Trademarks

Re-Registration as Cybersquatting: Prudential v. Shenzhen Stone and the Reach of the ACPA

The Fourth Circuit held that a domain 'registration' actionable under the Anticybersquatting Consumer Protection Act includes later re-registrations, then sustained in rem jurisdiction over PRU.COM and a bad-faith finding against its Chinese owner.

April 13, 2026
Browser address bar showing a dot-com domain over a corporate office backdrop
The court treated each successive registration of PRU.COM as a fresh opportunity for cybersquatting liability. Shutterstock
Educational content, not legal advice. This article explains general legal concepts. It does not create an attorney–client relationship. For your specific situation, consult a licensed attorney.

When Shenzhen Stone Network Information Ltd. paid $100,000 for PRU.COM in October 2017, it bought a domain that an unaffiliated Texas company had registered years before Prudential ever trademarked the term PRU. That timing was the heart of its defense—and the Fourth Circuit rejected it. In The Prudential Insurance Company of America v. Shenzhen Stone Network Information Ltd., No. 21-1823 (4th Cir. Jan. 24, 2023) (appeal from E.D. Va., No. 1:20-cv-00450-TSE-MSN), a unanimous panel held that the word “registers” in the Anticybersquatting Consumer Protection Act (“ACPA”) reaches not just the original registration of a domain name but every subsequent re-registration. Judge Thacker, joined by Judge Diaz and Senior Judge Floyd, affirmed summary judgment for Prudential, sustained in rem jurisdiction over the domain in the Eastern District of Virginia, and found bad faith across the statute’s nine-factor framework. The opinion is the clearest circuit-level synthesis to date of how the ACPA’s registration concept, its jurisdictional architecture, and its safe harbor fit together.

At a glance

  • Case: The Prudential Insurance Company of America v. Shenzhen Stone Network Information Ltd., No. 21-1823 (4th Cir.).
  • Decided: January 24, 2023 (published); argued December 8, 2022. Judge Thacker wrote for a unanimous panel (Diaz, Floyd).
  • Below: Senior District Judge T.S. Ellis, III (E.D. Va.) granted summary judgment to Prudential and ordered transfer of PRU.COM.
  • Holding 1 (registration): The ACPA’s term “registers” and its derivatives encompass the initial registration and any later re-registration; a successive registration postdating the mark can supply the basis for liability. The Fourth Circuit joined the Third and Eleventh Circuits and split from the Ninth.
  • Holding 2 (jurisdiction): Whether a plaintiff can obtain in personam jurisdiction over a “suitable defendant” is assessed at the time the ACPA complaint is filed; a foreign registrant cannot defeat in rem jurisdiction by later consenting to suit elsewhere.
  • Holding 3 (merits): Under the totality of the circumstances, Shenzhen Stone acted with a bad-faith intent to profit and could not invoke the ACPA’s safe harbor.

The Anticybersquatting Consumer Protection Act

Congress enacted the ACPA, codified at 15 U.S.C. § 1125(d), to curb the practice of registering domain names that incorporate others’ trademarks in order to extort the mark owners or to divert their customers. The statute creates two enforcement tracks. A mark owner may bring an in personam action against a “suitable defendant”—a person over whom the court has personal jurisdiction—who registers, traffics in, or uses a domain name that is identical, confusingly similar to, or dilutive of a distinctive or famous mark, with a bad-faith intent to profit. § 1125(d)(1)(A). Alternatively, if the owner cannot establish personal jurisdiction over the current holder or cannot locate that holder, it may bring an in rem action against the domain name itself in the judicial district where the registry or registrar is located. § 1125(d)(2)(A).

The merits elements are spare. To prevail on a cybersquatting claim a plaintiff must show that the defendant (1) had a bad-faith intent to profit from the domain, and (2) registered, trafficked in, or used a domain that is identical or confusingly similar to, or dilutive of, a distinctive or famous mark. Here the second element was conceded—PRU.COM is identical to the registered PRU mark—so the appeal turned on bad faith, on the meaning of “registers,” and on jurisdiction.

The interpretive fight over “registers” was an issue of first impression in the Fourth Circuit. Shenzhen Stone argued that because the original Texas registrant created PRU.COM before Prudential’s 2002 U.S. registration of PRU, the only relevant registration occurred in good faith and the chain could never be tainted by what a later buyer did. The court traced the circuit split. In Schmidheiny v. Weber, 319 F.3d 581 (3d Cir. 2003), the Third Circuit held that “registration” is not limited to the initial creation, reasoning that a transfer to a new registrar and a new registrant is a new contract—a fresh registration—and that the contrary rule would let pre-ACPA registrations be bought and sold “ad infinitum” to evade the statute. The Eleventh Circuit agreed in Jysk Bed’N Linen v. Dutta-Roy, 810 F.3d 767 (11th Cir. 2015), holding that “a re-registration is, by definition, a registration” and that exempting bad-faith re-registrations would be “nonsensical.” The Ninth Circuit went the other way in GoPets Ltd. v. Hise, 657 F.3d 1024 (9th Cir. 2011), worrying that treating re-registrations as registrations would render domain names “effectively inalienable.”

