Google LLC v. Christopher Hadnagy / Social-Engineer.com
Claim Number: FA2105001944032
Complainant is Google LLC (“Complainant”), represented by James R. Davis, II of Perkins Coie LLP, District of Columbia, USA. Respondent is Christopher Hadnagy / Social-Engineer.com (“Respondent”), represented by Mani Arabi of Arabi Law, Pennsylvania, USA.
REGISTRAR AND DISPUTED DOMAIN NAME
The disputed domain name is <xn--ggle-vqa84c.com>, registered with GoDaddy.com, LLC.
The undersigned certifies that they have acted independently and impartially and to the best of their knowledge have no known conflict in serving as Panelists in this proceeding.
Anne M. Wallace, Panelist; Honorable Karl V. Fink (retired), Panelist; and Sandra J. Franklin, Panelist and Chair.
Complainant submitted a Complaint to the Forum electronically on May 5, 2021; the Forum received payment on May 5, 2021.
On May 6, 2021, GoDaddy.com, LLC confirmed by e-mail to the Forum that the <xn--ggle-vqa84c.com> domain name is registered with GoDaddy.com, LLC and that Respondent is the current registrant of the name. GoDaddy.com, LLC has verified that Respondent is bound by the GoDaddy.com, LLC registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On May 7, 2021, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of June 1, 2021 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@xn--ggle-vqa84c.com. Also on May 7, 2021, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
A timely Response was received and determined to be complete on June 1, 2021.
A timely Additional Submission was received from Complainant and determined to be complete on June 9, 2021.
A timely Additional Submission was received from Respondent and determined to be complete on June 9, 2021.
On June 8, 2021, pursuant to Complainant's request to have the dispute decided by a three-member Panel, the Forum appointed: Anne M. Wallace, Panelist; Honorable Karl V. Fink (retired), Panelist; and Sandra J. Franklin, Panelist and Chair.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2.
Complainant requests that the domain name be transferred from Respondent to Complainant.
PRELIMINARY ISSUE: INTERNATIONALIZED DOMAIN NAME
The domain name in dispute, <gôōgle.com>, is an internationalized domain name (“IDN”) with the PUNYCODE translation of <xn--ggle-vqa84c.com>. An IDN is a domain name that contains non-traditional characters, such as letters with diacritics or other non-ASCII characters. In order to display characters or symbols in a domain name, the terms of the domain name are encoded into a scheme such as PUNYCODE. For Complainant to display the <xn--ggle-vqa84c.com> properly in the <gôōgle.com> domain name, it first had to encode it into the <xn--ggle-vqa84c.com> domain name.
Past panels have found IDNs and their PUNYCODE translations to be equivalent. See Damien Persohn v. Lim, FA 874447 (Forum Feb. 19, 2007) (finding an internationalized domain name, <têtu.com>, and its PUNYCODE translation, <xn--ttu-fma.com>, to be one and the same under the Policy); see also Württembergische Versicherung AG v. Emir Ulu, D2006-0278 (WIPO May 4, 2006) (finding that the <xn--wrttembergische-versicherung-16c.com> should be considered as equivalent to the <württembergische-versicherung.com> domain name, based on previous panel decisions recognizing the relevance of I-nav software for translating German letters such as “ä” or “ü” into codes such as <xn--[name]-16c> and similar); see also Fujitsu Ltd. v. tete and Lianqiu Li, D2006-0885 (WIPO Oct. 12, 2006) (finding the <xn--zqsv0e014e.com> domain name to be an exact reproduction of the complainant’s Chinese trademark in a domain name).
This Panel similarly finds that the <gôōgle.com> domain name is the same as its PUNYCODE translation, <xn--ggle-vqa84c.com>, for purposes of this proceeding.
A. Complainant
1. Respondent’s <xn--ggle-vqa84c.com> domain name is confusingly similar to Complainant’s GOOGLE mark.
2. Respondent does not have any rights or legitimate interests in the <xn--ggle-vqa84c.com> domain name.
3. Respondent registered and uses the <xn--ggle-vqa84c.com> domain name in bad faith.
B. Respondent
1. Respondent’s <xn--ggle-vqa84c.com> domain name is not confusingly similar to Complainant’s GOOGLE mark because users will realize they are not at a GOOGLE site when they get to <xn--ggle-vqa84c.com>.
