iFinex Inc. v. Sergey Valerievich Kireev / Kireev
Claim Number: FA1709001750446
Complainant is iFinex Inc. (“Complainant”), represented by Julianne A. Henley of Garvey Schubert Barer, Washington, USA. Respondent is Sergey Valerievich Kireev / Kireev (“Respondent”), Russia.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <bitfienex.com>, registered with CNOBIN INFORMATION TECHNOLOGY LIMITED.
The undersigned certifies he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Houston Putnam Lowry, Chartered Arbitrator, as Panelist.
Complainant submitted a Complaint to the Forum electronically on September 23, 2017; the Forum received payment on September 23, 2017.
On September 29, 2017, CNOBIN INFORMATION TECHNOLOGY LIMITED confirmed by e-mail to the Forum that the <bitfienex.com> domain name is registered with CNOBIN INFORMATION TECHNOLOGY LIMITED and that Respondent is the current registrant of the name. CNOBIN INFORMATION TECHNOLOGY LIMITED has verified that Respondent is bound by the CNOBIN INFORMATION TECHNOLOGY LIMITED registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On October 9, 2017, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of October 30, 2017 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@bitfienex.com. Also on October 9, 2017, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default.
On November 2, 2017, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed Houston Putnam Lowry, Chartered Arbitrator, as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests the domain name be transferred from Respondent to Complainant.
A. Complainant
Trademark/Service Mark Information: Rule 3(b)(viii).
Complainant has trademark filings (collectively, the “Filing(s)”) for its BITFINEX, BITFINEX Logo, and Leaf Design in Class 36, and BITFINEX INVEST IN THE FUTURE & Leaf Design trademarks (each a “Mark,” and collectively, the “Marks”) in Classes 36 and 42 in Hong Kong, the European Union, the Russian Federation, Canada, and the United States. Complainant’s Marks are well- known in the financial services industry, and Complainant’s BITFINEX trading platform is the “world’s largest and most advanced bitcoin trading platform.” Complainant first used its BITFINEX Mark, BITFINEX INVEST IN THE FUTURE, and BITFINEX INVEST IN THE FUTURE & Leaf Design Marks at least as early as 2013, and first used its BITFINEX Logo and Leaf Design Marks at least as early as 2016. In addition, Complainant first registered its BITFINEX INVEST IN THE FUTURE & Leaf Design Mark on April 15, 2015.
FACTUAL AND LEGAL GROUNDS
This Complaint is based on the following factual and legal grounds: UDRP Rule 3(b)(ix).
A. Jurisdictional Basis for the Administrative Proceeding
[7.1] This dispute is properly within the scope of the UDRP, and the FORUM has jurisdiction to decide the dispute, because the registration agreement pursuant to which the Domain is registered incorporates the UDRP.
[7.2] Further, in accordance with the UDRP, ¶4(a), Respondent is required to submit to a mandatory administrative proceeding because:
UDRP, ¶4(a)(i) The Domain is identical or confusingly similar to a trademark in which Complainant has rights; and
UDRP, ¶4(a)(ii) Respondent has no rights or legitimate interests in the Domain; and UDRP, ¶4(a)(iii) The Domain was registered and is being used in bad faith.
B. Nature of the Dispute
i. Complainant and its Mark
[7.3] Complainant has used Complainant’s BITFINEX Marks since at least as early as 2013 in connection with financial services in Class 36. Complainant’s BITFINEX, BITFINEX INVEST IN THE FUTURE, and BITFINEX INVEST IN THE FUTURE & Leaf Design Marks began use at least as early as October 25, 2013. Complainant’s BITFINEX Logo and Leaf Design Marks began use at least as early as June 27, 2016. Presently, Complainant’s Marks are used around the globe, including in Asia (including Hong Kong, India, China, and the Russian Federation), in North America (including in the United States and Canada), and in Europe (including in the European Union) in connection with financial services in Class 36.
[7.4] Complainant owns a trademark registration for its BITFINEX INVEST IN THE FUTURE & Leaf Design Mark in Hong Kong, which registered on April 15, 2015 under Registration No. 303,372,804 (“Registration”).
[7.5] Complainant’s BITFINEX, BITFINEX Logo, and Leaf Design Marks have been filed in Asia (including Hong Kong and the Russian Federation), in North America (including in the United States and Canada), and in Europe (including in the European Union) in connection with financial services in Class 36.
[7.6] Through Complainant’s extensive use and substantial investments in promoting its Marks over the course of approximately four (4) years, the Marks have developed substantial goodwill and a positive reputation. Complainant’s services are available in dozens of jurisdictions around the globe.
[7.7] Complainant’s bitfinex.com domain (“Complainant’s Domain”) was registered by Complainant’s predecessor in interest on October 11, 2012. Examples of Complainant’s use of its Marks, including current screenshots from Complainant’s bitfinex.com website (“Complainant’s Site”), are attached to the complaint.
