SecureWorks Corp. v. Levon Merdinian
Claim Number: FA1903001834655
Complainant is SecureWorks Corp. (“Complainant”), represented by Laura A. Kees of Womble Bond Dickinson (US) LLP, Georgia, USA. Respondent is Levon Merdinian (“Respondent”), California, USA.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <isecureworks.com>, registered with 1&1 Internet SE.
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Charles A. Kuechenmeister
Complainant submitted a Complaint to the Forum electronically on March 19, 2019; the Forum received payment on March 19, 2019.
On March 19, 2019, 1&1 Internet SE confirmed by e-mail to the Forum that the <isecureworks.com> domain name (the Domain Name) is registered with 1&1 Internet SE and that Respondent is the current registrant of the name. 1&1 Internet SE has verified that Respondent is bound by the 1&1 Internet SE registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On March 21, 2019, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint setting a deadline of April 10, 2019 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@isecureworks.com. Also on March 21, 2019, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default.
On April 12, 2019, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed Charles A. Kuechenmeister as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum’s Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the Domain Name be transferred from Respondent to Complainant.
A. Complainant
Complainant is a cybersecurity company serving 4,300 clients in more than 50 countries. Complainant has rights in the SECUREWORKS mark through its registration of the mark with the United States Patent and Trademark Office (“USPTO”) (e.g. Reg. No. 3,329,157, registered Nov. 6, 2007). Respondent’s Domain Name is identical or confusingly similar to Complainant’s mark as it incorporates the mark in its entirety, merely adding letter “i" and the “.com” generic top-level domain (“gTLD”).
Respondent has no rights or legitimate interests in the Domain Name. Respondent is not commonly known by the Domain Name, nor does it have any connection or affiliation with Complainant. Complainant has not authorized, licensed, or otherwise permitted Respondent to use its mark. Also, Respondent does not use the Domain Name in connection with a bona fide offering of goods or services or for a legitimate noncommercial or fair use. Instead, Respondent has used the Domain Name to attract visitors to its web site where it falsely represented that it is Complainant. Recently, the web site resolving from the Domain Name states that it is being upgraded.
Respondent registered and uses the Domain Name in bad faith. Respondent previously used the Domain Name to host a web site that impersonated Complainant and one of its employees in order to obtain information from a third party. Further, Respondent had actual and constructive knowledge of Complainant’s rights in the mark when it registered the Domain Name given its use of the entire SECUREWORKS mark in the Domain Name. Additionally, Respondent registered the Domain Name using a privacy shield.
B. Respondent
Respondent did not submit a Response in this proceeding.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy provides that in order to obtain an order cancelling or transferring a domain name, Complainant must prove each of the following three elements:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
The Panel finds as follows with respect to the matters at issue in this proceeding:
The SECUREWORKS mark was registered to Complainant with the USPTO (Reg. No. 3,329,157) on November 6, 2007. See, Complaint Exhibit 7. Registration of a mark with the USPTO is sufficient to establish a complainant’s rights in a mark for the purposes of Policy ¶ 4(a)(i). DIRECTV, LLC v. The Pearline Group, FA 1818749 (Forum Dec. 30, 2018) (“Complainant’s ownership of a USPTO registration for DIRECTV demonstrates its rights in such mark for the purposes of Policy ¶ 4(a)(i).”).
The Domain Name is identical or confusingly similar to Complainant’s mark as it incorporates the mark in its entirety, merely adding the letter “i" and the “.com” gTLD. These changes are not sufficient to distinguish the Domain Name from Complainant’s mark for the purposes of Policy ¶ 4(a)(i). OpenTable, Inc. v. Above.com Domain Privacy, FA 1626187 (Forum Aug. 10, 2015 (“Respondent’s <oipentable.com> domain name is confusingly similar to the OPENTABLE mark under Policy ¶ 4(a)(i) because the disputed domain merely adds the letter ‘i’ . . . ”), Blue Cross and Blue Shield Association v. Shi Lei aka Shilei, FA 1784643 (Forum June 18, 2018) (“A TLD (whether a gTLD, sTLD or ccTLD) is disregarded under a Policy ¶4(a)(i) analysis because domain name syntax requires TLDs.”). The WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), at ¶ 1.7, states that the test for confusing similarity “typically involves a side-by-side comparison of the domain name to assess whether the mark is recognizable within the domain name.” Notwithstanding the changes described above, Complainant’s mark is clearly recognizable within the Domain Name, and this establishes its confusing similarity to Complainant’s mark.
For the reasons set forth above, the Panel finds that the Domain Name is identical or confusingly similar to the SECUREWORKS mark, in which Complainant has substantial and demonstrated rights.