The Fourth Circuit sided with the majority view. Beginning with text, it noted that the ACPA does not define “register,” so the court gave the word its ordinary meaning: to “re-register” simply means “to register again,” and nothing in the statute confines “registers” to an initial or creation registration. Reading the term to exclude re-registrations, the panel reasoned, would frustrate Congress’s express purpose of curtailing abusive registrations that harm commerce and consumers. Crucially, the court answered the Ninth Circuit’s alienability concern not by narrowing the word “registration” but by relocating the safety valve to the bad-faith inquiry: a registrant who merely renews a domain, switches registrars, or makes a nominal ownership change does not act with bad-faith intent, so “where there is no bad faith, there is no liability.” Thus, the court held, “registers” and its derivatives extend to each registration, and where a successive registration postdates the corresponding trademark, the owner may try to prove that the later registration was made in bad faith.

The nine bad-faith factors

Section 1125(d)(1)(B)(i) lists nine nonexclusive factors a court “may consider” in assessing bad faith, but the statute is not a scorecard. As the panel reiterated, no single factor is dispositive and they are not simply tallied; the court instead views the totality of the circumstances. The district court had found that all nine favored Prudential, and the Fourth Circuit walked through each “for completeness.”

Factors one through four pointed decisively at Shenzhen Stone: it held no trademark or other rights in PRU.COM (factor one); it was not commonly known as PRU (factor two); it had never used the domain for any bona fide commercial offering—the page resolved only to a GoDaddy parked page displaying pay-per-click ads, which the court agreed is not a bona fide use (factor three); and it had made no noncommercial or fair use of the mark (factor four). On factor three the court rejected the company’s claim that its plans to build a foreign-exchange news product counted as “prior use,” emphasizing that the statute looks to actual prior use, not promised future use—a rule that prevents cybersquatters from manufacturing intent—and that the proffered development documents, many unauthenticated, were never made publicly accessible at the site.

Factor five (intent to divert) favored Prudential through inference: PRU.COM is identical to the PRU mark; Shenzhen Stone offered no persuasive reason why a forex news service would be branded “PRU”; and the parked page displayed advertisements for Prudential’s competitors. The court brushed aside the company’s claim that it neither controlled nor knew of those ads, observing that as a GoDaddy customer since 2012 with more than 100 domains, it knew parking was the default, knew parked pages carry advertisements, and could have redirected the domain at any time. Bare, self-serving denials “absent objective corroboration” cannot defeat summary judgment.

Factor six (offers to sell) was the one place the panel disagreed with the district court, finding a genuine dispute about whether Shenzhen Stone affirmatively offered to sell PRU.COM for a six-figure sum or merely rejected Prudential’s offers to buy—but it deemed the point “ultimately inconsequential.” Factor seven (false or misleading contact information) cut hard against the company: it had listed “Bailun” rather than Shenzhen Stone as the registrant organization, used a privacy proxy until the UDRP filing forced disclosure, and then twice changed the GoDaddy registrant name after notice of the dispute—conduct the court read as an effort to conceal the true owner. Factor eight (a pattern of registrations) was damning: Shenzhen Stone’s portfolio included domains matching well-known American marks such as “yelp,” “quora,” and “chrome,” evidence of “a desire to squat on domain names rather than use them.” Factor nine (distinctiveness and fame) favored Prudential given its longstanding registered PRU mark and its NYSE ticker “PRU,” which a leading forex-data company sourcing from Bloomberg and Reuters could not plausibly claim ignorance of.

In rem jurisdiction and the relationship to the UDRP

Because Shenzhen Stone is a Chinese company operating almost exclusively in China, Prudential proceeded in rem against the domain after the district court dismissed CEO Frank Zhang for lack of personal jurisdiction. The Fourth Circuit affirmed that path. Zhang was not a “suitable defendant” because, by his own and the company’s repeated admissions, Shenzhen Stone—not Zhang individually—owned PRU.COM; a corporate officer generally lacks standing to defend the corporation’s property. Nor did Zhang’s GoDaddy registration agreement or Prudential’s UDRP submission manufacture personal jurisdiction in Arizona: those provisions govern only challenges to an adverse UDRP decision, and Prudential had voluntarily terminated the World Intellectual Property Organization (WIPO) proceeding before any decision issued. With no suitable in personam defendant available, the in rem action properly lay in the Eastern District of Virginia, where VeriSign, the .com registry, sits.

The panel then resolved a timing question with practical bite. It held that whether a plaintiff can obtain personal jurisdiction over a suitable defendant is assessed at the time the complaint is filed, analogizing to the settled rule that diversity jurisdiction is measured at filing. Otherwise, the court warned, any foreign registrant could defeat in rem jurisdiction simply by consenting to personal jurisdiction in a forum of its choosing after being sued—exactly the manipulation Congress anticipated when it created the in rem remedy for cyberpirates hiding behind offshore identities. Notably, Zhang’s belated consent to Arizona jurisdiction, offered more than a month after suit was filed, could not retroactively unwind the in rem basis.