2. Respondent has rights and legitimate interests in the <xn--ggle-vqa84c.com> domain name because it is using the domain name for consulting/training purposes.
3. Respondent did not register and does not use the <xn--ggle-vqa84c.com> domain name in bad faith for the above reasons.
C. Complainant’s Additional Submission
1. Respondent’s use of the <xn--ggle-vqa84c.com> domain name for a phishing scheme, whether or not for training purposes, does not mitigate the confusion of consumers using the domain name.
2. Respondent’s use of the <xn--ggle-vqa84c.com> domain name as a “business tool” does not establish rights or legitimate interests in the domain name.
3. Respondent registered and uses the <xn--ggle-vqa84c.com> domain name in bad faith, as shown by its pattern of using well-known trademarks for its business purposes.
4. This case is similar to a recent UDRP case involving Facebook, wherein the Panel transferred the disputed domain name to Complainant.
D. Respondent’s Additional Submission
1. Respondent reiterates that it has a “teaching defense” and thus has legitimate interests in the <xn--ggle-vqa84c.com> domain name.
2. Prior Panels, including the Facebook Panel, have not rejected “cybersecurity type defenses.”
3. Respondent does not profit from using the <xn--ggle-vqa84c.com> domain name and has not offered to sell the domain name.
Complainant, Google LLC, operates its well-known search engine using the GOOGLE mark. Complainant holds multiple registrations for the GOOGLE mark with trademark agencies throughout the world (e.g. United States Patent and Trademark Office (“USPTO”) Reg. No. 2,884,502, registered September 14, 2004; European Union Intellectual Property Office (“EUIPO”) Reg. No. 1,104,306, registered October 26, 2007).
Respondent is a cybersecurity consultant who registered the <xn--ggle-vqa84c.com> domain name on April 17, 2018, and uses it to conduct cybersecurity training.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
The Panel finds that Complainant has rights in the GOOGLE mark under Policy ¶ 4(a)(i) through its registrations with multiple trademark agencies throughout the world. See Alibaba Group Holding Limited v. YINGFENG WANG, FA 1568531 (Forum Aug. 21, 2014) (“Complainant has rights in the ALIBABA mark under the Policy through registration with trademark authorities in numerous countries around the world.”).
Respondent’s <xn--ggle-vqa84c.com> domain name is a Punycode version of the <gôōgle.com> domain name, which incorporates an internationalized version of the GOOGLE mark by replacing one or more letters with a Unicode character, and adds the “.com” gTLD. Using a PUNYCODE version of a mark in a domain name, and adding a gTLD, does not distinguish the domain name from the mark. See Microsoft Corp. v. Harrington, FA1305319 (Forum Mar. 16, 2010) (finding <bıng.com> [xn--bng-jua.com] confusingly similar to BING and noting, “The Panel finds that exchanging one letter for another in the disputed domain name fails to prevent confusing similarity according to Policy ¶ 4(a)(i), especially when the disputed domain name remains visually similar to Complainant’s mark”).
The Panel rejects the notion that users of the disputed domain name are not confused because they eventually realize that the resolving website is not Complainant’s website, and finds that users’ confusion, whenever it occurs, is nonetheless confusion. See Google Inc. v. Ramon Ortiz, FA1101001370018 (Forum Mar. 15, 2011) (a disclaimer does not dispel the confusion); see also Wal-Mart Stores, Inc. v. Domains by Proxy, LLC / UFCW Int’l Union, Case No. D2013-1304 (WIPO Oct. 7, 2013) (“The Panel 3 148904811.2 concludes that the disclaimer statement that the website is not affiliated with Complainant is not effective to remedy the damage already created.”)
Although Respondent admits to deliberately causing confusion with its use of the disputed domain name, the Panel notes that the UDRP does not require a showing that users are actually confused when using a disputed domain name; the UDRP requires that a dipsuted domain name is confusingly similar to a mark. The Panel finds that Respondent’s <xn--ggle-vqa84c.com>/<gôōgle.com> domain name is confusingly similar to Complainant’s GOOGLE mark.
Once Complainant makes a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain name under Policy ¶ 4(a)(ii), the burden shifts to Respondent to show it does have rights or legitimate interests. See Advanced International Marketing Corporation v. AA-1 Corp, FA 780200 (Forum Nov. 2, 2011) (finding that a complainant must offer some evidence to make its prima facie case and satisfy Policy ¶ 4(a)(ii)); see also Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”).