[7.8] In less than four (4) years, Complainant became “the world’s largest and most advanced bitcoin trading platform.” As of August 2017, Complainant was the largest BTC-USD trading exchange in the world, capturing up to in excess of fifty percent (50%) of worldwide daily BTC-USD trading volume.
[7.9] Complainant’s Mark is an invented, fanciful trademark, as evidenced by the fact that Complainant is the only party who has filed a trademark containing the letterstring “bitfinex” before the United States Patent and Trademark Office.
ii. Respondent’s Registration and Use of the Domain
[7.10] Respondent registered the Domain on September 17, 2017 (“Domain Registration Date”). After this proceeding was initiated, and the privacy service associated with the Domain was removed, Complainant learned that Respondent also registered five (5) BITFINEX domains on August 19, 2017: bitfinexcenter.club, bitfinexexchange.club, bitfinexservices.club, bitfinexsolutions.club, and bitfinexworld.club (collectively, the “Other BITFINEX Domains”). In the interest of clarity, Complainant is not formally adding the Other BITFINEX Domains to this UDRP complaint and instead references them to show Respondent’s bad faith registration and use of the Domain at issue in this proceeding.
[7.11] In a matter of days – by September 19, 2017 – Respondent was using the Domain to host a phishing site that mimicked the look-and-feel of Complainant’s Site and Bitfinex.com domain (“Phishing Site”). On information and belief, Respondent’s phishing activities include:
· Hosting a Phishing Site at the Domain that appears to be Complainant’s Site, even to those very familiar with Complainant’s Site.
· Purchasing Google Keyword Advertisements for “Bitfinex” that produced a “Bitfinex.com” advertisement that led to Respondent’s Domain and the Phishing Site.
· Using login and password information entered on the Phishing Site to access the accounts and cryptocurrency of Complainant’s users (“Victim(s)”) through Complainant’s Site.
· Once the Victim’s login and password information are secured through the Phishing Site, Respondent checks to see if the Victim has 2FA enabled. If so, Respondent produces a new screen on the Phishing Site asking the Victim for the 2FA code. Respondent then quickly makes security changes to the account, creates an API key, and has full control over the Victim’s Bitfinex.com account, enabling withdrawals of cryptocurrency.
· Respondent can also use the email address, login, and password information provided to the Phishing Site to see if this data is linked to other accounts to harvest additional information from the Victim.
· As of September 20, 2017, BTC (bitcoin) currency was verified to have been stolen through Respondent’s Phishing Site from Victims through the steps described above. To date, Complainant has identified fifty (50) Victims who were compromised through the Domain and Phishing Site. However, the total number of Victims is difficult to ascertain because some of the compromised accounts may not have held funds, and/or the Victims may not yet be aware of the compromised nature of their accounts. The fifty (50) confirmed Victims have all contacted Complainant’s support team.
· The total identified value of BTC (bitcoin) currency stolen to date is 3.21376293 BTC. This amount was taken from six (6) different Victims. The value of this stolen currency as of September 21, 2017 was $12,292 United States Dollars.
[7.12] Twitter users have commented on how “scary and concerning” the Phishing Site is, and lamented that the Domain and Phishing Site are “damaging #Bitfinex and their #BTC et al. users.”
[7.13] Respondent’s Phishing Site, by mimicking Complainant’s Site, also used Complainant’s intellectual property without permission, including without limitation, the following uses:
· Mimicking the BITFINEX brand in the confusingly similar BITFIENEX Domain.
· Mimicking Complainant’s Domain (Bitfinex.com) in the confusingly similar Domain (Bitfienex.com).
· Using the BITFINEX trademark in identical form on the Phishing Site.
· Using the BITFINEX Logo trademark in identical form on the Phishing Site.
· Using the Leaf Design in identical form and color on the Phishing Site.
· Using the Leaf Design in identical form as a favicon from the Domain and Phishing Site.
· Copying the colors, layout, text, and look-and-feel of Complainant’s Site on the Phishing Site.
C. Legal Grounds Proving Domain Violates the UDRP
[7.14] The Domain should be transferred to Complainant pursuant to the UDRP because (1) Complainant has rights in its Mark, and the Domain is confusingly similar to Complainant’s Mark, (2) Respondent has no rights or legitimate interests in the Domain, and (3) Respondent registered and is using the Domain in bad faith.
i. The Domain is Confusingly Similar to Complainant’s Mark
[7.15] As demonstrated above, Complainant owns enforceable rights in the invented, fanciful, well known BITFINEX Mark.
[7.16] Complainant’s rights in its Mark pre-date the registration date of the Domain. Respondent registered the Domain on September 17, 2017 and subsequently used the Domain to host a Phishing Site that copies in near identical form Complainant’s Site.