Rights or Legitimate Interests
If a complainant makes a prima facie case that the respondent lacks rights or legitimate interests in the domain name under Policy ¶ 4(a)(ii), the burden of production shifts to respondent to come forward with evidence that it has rights or legitimate interests in it. Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”). If a respondent fails to come forward with such evidence, the complainant’s prima facie evidence will be sufficient to establish that respondent lacks such rights or legitimate interests. If the respondent does come forward with such evidence, the Panel must assess the evidence in its entirety. At all times, the burden of proof remains on the complainant. WIPO Overview 3.0, at ¶ 2.1.
Policy ¶ 4(c) lists the following three nonexclusive circumstances, any one of which if proven can demonstrate a respondent’s rights or legitimate interests in a domain name for the purposes of Policy ¶ 4(a)(ii):
(i) before any notice to respondent of the dispute, respondent has used or has made demonstrable preparations to use the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or
(ii) respondent (as an individual, business or other organization) has been commonly known by the domain name, even if respondent has acquired no trademark or service mark rights; or
(iii) respondent is making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.
Complainant asserts that Respondent has no rights or legitimate interests in the Domain Name because (i) Respondent is not commonly known by the Domain Name, (ii) Respondent is not connected or affiliated with Complainant and Complainant has not authorized or licensed Respondent to use its SECUREWORKS mark, and (iii) Respondent is not using the Domain Name in connection with a bona fide offering of goods and services or for a legitimate noncommercial or other fair use because the web site resolving from it previously hosted a web site that impersonated Complainant and is currently inactive. These allegations are supported by competent evidence.
The information furnished to the Forum by the registrar lists the registrant of the Domain Name as “Levon Merdinian.” This name bears no resemblance to the Domain Name. UDRP panels have consistently held that, in the absence of evidence to the contrary, a registrant name that is materially different from the domain name at issue is competent evidence that the respondent is not commonly known by the domain name. Guardair Corporation v. Pablo Palermo, FA1407001571060 (Forum Aug. 28, 2014) (holding that the respondent was not commonly known by the <guardair.com> domain name according to Policy ¶ 4(c)(ii), as the WHOIS information lists “Pablo Palermo” as registrant of the disputed domain name). The Panel is satisfied that Respondent has not been commonly known by the Domain Name for the purposes of Policy ¶ 4(c)(ii).
Complainant states that Respondent is not connected or affiliated with Complainant and that it has never licensed or authorized Respondent to use its mark in any way. Complainant has specific competence to make this statement, and it is unchallenged by any evidence before the Panel. In the absence of evidence that a respondent is authorized to use a complainant’s mark in a domain name or that a respondent is commonly known by the disputed domain name, the respondent may be presumed to lack rights or legitimate interests in the domain name. IndyMac Bank F.S.B. v. Eshback, FA 830934 (Forum Dec. 7, 2006) (finding that the respondent failed to establish rights and legitimate interests in the <emitmortgage.com> domain name as the respondent was not authorized to register domain names featuring the complainant’s mark and failed to submit evidence that it is commonly known by the domain name), Indeed, Inc. v. Ankit Bhardwaj / Recruiter, FA 1739470 (Forum Aug. 3, 2017) (”Respondent lacks both rights and legitimate interests in respect of the at-issue domain name. Respondent is not authorized to use Complainant’s trademark in any capacity and, as discussed below, there are no Policy ¶ 4(c) circumstances from which the Panel might find that Respondent has rights or interests in respect of the at-issue domain name.”).
Complaint Exhibit 8 consists of two pages, the first of which is the landing page for the Domain Name. It identifies the operator of the site as “isecureworks,” an entity which purportedly offers ”cyber security and threat detect [sic]” services, and displays a photograph of a person named Barry Hensley, who is represented as an employee of isecureworks. The web site purportedly offers employment opportunities and invites the visitor to click on boxes labelled “APPLY” if interested. The web site does not appear to copy or attempt to duplicate the look and feel of Complainant’s web site, shown at Complaint Exhibit 6, but because of the close similarity between Complainant’s name and the isecureworks name and the fact that isecureworks purports to be in the same cyber security industry as Complainant, the site could easily be mistaken for Complainants site.
The second page of Exhibit 8 consists of copies of email messages or notifications of some sort between this Mr. Hensley (barryhensley@aol.com) and one Nikolay Sandev (nikolay.sandev@gmail.com) relating to a proposed telephone conversation between them. Complaint Exhibit 9 is a copy of a partially redacted email message from “Nikolay” to “Barry” saying that Nikolay believes someone is trying to impersonate Barry and inviting Barry to return the call. This page also identifies Barry Hensley as the Chief Threat Intel Officer at SecureWorks. The Complaint asserts that Respondent used the web site to attract Internet traffic intended for it to Respondent’s web site and used the web site to phish for personal and private information of a person attracted to the site thinking it belonged to Complainant. The evidence is consistent with this interpretation. Using a confusingly similar domain name to pass off as a complainant and phish for information from unsuspecting Internet users does not qualify as a bona fide offering of goods and services within the meaning of Policy ¶ 4(c)(i) or as a legitimate noncommercial or fair use within the meaning of Policy ¶ 4 (c)(iii). DaVita Inc. v. Cynthia Rochelo, FA 1738034 (Forum July 20, 2017) (”Passing off in furtherance of a phishing scheme is not considered a bona fide offering of goods or services or legitimate noncommercial or fair use.”).