The opinion also clarifies the ACPA’s relationship to the UDRP. The UDRP is a contractual, administrative dispute-resolution process built into domain registration agreements and administered by providers like WIPO; it is designed to resolve large volumes of disputes quickly without litigation. But it is not a substitute for, and does not displace, judicial relief. As the court emphasized, the UDRP “explicitly anticipates that judicial proceedings will continue” under applicable national law, and an ACPA claim is “wholly separate” from the administrative process. A trademark owner can therefore abandon a pending UDRP proceeding and pursue the ACPA’s stronger remedies—including transfer of the domain—without being bound by the UDRP’s jurisdictional stipulations.

The safe harbor

The ACPA’s safe harbor provides that bad-faith intent “shall not be found” where the defendant “believed and had reasonable grounds to believe that the use of the domain name was a fair use or otherwise lawful.” § 1125(d)(1)(B)(ii). The Fourth Circuit construes that provision narrowly, reasoning that “[a]ll but the most blatant cybersquatters” can articulate some lawful motive, and that a defendant who acts “even partially in bad faith” cannot claim its protection. Shenzhen Stone failed both the subjective and objective prongs. Subjectively, its denials of knowledge were uncorroborated and were contradicted by its own conduct—it had planned and filed PRU trademark applications in several countries, and a “Notice of Non-Affiliation” disclaiming any connection to Prudential appeared on its own materials, betraying awareness of the mark. Objectively, a forex-focused company that registered hundreds of English-language domains through an American registrar, several matching famous American brands, had no reasonable basis to believe that grabbing a domain identical to a stock ticker and a mark registered in more than twenty countries was lawful. Constructive notice under 15 U.S.C. § 1072 reinforced the point.

Open questions

  • How nominal is “nominal”? The court relocated GoPets’s alienability concern to the bad-faith inquiry, suggesting that routine renewals and minor ownership changes are safe. But the opinion does not draw a bright line between a benign re-registration and one that reopens liability—an issue that will recur whenever domains change hands among affiliates.
  • What about good-faith purchasers of legacy domains? Shenzhen Stone’s conduct was egregious, but the registration holding sweeps in any buyer of a pre-existing domain whose mark postdates the original registration. A genuinely innocent acquirer must now rely on the bad-faith factors and the safe harbor rather than on the timing of the first registration.
  • Does the Ninth Circuit hold? With the Third, Fourth, and Eleventh Circuits aligned against the Ninth, the split is lopsided but unresolved by the Supreme Court, leaving forum and registry location strategically significant.
  • Factor six’s contours. By finding a fact dispute on whether rejecting purchase offers constitutes an “offer to sell,” the panel left open how courts should treat sophisticated holders who avoid express sale listings.

Implications

  • Acquisition due diligence matters. Buyers of aftermarket domains cannot assume that a pre-existing, good-faith original registration insulates them; their own intent at acquisition and re-registration is squarely in play in the Third, Fourth, and Eleventh Circuits.
  • Parking pages are evidence. Allowing a domain identical to a mark to resolve to a pay-per-click page displaying competitors’ ads supports inferences of both non-use and intent to divert—even if the registrar selects the ads.
  • Portfolio composition is discoverable and damaging. A pattern of registering domains matching famous marks (here, “yelp,” “quora,” “chrome”) drives factor eight and undercuts any claimed good faith.
  • In rem is a durable remedy against foreign cybersquatters. Measuring jurisdiction at filing forecloses the tactic of belated consent elsewhere, and a U.S.-based registry like VeriSign anchors venue in the Eastern District of Virginia.
  • The UDRP and the ACPA are complementary. A mark owner can withdraw a WIPO proceeding and litigate under the ACPA for transfer without being bound by UDRP jurisdictional stipulations.
  • Contact-information games backfire. Proxy services and post-dispute registrant changes feed factor seven and the bad-faith totality.

Frequently asked questions

Does buying an existing domain expose the purchaser to ACPA liability even if the first owner registered it innocently? In the Third, Fourth, and Eleventh Circuits, yes—potentially. After Prudential, “registers” includes re-registrations, so a purchaser’s acquisition of a domain whose corresponding trademark predates the purchase can be the registration the court scrutinizes. Liability still requires a bad-faith intent to profit, which is where good-faith buyers must make their stand.

Why was Prudential able to sue the domain name itself rather than its owner? Shenzhen Stone is a Chinese company with no U.S. presence, and its CEO was dismissed for lack of personal jurisdiction. Under 15 U.S.C. § 1125(d)(2)(A), when no suitable in personam defendant is available, the mark owner may bring an in rem action against the domain in the district where the registry sits—here, the Eastern District of Virginia, home of VeriSign. The court also held that the availability of personal jurisdiction is judged as of the filing date, so the owner could not defeat in rem jurisdiction by later consenting to suit elsewhere.

Did the failed UDRP proceeding prevent Prudential from going to federal court? No. The UDRP is a contractual administrative process that expressly leaves room for parallel judicial proceedings. Prudential voluntarily terminated its WIPO case and pursued the ACPA, and the court held the UDRP’s jurisdictional stipulations did not bind it in the separate federal action.

Authorities and sources