[7.17] The Domain is confusingly similar to Complainant's BITFINEX Mark. A domain name is "nearly identical or confusingly similar" to a complainant's mark when it "fully incorporate[s] said mark." See, e.g., Moneytree, Inc. v. Cyberwire, LLC, FA0708001059480 (Forum Sept. 28, 2007) (adding a generic term for complainant's offerings and/or a top-level domain is irrelevant to whether a domain name is likely to cause confusion with complainant's trademark). Generally, a user of a mark may not avoid likely confusion by appropriating another's mark and simply adding a descriptive or non-distinctive term to it. See, e.g., Westfield Corp., Inc. v. Hobbs, D2000-0227 (WIPO May 18, 2000) ("[t]he dominant identifying characteristic of the domain name is the word 'Westfield'"). It is that word which conveys the dominant impression that is likely to cause confusion. Parfums Christian Dior v. 1 Netpower, Inc., D2000-0022 (WIPO Mar. 3, 2000) (finding that four domain names that added the descriptive words "fashion" or "cosmetics" after a distinctive trademark were confusingly similar). In determining the similarity of two marks, points of similarity are weighed more heavily than points of difference. See GoTo.com, Inc. v. Walt Disney Co., 202 F.3d 1199, 1206 (9th Cir. 2000); Brookfield Communications, Inc. v. West Coast Entm't Corp., 174 F.3d 1036, 1054-55 (9th Cir. 1999).
What is important in the confusingly similar analysis is not whether Respondent’s Domains are identical to Complainant’s Marks, but rather, whether one distinctive component of the Domains are similar in sound, appearance, and connotation to Complainant’s Marks. See, e.g., Inter-IKEA Systems B.V. v. Technology Education Center, D2000-0522 (WIPO Aug. 7, 2000) (the addition of “e” to the IKEA trademark in the <e-ikea.com> domain was “insignificant and …therefore the domain name is confusingly similar to the [c]omplainant’s trade mark IKEA”); Metabolife International v. Robert Williams, D2000-0630 (WIPO Dec. 9, 2000) (because “METABOLIVE is substantially identical letter-by-letter to the [c]omplainant’s [METABOLIFE] trademark…[t]he [p]anel finds that there is such similarity in sound, appearance, and connotation between METABOLIFE® and the said [d]omain [n]ame (Metabolive) as to render said [d]omain [n]ame confusingly similar to [c]omplainant’s trademark”); Yahoo! Inc. v. David Murray, D2000-1013 (WIPO Nov. 17, 2000) (“the [p]anel is satisfied that <yawho.com> is confusingly similar to <yahoo.com> because it … differs by only one letter”).
The addition of a single letter is insufficient to avoid a finding of confusing
similarity. See, e.g., Hotwire, Inc. v. Webatopia Marketing Limited, D2012-1985 (WIPO Nov. 23, 2012) (<houtwire.com> domain held confusingly similar to HOTWIRE trademark, despite addition of a single letter, because “the disputed domain name and Complainant’s trademarks differ only by the addition of one letter…there can be no doubt that the disputed domain name is identical or confusingly similar to Complainant’s trademarks”). Like Hotwire, Respondent’s bitfienex.com Domain differs from Complainant’s Mark solely by one letter (an additional “e” is added before the letter “n”). This minor difference is insufficient to avoid confusion between Complainant’s Mark and the Domain.
Here, there is no question that Respondent’s Domain is confusingly similar to Complainant’s BITFINEX Mark because the Domain features Complainant’s invented, fanciful BITFINEX brand and merely adds one typosquatting letter (“e”) to create the Domain. Complainant’s Domain (Bitfinex.com) and Respondent’s Domain (bitfienex.com) are nearly identical and confusingly similar.
This case is similar to the Telstra Corporation Limited v. Nuclear Marshmallows, D2000- 0003 (WIPO Feb. 18, 2000) case. In Telstra, an invented, fanciful trademark (TELSTRA) was involved. The Panel held that “the fact that the word <TELSTRA> appears to be an invented word, [it] is not one traders would legitimately choose unless seeking to create an impression of an association with the [c]omplainant.” As such, the Panel went on to find the domain <telstra.org> violated Complainant’s rights under the UDRP. Similarly, BITFINEX is an invented, fanciful trademark. Respondent would not have chosen this identical trademark as the cornerstone of the Domain if not for the fact that doing so would create confusion with Complainant’s Mark and services. This is further evidenced by the content on the Phishing Site, and the fact that a BITFINEX-themed Phishing Site was created at the Domain within days of the Domain Registration Date. The Phishing Site included Complainant’s BITFINEX Mark, BITFINEX Logo, Leaf Design logo, color scheme, and website content. It is therefore not surprising that Respondent’s Domain is confusingly similar to Complainant’s BITFINEX Mark, as intended.
