5 May, 2026

WIPO Orders Transfer of onlyfriendsfans.fun to Protect OnlyFans Community Trust

UDRP Cases

Fenix International Limited, owner of the social media platform OnlyFans, successfully secured the transfer of the disputed domain onlyfriendsfans.fun in a WIPO UDRP proceeding. The sole panelist ruled that the respondent, Dammika Pathirana, registered and used the domain in bad faith without any legitimate rights. The decision prevents potential customer confusion among the platform’s massive global user base.

Case Snapshot

Case Number D2025-5144
Complainant Fenix International Limited
Respondent Dammika Pathirana
Disputed Domain
onlyfriendsfans.fun
Threat Tactic Brand Plus Keyword
Decision Date 2026-01-28
Panelist Pablo A. Palazzi
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5144

Brand-Adjacent Spoofing and the Vulnerability of Massive Digital Communities

The registration of onlyfriendsfans.fun on September 17, 2025, by Respondent Dammika Pathirana, illustrates the strategic risk posed by brand-plus-keyword tactics targeting high-traffic platforms. Fenix International Limited, owner of the ONLYFANS trademark (including UK Registration No. UK00917912377, registered on January 9, 2019), operates a social media network that grew to exceed 305 million registered users in 2025. By combining the famous mark with confusingly similar terms under a default WordPress installation titled ‘Only Friends’, the Respondent established an unauthorized brand-adjacent touchpoint. Although the domain resolved to a default hosting landing page with no substantive content, this passive holding pattern represents a volatile threat that risks diluting the distinctive nature of the Complainant’s brand.

From a customer trust perspective, brand-adjacent domains present immediate operational risks to security and support teams. While the record contains no evidence of active email campaigns or direct fraud initiated from this specific domain, the potential for credential harvesting or phishing remains a continuous threat. Unsuspecting creators and subscribers could easily mistake an ‘Only Friends’ variant for an official affiliate or secondary platform. If a domain like onlyfriendsfans.fun is left unchecked and subsequently transitions into an active threat vector, the resulting security incidents can significantly escalate customer support overhead, increase trust-building expenses, and damage user confidence within the brand’s primary digital ecosystem.

Strategic Preemption of Brand-Plus-Keyword and Passive Holding Threats

Fenix International Limited’s successful enforcement strategy relied on establishing a strong temporal priority and demonstrating the global renown of the ONLYFANS mark. By presenting United Kingdom Registration No. UK00917912377, registered on January 9, 2019, the Complainant proved its rights predated the registration of onlyfriendsfans.fun on September 17, 2025, by more than six years. Additionally, the Complainant reinforced its case by referencing its massive operational scale of over 305 million registered users in 2025, alongside a track record of over 150 past favorable WIPO decisions. This substantial evidence of brand recognition made the Respondent’s default even more damaging to their position, as the Panel could easily infer that the Respondent registered the domain with full awareness of the ONLYFANS mark.

The case highlights how brand owners can successfully combat brand-plus-keyword domains even when they are held passively. Although onlyfriendsfans.fun merely resolved to a default WordPress installation with the title ‘Only Friends’ and no active phishing or email campaigns were documented, the Complainant did not wait for active fraud to occur. Securing a transfer under these circumstances demonstrates that passive holding of highly similar brand variants constitutes bad faith when the underlying trademark is extensively well-known. Proactively securing these adjacent domains mitigates the risk of credential harvesting and brand dilution, ultimately protecting the platform’s massive global user base and reducing customer support overhead.

Practical Recommendations

  • Implement proactive domain monitoring systems configured to flag ‘brand-plus-keyword’ variations (such as inserting generic terms like ‘friends’ alongside core trademarks) specifically targeting alternative gTLDs like ‘.fun’.
  • Initiate swift UDRP actions against confusingly similar domains even if they resolve to default WordPress or ‘under construction’ pages, citing established panel consensus that passive holding of a highly famous mark constitutes bad faith.
  • Leverage and document a robust track record of previous UDRP victories and registered trademark portfolios in complaints to establish a clear pattern of brand fame and facilitate expedited decisions when respondents default.
  • Integrate flagged brand-adjacent domains into internal threat intelligence feeds to alert customer support and trust-and-safety teams of potential lookalike channels before they can be weaponized for phishing or credential harvesting.
  • Incorporate high-risk generic TLDs into defensive registration strategies for core brand terms, limiting the availability of low-cost, high-reach domains to unauthorized registrants seeking to exploit massive user bases.

Frequently Asked Questions (FAQ)

Why was the domain ‘onlyfriendsfans.fun’ considered confusingly similar to the OnlyFans trademark?

The Panel determined that the disputed domain creates a high risk of confusion by incorporating the ‘ONLYFANS’ mark alongside the term ‘onlyfriends’, leveraging the phonetic and structural similarity to the Complainant’s globally recognized social media brand.

What evidence did the Panel use to establish bad faith, given the site only contained a default WordPress installation?

The Panel concluded that the registration and passive holding of the domain constituted bad faith, citing the significant renown of the ONLYFANS mark and the fact that the Respondent offered no legitimate justification or response for its activities.

Did the Respondent provide any evidence of rights or legitimate interests in the domain?

No. The Respondent failed to submit a formal response to the Complainant’s contentions throughout the administrative proceeding, leading the Panel to find that the Respondent possessed no rights or legitimate interests in the disputed domain.

How does this decision protect the OnlyFans community?

By securing the transfer of the domain, Fenix International Limited successfully mitigates the risk of potential phishing, credential harvesting, or brand dilution, thereby safeguarding its 305 million registered users from deceptive brand-adjacent touchpoints.

Stop Brand-Plus-Keyword Abuse

Protect your digital presence from unauthorized domains that leverage your trademark to mimic your platform. Our experts can help you assess and address brand-plus-keyword risks before they impact your users.

Assess brand threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.