panavision has not established any genuine issue of material fact with regard to this claim. The Court finds that a jury could not reasonably infer that the Toeppen-NSI contract was intended to benefit intellectual property owners"). Because the contract in question here is not presently before the court, it cannot conclude, as did the Panavision court, that NameCheap and eNom did not intend to confer rights on third parties such as Solid Host.
[64]  Mot. at 13.
[65]  Proposition 64, passed by California voters in 2004, amended the UCL to bar persons from suing as "private attorneys general," or from suing on behalf of others, absent a showing that they themselves had suffered injury as a result of the allegedly unfair business practice. See CAL. BUS. & PROF.CODE § 17204; Paulus, 139 Cal.App.4th at 677 n. 13, 43 Cal. Rptr.3d 148 ("California's electorate narrowed the scope of the UCL in 2004 by passing Proposition 64.... Proposition 64's provisions includedby amendment to Business and Professions Code section 17204the elimination of the right of a person `acting for the interests of itself, its members or the general public' to bring a UCL suit, changing the language of the statute to read that a person could bring suit only if the person `has suffered injury in fact and has lost money or property as a result of such unfair competition.' (Ballot Pamp., Gen. Elec. (Nov. 2, 2004) text of Prop. 64, § 3, p. 109)").
[66]  Defendant NameCheap, Inc.'s Reply in Support of Motion to Dismiss Second Amended Complaint of Solid Host, NL ("Reply") at 12.
[67]  Citing Norwest Mortgage, Inc. v. Superior Court, 72 Cal.App.4th 214, 222-23, 85 Cal. Rptr.2d 18 (1999), NameCheap argues that the UCL does not apply "to claims of non-California residents injured by conduct occurring beyond California's borders." See also Churchill Village, L.L.C. v. General Elec. Co., 169 F.Supp.2d 1119, 1126 (N.D.Cal.2000) ("[S]ection 17200 does not support claims by non-California residents where none of the alleged misconduct or injuries occurred in California," citing Norwest, 72 Cal.App.4th at 222, 85 Cal.Rptr.2d 18). (Reply at 13.) The complaint alleges, however, that NameCheap's dba, Whois Guard, which provided the anonymity service to Doe, conducts its business from California. (Second Amended Complaint, ¶ 7.) Based on the allegations in the complaint, therefore, the conduct at issue occurred in California.