Staples, Inc., et. al. v. John Sansone, D2004-0018 (WIPO Feb. 26, 2004) is also instructive. In Staples, Respondent replaced the letter “s” in complainant’s STAPLES trademark with the letter “a” in registering the <ataples.com> domain. The panelist held that “[t]he deletion or addition of one letter is an insignificant change” and transferred the domain to Complainant. Similarly, in Confédération Nationale du Crédit Mutuel v. Michael Marie, et al., D2014-0005 (WIPO Feb. 25, 2014), the letter “b” was added before Complainant’s CREDIT MUTUEL trademark in the <bcreditmutuel.com> domain. The Panelist held that “the mere addition of one letter…aims at reaching Internet users that would misspell the name of a certain domain” and in that case, the addition was also egregious because it could have been confused by consumers as indicating “banque” (the French word for “bank”), which directly related to the services of Complainant.
Another highly relevant case is Amazon.com, Inc. v. Oluseyi Ikhizamah, D2002-1168 (WIPO Mar. 17, 2003). In Amazon.com, Respondent added the letter “z” before Complainant’s AMAZON trademark in registering the <zamazon.com> domain. Amazon.com was known for selling books. The <zamazon.com> website was used “for an affiliate marketing program that provides links to web sites offering for sale products on the subject of earning a living from one’s home, including books.” The panel held that the addition of the letter “z” before the mark did nothing to reduce the risk of confusion. In fact, “[n]ot only are the names virtually visually identical, but they sound alike…the…domain name will therefore readily call to mind [the mark].”
Finally, Respondent’s Domain has all of the hallmarks of a typosquatting domain, which has been described as “a domain name that differs only by way of a minor spelling or typing error from a registered trademark to cause Internet users to arrive at webpages not in fact associated with the [c]omplainant.” ZB, N.A., A National Banking Association, dba Zions First National Bank v. Domain Admin, Whois Privacy Corp, D2016-0999 (WIPO Jul. 5, 2016) (zionsbsnk.com domain, substituting “a” in “bank” for “s,” transferred to complainant).
As demonstrated by the UDRP cases above, Respondent’s Domain is confusingly similar to Complainant’s BITFINEX Mark because the Domain features Complainant’s invented and fanciful BITFINEX Mark and merely adds the letter “e” in a typosquatting manner within the center of Complainant’s trademark. Because the essence of Respondent’s Domain remains Complainant’s distinctive, invented, and fanciful Mark – BITFINEX – the Domain is confusingly similar to Complainant’s BITFINEX Mark.
In light of the above, it is clear that Complainant has prior rights in its BITFINEX Mark, and the Domain is confusingly similar to Complainant’s BITFINEX Mark in violation of UDRP,
¶4(a)(i).
ii. Respondent Has No Rights or Legitimate Interests in the Domain
[7.18] Respondent has no rights or legitimate interests in the Domain.
a. Complainant’s rights in its BITFINEX Mark pre-date Respondent’s registration of the Domain by nearly four (4) years. Complainant’s prior rights in its BITFINEX Mark highlight Respondent’s lack of rights or legitimate interests in the Domain. See, e.g., Pierre Fabre Dermo-Cosmetique v. Simon Chen/personal/jinpingguo, D2011-0769 (WIPO Jul. 15, 2011) (a prima facie case that respondents lacked rights or legitimate interests in the disputed domain names was established in large part by Complainant’s earlier trademark rights).
b. Respondent is not affiliated with Complainant and has not been authorized by Complainant to use its BITFINEX brand in any manner. Respondent’s use of Complainant’s BITFINEX Mark in the context of the Domain and Phishing Site is not authorized by Complainant as the trademark owner.
c. Respondent also has not been authorized by Complainant to use its copyrights in any manner, including without limitation, Complainant’s copyright rights in the content of Complainant’s Site. Respondent’s use of Complainant’s copyrights in the context of the Phishing Site is not authorized by Complainant as the copyright owner.
d. Respondent has never used the Domain in connection with a bona fide offering of goods or services.
i. Upon registering the Domain, Respondent immediately used it to host a Phishing Site that pilfered BTC (bitcoin) from Victims. Respondent was able to steal this currency from Victims by usurping Complainant’s BITFINEX Mark in the Domain and creating a convincing copy-cat Phishing Site that uses Complainant’s invented and fanciful BITFINEX brand, BITFINEX Logo, Leaf Design logo, color scheme, and website layout.
ii. The intentional copying of Complainant’s brands and website for the purpose of confusing consumers into believing they have reached Complainant’s Site for the purpose of engaging in malicious phishing activities is not a bona fide offering of goods or services, and does not create any rights or legitimate interests in the Domain. Instead, this is evidence of bad faith registration and use.
iii. This phishing case is similar to Decathlon SAS v. Wang Yongwei / Domain Admin, Information Privacy Protection Services Limited, D2015-0198 (WIPO Apr. 7, 2015) where Respondent registered a typosquatting domain, zionsbsnk.com domain, and used it to host a phishing website allegedly “to phish for personal data and financial information in an attempt to defraud the [c]omplainant’s customers.” The panel held that it was “unable to conceive of any basis upon which the [r]espondent could sensibly be said to have any rights or legitimate interests” in the zionsbsnk.com domain.