Complainant argues that Respondent does not have rights or legitimate interests in the <xn--ggle-vqa84c.com> domain name, as Respondent is not commonly know by the domain name. Complainant has not authorized or licensed Respondent to use its GOOGLE mark in the disputed domain name. The WHOIS of record identifies Respondent as “Christopher Hadnagy/Social-Engineer.com.” Respondent does not allege that it is commonly known by the disputed domain name. Therefore, the Panel finds that Respondent is not commonly known by the disputed domain name, and thus has no rights under Policy ¶ 4(c)(ii). See Deutsche Lufthansa AG v. Mohamed elkassaby, FA 1801815 (Forum Sept. 17, 2018) (“The WHOIS lists “Mohamed elkassaby” as registrant of record. Coupled with Complainant’s unrebutted assertions as to absence of any affiliation between the parties, the Panel finds that Respondent is not commonly known by the Domain Name in accordance with Policy ¶ 4(c)(ii).”).
Complainant argues that Respondent does not use the <xn--ggle-vqa84c.com> domain name for a bona fide offering of goods or services or a legitimate noncommercial or fair use, as Respondent uses it to provide pay-per-click links. Under Policy ¶¶ 4(c)(i) and (iii), using a disputed domain name to host parked pay-per-click links for competing or related services is not considered a bona fide offering of goods or services or a legitimate noncommercial or fair use. See Tercent Inc. v. Lee Yi, FA 139720 (Forum Feb. 10, 2003) (holding that the respondent’s use of the disputed domain name to host a series of hyperlinks and a banner advertisement was neither a bona fide offering of goods or services nor a legitimate noncommercial or fair use of the domain name). Complainant provides a screenshot of the disputed domain name’s resolving website, which features parked pay-per-click links to websites containing misspellings of Complainant’s GOOGLE mark. The Panel finds that this use is not a bona fide offering of goods or services or a legitimate noncommercial or fair use, and thus Respondent has no rights under Policy ¶¶ 4(c)(i) and (iii).
Complainant argues that Respondent’s use of the <xn--ggle-vqa84c.com> domain name to offer security awareness training services is also not a bona fide offering of goods or services or a legitimate noncommercial or fair use. Under Policy ¶¶ 4(c)(i) and (iii), using a disputed domain name to pass off as a Complainant without a license from Complainant, even as part of a legitimate business training service, is not a bona fide offering of goods or services or a legitimate noncommercial or fair use. See Facebook, Inc. and Instagram, LLC v. WhoisGuard Protected, WhoisGuard, Inc. / Phishing Operations, Wombat Security Technologies, D2020-3218 (WIPO Jan. 25, 2021) (“Respondent is undoubtedly engaged in a legitimate business, but engaging in a legitimate business does not automatically vest Respondent with a legitimate interest vis-à-vis the Domain Names. Here, Respondent is admittedly using Domain Names that are confusingly similar to Complainant’s famous trademarks, with the aim that an Internet user will arrive at the landing page (described above in the “Factual Background” section) of Respondent’s parent, Proofpoint. . . . Although Internet users using one of the Domain Names and mistakenly arriving at the Proofpoint website may ultimately realize that the site is not authorized by or affiliated with the Complainant, they will have nonetheless landed on a site which flows to Respondent’s commercial benefit. These users did not sign up for this; they were searching – via a campaign sponsored by the Respondent – for Complainant’s website. Respondent is, in essence, riding on the considerable goodwill of Complainant and its famous trademarks . . . ”); see also SAP SE v. Registration Private, Domains By Proxy, LLC / PH Info Solutions and Prabhu Rao, D2020-1675 (WIPO Aug. 18. 2020) (finding no rights or legitimate interests where “it appears more likely than not that Respondent, who has no license or permission from Complainant to use the SAP mark, or to use the SAP software, sought to trade off of the disputed domain names for Respondent’s profit.”).