Complaint Exhibit 10 is a screenshot of the web site currently resolving from the Domain Name. It still presents itself as being operated by isecureworks but instead of displaying any substantive content it simply states “While we upgrade our site please do contact us @ [phone number].” The web site is obviously inactive. Inactive holding of a domain name has often been held not to qualify as a bona fide offering of goods and services within the meaning of Policy ¶ 4(c)(i) or a legitimate noncommercial or fair use within the meaning Policy ¶ 4(c)(iii). See George Weston Bakeries Inc. v. McBroom, FA 933276 (Forum Apr. 25, 2007) (finding that the respondent had no rights or legitimate interests in a domain name under either Policy ¶ 4(c)(i) or Policy ¶ 4(c)(iii) where it failed to make any active use of the domain name).
Complainant has made its prima facie case. On the evidence presented, and in the absence of any evidence from Respondent, the Panel finds that Respondent has no rights or legitimate interests in the Domain Name.
(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant which is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or
(ii) you have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such conduct; or
(iii) you have registered the domain name primarily for the purpose of disrupting the business of a competitor; or
(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation or endorsement of your web site or location or of a product of service on your web site or location.
The evidence before the Panel supports a finding of bad faith use and registration of the Domain Name. Policy ¶ 4(b) recognizes that mischief can assume many different forms and takes an open-ended approach to bad faith, listing some examples without attempting to enumerate all its varieties. Worldcom Exchange, Inc. v. Wei.com, Inc., WIPO Case No. D-2004-0955 (January 5, 2005). The non-exclusive nature of Policy ¶ 4(b) allows for consideration of additional factors in an analysis for bad faith, and passing oneself off as a complainant to phish for sensitive private information from others has often been held to evidence bad faith registration and use. Klabzuba Oil & Gas, Inc. v. LAKHPAT SINGH BHANDARI, FA1506001625750 (Forum July 17, 2015) (“Respondent uses the <klabzuba-oilgas.com> domain to engage in phishing, which means Respondent registered and uses the domain name in bad faith under Policy ¶ 4(a)(iii).”).
Although Complainant did not advance the argument in connection with its bad faith claims, by simply adding an “i” at the front of Complainant’s mark in the Domain Name, Respondent is guilty of typosquatting, which is the intentional misspelling of a protected trademark to take advantage of typing errors made by Internet users seeking the web sites of the owners of the mark. Given the nonexclusive, open-ended nature of Policy ¶ 4(b), typosquatting has, in and of itself, been held to be evidence of bad faith registration and use. Adorama, Inc. v. Moniker Privacy Services, FA1503001610020 (Forum May 1, 2015) (“Respondent has also engaged in typosquatting, which is additional evidence of bad faith registration and use under Policy ¶ 4(a)(iii)”), Vanguard Trademark Holdings USA LLC v. Shuai Wei Xu / Xu Shuai Wei, FA 1784238 (Forum June 1, 2018) (finding the respondent engaged in typosquatting—and thus registered and used the at-issue domain names in bad faith—where the names consisted of the complainant’s mark with small typographical errors introduced therein).
Typosquatting necessarily implicates another factor that has also, by itself, often been held by UDRP panels to constitute bad faith. It is evident from the fact that Complainant’s mark is incorporated verbatim into the Domain Name, and from the fact that Respondent’s web site purports to operate in the same cyber security industry as Complainant, that Respondent had actual knowledge of Complainant’s mark in May 2012, when it registered the Domain Name. See, WHOIS report submitted as Complaint Exhibit 4 for registration date. It is obvious that Respondent registered its Domain Name with the intent and expectation that it would cause Internet users to believe that its site was Complainant’s. Given the nonexclusive, open-ended nature of Policy ¶ 4(b), actual knowledge of a complainant’s rights in a mark prior to registering an identical or confusingly similar domain name has often been held to be evidence of bad faith registration and use for the purposes of Policy ¶ 4(a)(iii). Univision Comm'cns Inc. v. Norte, FA 1000079 (Forum Aug. 16, 2007) (rejecting the respondent's contention that it did not register the disputed domain name in bad faith since the panel found that the respondent had knowledge of the complainant's rights in the UNIVISION mark when registering the disputed domain name).
For the reasons set forth above, the Panel finds that Respondent registered and is using the Domain Name in bad faith within the meaning of Policy ¶ 4(a)(iii).
Complainant having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <isecureworks.com> Domain Name be TRANSFERRED from Respondent to Complainant.
Charles A. Kuechenmeister, Panelist
April 15, 2019
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page