iv. The use of a copy-cat website at the Domain is also similar to Uproxx Media Inc. v. WHOIS Privacy Corp, D2016-1894 (WIPO Nov. 18, 2016). In Uproxx Media, Complainant owned significant rights in the UPROXX brand, which was used on its uproxx.com domain and website. Respondent registered the uproxxmedia.com domain and used it to host “a website with a similar look and feel to the website owned and operated by [c]omplainant.” In fact, Respondent “created a ‘copycat’ website…[that] attempted to replicate the look, feel, and content of [c]omplainant’s [w]ebsite in both editorial and video content.” The panelist held that “[r]espondent’s conduct is not consistent with relevant rights or legitimate interests…therefore…[r]espondent has no rights or legitimate interests in respect of the [d]omain [n]ame.”
iiii. Like Respondents in Decathlon and Uproxx Media, Respondent has no rights or legitimate interests in the Domain because (a) Complainant’s rights in its fanciful and invented BITFINEX Mark pre-date the Domain Registration Date, (b) Respondent is not authorized to use Complainant’s BITFINEX Mark in any manner, (c) Respondent is not authorized to use Complainant’s copyrights in any manner, and (d) Respondent has usurped Complainant’s BITFINEX Mark and website content without permission to create a copycat Phishing Site intended to confuse Internet visitors into believing they have reached Complainant’s Site in order to defraud and victimize those visitors.
e. Respondent has not used the Domain in a legitimate, noncommercial, or fair use manner without intent for commercial gain. The Domain hosts a copycat Phishing Site that is intended to confuse Internet visitors into believing they have arrived at Complainant’s Site for the purpose of stealing their login and password information, stealing their currency, and attempting to reuse their stolen login and password information to steal additional confidential and proprietary information. These types of “activities” are not legitimate, noncommercial, or fair under the UDRP. See, e.g., Curo Intermediate Holdings Corp. v. Dhruvin Shah, D2016-1282 (WIPO Aug. 10, 2016) (Americanspeedycash.org domain transferred to Complainant where respondent used the domain to “display a copycat website of the [c]omplainant’s legitimate website” and the panelist could “think of no possible legitimate justification for this use,” and further held that the copycat site was “an inherently abusive use of the disputed domain name”); The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado, D2012-2093 (Dec. 19, 2012) (use of domain with phishing website cited in finding Respondent had no rights or legitimate interests in the domain); VeriSign, Inc. v. Nandini Tandon, D2000-1216 (WIPO Nov. 16, 2000) (VeriSignIndia.com and VeriSignIndia.net domains transferred to Complainant where respondent failed to use either domain. The panelist held that ‘the [r]espondent registered the domain name[s] either (a) to prevent the [c]omplainant from reflecting its trade mark in the word “verisign” in a corresponding domain name; (b) to disrupt the business of the [c]omplainant…or (c) in the event that the [r]espondent planned to create a website or websites corresponding to the domain names, to attract Internet users for commercial gain to the website by creating a likelihood of confusion with the [c]omplainant’s trade mark.”).
f. On information and belief, Respondent does not own any trademark registrations for the Domains. See, e.g., The Little Gym International, Inc. v. Domainstuff.com, D2003-0466 (WIPO Aug. 21, 2003).
g. Respondent registered the Domain under a privacy service, as indicated by the registrant’s original email address (whoisprivacyprotect@whoisservices.cn) and the fact that the WHOIS registrant name for the Domain changed after this UDRP proceeding was initiated. On information and belief, Registrant is not commonly known by “bitfienex.com” or “bitfienex.” See, e.g., The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado, D2012-2093 (Dec. 19, 2012).
Thus, Respondent has no rights or legitimate interests in the Domain in violation of UDRP, ¶4(a)(ii).
iii. Respondent Registered and is Using the Domain in Bad Faith
[7.19] The evidence clearly demonstrates that Respondent registered, and is using, the Domain in bad faith.
a. First, Respondent registered the Domain nearly four (4) years after Complainant developed rights in its fanciful and invented BITFINEX Mark, and over two (2) years after Complainant first registered one of its BITFINEX Marks for its services. Respondent was therefore on constructive notice of Complainant’s rights in its Mark. See, e.g., The Fragrance Foundation Inc. v. Texas International Property Associates, D2008-0982 (WIPO Aug. 28, 2008) (“[h]ad [r]espondent conducted the most cursory of searches on the Internet or with the readily available… registration database…it would have encountered [c]omplainant’s trademarks. The [p]anel finds, therefore, that either [r]espondent is disingenuous in its representation that it was unaware of [c]omplainant, or…by failing to conduct the most minor diligence, [r]espondent made the disputed domain name registration in bad faith”).