Complainant argues that Respondent’s use of the disputed domain name for its security training purposes does not grant Respondent rights or legitimate interests in the disputed domain name. The Panel notes Respondent’s argument that it is making a fair use of the disputed domain name for training purposes, part of its consulting business, because it does not receive payment from the individual users of the disputed domain name, but only from their employers. The Panel finds this to be a spurious argument, as it does not matter where the payment comes from; the use of the disputed domain name is nonetheless for Respondent’s commercial gain. The fact that Respondent is a professor is irrelevant, as Respondent clearly states that the use of the disputed domain name is one of the tools it uses in its consulting business. The use of the disputed domain for training, which Respondent is paid for, does not confer any rights on Respondent. Respondent does not need to use any version of Complainant’s GOOGLE mark to conduct its consulting business. Indeed, Respondent can use any number of domain names for training upon obtaining a license if required, as in the case of a domain name incorporating a trademark. Complainant is the owner of the GOOGLE trademark and has the right to control the use of that mark as it sees fit. The Panel finds that Respondent’s use of the disputed domain name to conduct training, for which it is paid, is not a bona fide offering of goods or services or a legitimate noncommercial or fair use, and thus Respondent has no rights under under Policy ¶ 4(c)(i) or (iii).
The Panel finds that Complainant has satisfied Policy ¶ 4(a)(ii).
Complainant argues that Respondent registered and uses the <xn--ggle-vqa84c.com> domain name for bad faith attraction for commercial gain. Under Policy ¶ 4(b)(iv), using a disputed domain name to resolve to pay-per-click links is generally considered bad faith attraction for commercial gain. See Red Hat, Inc. v. Haecke, FA 726010 (Forum July 24, 2006) (finding that the respondent engaged in bad faith registration and use pursuant to Policy ¶ 4(b)(iv) by using the disputed domain names to operate a commercial search engine with links to the products of the complainant and to complainant’s competitors, as well as by diverting Internet users to several other domain names). Accordingly, the Panel finds bad faith under Policy ¶ 4(b)(iv).
The Panel again notes that it doesn’t matter if the links are “planted” for training purposes, as Respondent is not entitled to profit from the goodwill of another’s trademark without permission.
Further, the Panel observes that there is no “cybersecurity defense” that would take Respondent’s use of the disputed domain name out of the intent of Policy ¶ 4(b)(iv). See Facebook, Inc. and Instagram, LLC v. WhoisGuard Protected, WhoisGuard, Inc. / Phishing Operations, Wombat Security Technologies, D2020-3218 (WIPO Jan. 25, 2021) (finding “this case fits almost verbatim within paragraph 4(b)(iv). Respondent may sincerely believe that it has not violated the UDRP here, but the fact remains that Complainant never gave Respondent permission to use its famous trademarks in such a manner as to enhance the number of Internet users arriving at Respondent’s parent’s commercial website, and yet Respondent has done exactly that.”).
Complainant contends that Respondent registered the <xn--ggle-vqa84c.com> domain name in bad faith with actual knowledge of Complainant’s rights in the GOOGLE mark. The Panel agrees and finds that Respondent’s incorporation of the well-known GOOGLE mark into a domain name without permission constitutes bad faith under Policy ¶ 4(a)(iii). See iFinex Inc. v. xu shuaiwei, FA 1760249 (Forum Jan. 1, 2018) (“Respondent’s prior knowledge is evident from the notoriety of Complainant’s BITFINEX trademark as well as from Respondent’s use of its trademark laden domain name to direct internet traffic to a website which is a direct competitor of Complainant”).
Complainant argues that Respondent’s bad faith is further evinced by its use of a WHOIS privacy service. Under Policy ¶ 4(a)(iii), while use of a privacy service may not be demonstrative of bad faith by itself, it may add to another finding of bad faith. See Phoenix Niesley-Lindgren Watt v. Contact Privacy Inc., Customer 0150049249, FA 1800231 (Forum Sept. 6. 2018) (“In a commercial context, using a WHOIS privacy service raises the rebuttable presumption of bad faith registration and use of the disputed domain name. An honest merchant in the marketplace does not generally try to conceal the merchant’s identity. Good faith requires honesty in fact. Respondent did nothing to rebut this presumption of bad faith. Therefore, the Panel will find bad faith registration and use for this reason.”). Accordingly, the Panel finds that Respondent’s use of a privacy shield, in the circumstances of this case, contributes to a further finding of bad faith under Policy ¶ 4(a)(iii).
The Panel finds that Complainant has satisfied Policy ¶ 4(a)(iii).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <xn--ggle-vqa84c.com> domain name be TRANSFERRED from Respondent to Complainant.
Anne M. Wallace, Panelist
Honorable Karl V. Fink (retired), Panelist
Sandra J. Franklin, Panelist and Chair
Dated: June 17, 2021
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page