b. Second, Respondent’s use of the Domain to host a copy-cat Phishing Site, complete with Respondent’s invented and fanciful BITFINEX Mark, BITFINEX Logo, Leaf Design, color scheme, and website home page layout is clear and convincing evidence of bad faith registration and use under the UDRP. Also see, e.g., Curo Intermediate Holdings Corp. v. Dhruvin Shah, D2016-1282 (WIPO Aug. 10, 2016) (use of a domain to “display a copycat website of the [c]omplainant’s legitimate website” held to be “an inherently abusive use of the disputed domain name”); The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado, D2012-2093 (Dec. 19, 2012) (“[u]se of a disputed domain name for the purpose of defrauding Internet users by the operation of a ‘phishing’ website is perhaps the clearest evidence of registration and use of a domain name in bad faith”). Here, there can be no question that Respondent registered and used the Domain in bad faith, given the lengths Respondent went to in order to trick Internet visitors into believing its Phishing Site was Complainant’s Site for the purpose of creating financial Victims.
c. Third, it can be inferred that Respondent knew about Complainant, its Marks, and its services when the Domain was registered, given that Respondent’s Domain very quickly featured Complainant’s invented and fanciful BITFINEX brand, and was used to launch a Phishing Site within days of the Domain Registration Date, complete with (a) Complainant’s invented and fanciful BITFINEX brand, (b) an imitation of Complainant’s BITFINEX Logo, (c) an imitation of Complainant’s Leaf Design logo, which was used on the Phishing Site and as a favicon for the Fake Site, (d) Complainant’s color scheme, and (e) Complainant’s website layout and categories. See, e.g., Caesars World, Inc. v. Forum LLC, D2005-0517 (WIPO Aug. 1, 2005) (“The fact that the [d]omain [n]ame is linked to websites that expressly refer to casino, gaming and poker services further indicates that [r]espondent knew the scope of [c]omplainant’s services and products which are commercialized under its CAESARS family of marks”); Cable News Network LP, LLP v. Elie Khouri d/b/a Channel News Network et al., FA0208000117876 (Forum Dec. 16, 2002) (finding bad faith registration and use, because it was "absolutely inconceivable to this [p]anel that the [r]espondents… were unaware of the [c]omplainant’s CNN Mark when the former registered the disputed domain names"). Like Caesars and Cable News Network, it is simply untenable that Respondent was unaware of Complainant, its Marks, and its services given that its Phishing Site was designed to imitate Complainant’s Site, Marks, and account login details with precise details.
d. Fourth, Respondent registered the Domain primarily for the purpose of disrupting Complainant’s business and with the intent of commercially benefiting from such use. See, e.g., Microsoft Corporation v. N/A, FA1103001380357 (Forum Apr. 22, 2011) (bad faith demonstrated by evidence Respondent's domain name was used to divert Internet users to Complainant's detriment); The Channel Tunnel Group Ltd. v. John Powell, D2000-0038 (WIPO Mar. 17, 2000) (awareness of complainant's mark at the time of registering confusingly similar domain name is evidence of bad faith); Milwaukee Radio Alliance, L.L.C. v. WLZR-FM Lazer 103, D2000-0209 (WIPO June 5, 2000) (finding bad faith where a domain name owner sought to create “initial confusion on the part of Internet users with regard to the source of the domain name”) (internal quotations omitted); Nokia Corp. v. Nokiagirls.com, D2000-0102 (WIPO Apr. 18, 2000) (“respondent’s current use of the Domain Name is aimed at creating traffic to his web site . . . . respondent is thereby taking a free ride on the goodwill of complainant’s [mark].”). Here, there can be no doubt that the Domain, and the content on the Phishing Site, were all carefully chosen to increase the chance that consumers will assume that Respondent is Complainant. By doing so, Respondent intentionally diverted Internet traffic away from Complainant's Site towards Respondent's Domain and Phishing Site, all with the intent of commercial gain in violation of the UDRP. In fact, the Victims’ loss of over $12,000 USD in currency through the Phishing Site within days of the Domain Registration Date further proves that Respondent has in fact commercially benefitted.
e. Fifth, Respondent's bad faith registration and use can be inferred by Respondent's failure to show rights or legitimate interests in the Domains. See Imerys v. Unknown (gfg fdgdf, dfgdfg), D2007-0045 (WIPO Mar. 28, 2007).
f. Sixth, Respondent's bad faith registration and use can also be inferred by Respondent's constructive notice of Complainant's rights in its BITFINEX Marks, some of which were in use for nearly four (4) years and one (1) of which achieved trademark registration before the Domain (incorporating Complainant's invented BITFINEX Mark in its entirety) was registered. See RRI Financial, Inc. v. Chen, D2001-1242 (WIPO Dec. 11, 2001).
g. Seventh, Respondent’s bad faith registration of the Other BITFINEX Domains – all five (5) on August 19, 2017 – also demonstrates Respondent’s bad faith registration and use of the bitfienex.com Domain because the earlier registration of the Other BITFINEX Domains demonstrates that Respondent is and was aware of Complainant and its BITFINEX brand on the Domain Registration Date. See 1st Auto Transport Directory, Inc. v. I Planet Consulting, Inc., D2006-1212 (WIPO Nov. 19, 2006) (“[t]he fact that multiple domain names appear to have been registered…indicates that the disputed domain names were registered and being used in bad faith”).
h. Finally, Respondent registered and is using the Domain in bad faith because Respondent is in violation of Section 2 of the UDRP, incorporated by reference in Respondent's registration agreement with the concerned registrar, CNobin Information Technology Limited. By agreeing to be bound by Section 2, Respondent represented and warranted that its registration and use of the Domain would not infringe on another's rights. Violating these representations shows a registrant's bad faith. See, e.g., Young Genius Software AB v. MWD, D2000-0591 (WIPO Aug. 7, 2000). Respondent's actions clearly infringe Complainant's rights. Thus, Respondent's violations of the UDRP and its registration agreement with the concerned registrar only further buttress the conclusion that Respondent has acted, and continues to act, in bad faith.
Thus, Respondent registered and is using the Domain in bad faith in violation of UDRP, ¶4(a)(iii).
B. Respondent
Respondent failed to submit a Response in this proceeding.
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires Complainant prove the following three elements to obtain an order cancelling or transferring a domain name:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations and inferences set forth in the Complaint as true unless the evidence is clearly contradictory. See Vertical Solutions Mgmt., Inc. v. webnet-marketing, inc., FA 95095 (Forum July 31, 2000) (holding that Respondent’s failure to respond allows all reasonable inferences of fact in the allegations of the complaint to be deemed true); see also Talk City, Inc. v. Robertson, D2000-0009 (WIPO Feb. 29, 2000) (“In the absence of a response, it is appropriate to accept as true all allegations of the Complaint.”).
Complainant has used the BITFINEX mark as early as 2012 and has pending applications with various trademark offices, including the United States Patent and Trademark Office (“USPTO”) (e.g., Serial No. 87,483,907, filed June, 13, 2017). Complainant holds one registration of the BITFINEX with the Hong Kong Intellectual Property Department (“HKIPD”) (e.g., Reg. No. 303,372,804, registered April 15, 2014). Registration with the HKIPD (or any other governmental authority for that matter) suffices to demonstrate rights in a mark under Policy ¶4(a)(i), even if Respondent is located in another country. See Vanguard Trademark Holdings USA LLC v. Wang Liqun, FA 1625332 (Forum July 17, 2015) (finding, “Registration of a mark with a governmental authority (or, in this case, multiple governmental authorities) is sufficient to establish rights in the mark for purposes of Policy ¶4(a)(i)”). While Complainant’s BITFINEX mark has not yet been registered by the USPTO, the HKIPD has issued a valid registration. This Panel will not look behind (or re-examine) the trademark registration granted by Hong Kong. Complainant has rights in the BITFINEX mark under Policy ¶4(a)(i).
Complainant claims Respondent’s <bitfienex.com> is confusingly similar to the BITFINEX mark. Respondent’s addition of the single letter “e” is not sufficient to differentiate Complainant’s mark from the disputed domain name. A TLD (whether a gTLD, sTLD or ccTLD) is disregarded under a Policy ¶4(a)(i) analysis because domain name syntax requires TLDs. See Staples, Inc. v. Whois Privacy Shield Services, FA 1617690 (Forum June 5, 2015) (holding that “Changing a single letter (especially when it is the final letter) is a minor enough change to support a finding of confusing similarity under Policy ¶4(a)(i).”). Respondent’s <bitfienex.com> is confusingly similar to Complainant’s BITFINEX mark.
The Panel finds Policy ¶4(a)(i) satisfied.
Complainant must first make a prima facie case Respondent lacks rights and legitimate interests in the disputed domain name under Policy ¶4(a)(ii). Then the burden shifts to Respondent to show it has rights or legitimate interests. See Hanna-Barbera Prods., Inc. v. Entm’t Commentaries, FA 741828 (Forum Aug. 18, 2006) (holding that Complainant must first make a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain name under UDRP ¶4(a)(ii) before the burden shifts to Respondent to show that it does have rights or legitimate interests in a domain name); see also AOL LLC v. Gerberg, FA 780200 (Forum Sept. 25, 2006) (“Complainant must first make a prima facie showing that Respondent does not have rights or legitimate interest in the subject domain names, which burden is light. If Complainant satisfies its burden, then the burden shifts to Respondent to show that it does have rights or legitimate interests in the subject domain names.”).
Complainant claims Respondent is not commonly known by the disputed domain name. When respondent fails to submit a response, panels have looked to WHOIS information to determine whether respondent has rights or legitimate interests. See Amazon Technologies, Inc. v. Suzen Khan / Nancy Jain / Andrew Stanzy, FA 1741129 (Forum Aug. 16, 2017) (finding that respondent had no rights or legitimate interests in the disputed domain names when the identifying information provided by WHOIS was unrelated to the domain names or respondent’s use of the same). Absent information in the record to the contrary, the WHOIS information and common sense allow the Panel to decide Respondent is not commonly known by the disputed domain name. The current WHOIS identifies the registrant of <bitfienex.com> as “Sergey Valerievich Kireev / Kireev.” There is no obvious relationship between the disputed domain name and Respondent’s name. The Panel concludes Respondent is not commonly known as BITFIENEX or <bitfienex.com>.
Complainant claims Respondent has not made a bona fide offering of goods or services or a legitimate noncommercial or fair use of the disputed domain name because Respondent uses the disputed domain name to itself pass off as Complainant and operate a phishing scheme. Using a disputed domain name to “pass off” as a complainant in furtherance of a scheme to phish for user information does not constitute rights or legitimate interests under Policy ¶¶4(c)(i) & (iii). See DaVita Inc. v. Cynthia Rochelo, FA 1738034 (Forum July 20, 2017) (”Passing off in furtherance of a phishing scheme is not considered a bona fide offering of goods or services or legitimate noncommercial or fair use.”). Respondent’s disputed domain name closely mimics Complainant’s genuine bitcoin platform and purports to offer similar bitcoin exchange services. The two web sites have a very similar look and feel. Various customers have lost money due to this scheme. Respondent lacks rights and legitimate interests in the <bitfienex.com> domain name under Policy ¶¶4(c)(i) and (iii).
Respondent registered the disputed domain name using a WHOIS privacy service. Respondent has not publicly associated itself with the disputed domain name in any fashion. This means Respondent did not acquire any rights to the disputed domain name simply by registering it.
The Panel finds Policy ¶4(a)(ii) satisfied.
Complainant claims Respondent registered and uses <bitfienex.com> in bad faith to disrupt Complainant’s business under Policy ¶4(b)(iii). Respondent uses the goodwill associated with the BITFINEX mark to operate a phishing scheme for Respondent’s commercial benefit. Passing off as a complainant to conduct a phishing scheme constitutes bad faith. See Google Inc. v. Domain Admin / Whois Privacy Corp., FA1506001622862 (Forum Aug. 10, 2015) (finding that Respondent’s apparent use of the disputed domain name in furtherance of a ‘phishing’ scheme further established its bad faith registration and use of the disputed domain name under Policy ¶4(a)(iii)). Respondent used the disputed domain name to divert users away from Complainant’s bitcoin exchange business. Respondent acquired customer’s login information and took bitcoin from their accounts (which results in poorer, and upset, customers). At least fifty users’ accounts were compromised by the phishing scheme. Complainant had to send out warnings to all of its users, which obviously upset Complainant’s user community. Complainant’s goodwill in the BITFINEX mark was hurt by this scheme. Respondent’s actions constitute bad faith under Policy ¶4(b)(iii).
Complainant claims Respondent must have had actual notice of Complainant's rights in the BITFINEX mark prior to registration of the domain names. This is undoubtedly true because Respondent created a REALLY convincing copy of Complainant’s web site. See Yahoo! Inc. v. Butler, FA 744444 (Forum Aug. 17, 2006) (finding bad faith where Respondent was "well-aware of Complainant's YAHOO! mark at the time of registration"). Respondent could not claim to be unaware of Complainant’s mark and just happen to create a copycat web site. Respondent knew what it was doing. Respondent fashioned a highly similar mark, “Bitfienex,” to lure careless customers into its phishing scheme. Respondent also registered five (5) additional BITFINEX domains on August 19, 2017: bitfinexcenter.club, bitfinexexchange.club, bitfinexservices.club, bitfinexsolutions.club, and bitfinexworld.club. This Panel is not willing to believe this was all an innocent coincidence. Respondent’s actions constitute bad faith under the penumbra of Policy ¶4(b).
Respondent registered the disputed domain name using a WHOIS privacy service (albeit by using an unusual trustee’s name, Wuxi Yilian LLC, who just happens to use the WHOISprivacyProtect@WHOISservices.cn email address). In the commercial context, this raises the rebuttable presumption of bad faith registration and use of the disputed domain name. Respondent has done nothing to rebut this presumption. This Panel is willing to find bad faith on this ground alone.
The Panel finds Policy ¶4(a)(iii) satisfied.
Having established all three elements required under the ICANN Policy, the Panel concludes relief shall be GRANTED.
Accordingly, it is Ordered the <bitfienex.com> domain name be TRANSFERRED from Respondent to Complainant.
Houston Putnam Lowry, Chartered Arbitrator, Panelist
Dated: Tuesday, November 7, 2017
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page