AA Limited and AA Brand Management Limited v. WhoisSecure
Claim Number: FA2212002023202
Complainants are AA Limited and AA Brand Management Limited (“Complainant”), represented by Dino Kusanovic of Demys Limited, United Kingdom. Respondent is WhoisSecure (“Respondent”), US.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <theaa.uk.com>, registered with OwnRegistrar, Inc..
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Steven M. Levy, Esq. as Panelist.
Complainant submitted a Complaint to Forum electronically on December 8, 2022; Forum received payment on December 8, 2022.
On December 12, 2022, OwnRegistrar, Inc. confirmed by e-mail to Forum that the <theaa.uk.com> domain name is registered with OwnRegistrar, Inc. and that Respondent is the current registrant of the name. OwnRegistrar, Inc. has verified that Respondent is bound by the OwnRegistrar, Inc. registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with the CentralNic Dispute Resolution Policy (the “CDRP Policy”).
On December 13, 2022, Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of January 3, 2023 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@theaa.uk.com. Also on December 13, 2022, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, Forum transmitted to the parties a Notification of Respondent Default.
On January 5, 2023, pursuant to Complainant's request to have the dispute decided by a single-member Panel, Forum appointed Steven M. Levy, Esq. as Panelist.
Having reviewed the communications records, the Administrative Panel (the “Panel”) finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules to the CDRP Dispute Resolution Policy (“Rules”). Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the CDRP Policy, CDRP Rules, the Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain name be transferred from Respondent to Complainant.
Preliminary Issue: Multiple Complainants
In the present case there are two named Complainants. The relevant rules governing multiple complainants are UDRP Rule 3(a) and the Forum’s Supplemental Rule 1(e). UDRP Rule 3(a) states, “Any person or entity may initiate an administrative proceeding by submitting a complaint.” The Forum’s Supplemental Rule 1(e) defines “The Party Initiating a Complaint Concerning a Domain Name Registration” as a “single person or entity claiming to have rights in the domain name, or multiple persons or entities who have a sufficient nexus who can each claim to have rights to all domain names listed in the Complaint.”
The two named Complainants in this matter are AA Limited and AA Brand Management Limited. Complainant states that these “are two entities within a group of related companies”.
Previous panels have interpreted the Forum’s Supplemental Rule 1(e) to allow multiple parties to proceed as one party where they can show a sufficient link to each other. For example, in Vancouver Org. Comm. for the 2010 Olympic and Paralymic Games & Int’l Olympic Comm. v. Malik, FA 666119 (Forum May 12, 2006), the panel stated:
It has been accepted that it is permissible for two complainants to submit a single complaint if they can demonstrate a link between the two entities such as a relationship involving a license, a partnership or an affiliation that would establish the reason for the parties bringing the complaint as one entity.
See also Sizzler USA Franchise, Inc., Sizzler International Marks, LLC and Sizzler Restaurants Group Pty Ltd. v. 88DB Hong Kong Limited / Patrick Ng, FA 1479053 (Forum Feb. 16, 2013) (consolidation of multiple complainants found to be appropriate where the “Panel is satisfied that the three named complainants, Sizzler USA Franchise, Inc., Sizzler International Marks, LLC and Sizzler Restaurants Group Pty Ltd. are part of an international group of companies which owns and controls the SIZZLER trademark. It is said that each named Complainant has sufficient interest in the SIZZLER mark to object to the disputed domain name under the Policy in its own right.”)
In the present case, the Complaint has noted the relationship between the two named Complainants – the first is a trading entity and the second is an intellectual property holding company. This is not an uncommon corporate arrangement and Respondent has provided no response or other submission in this case and so it has not contested this relationship. Under these circumstances the Panel holds that the there is a link between the two named Complainants and that they have a sufficient nexus and a specific common grievance against the Respondent who has engaged in a common action that has affected the Complainants’ in a similar fashion.
For the sake of simplicity, AA Limited and AA Brand Management Limited will hereafter be referred to in this decision as “Complainant” unless otherwise noted.
A. Complainant
Complainant is a British motoring association founded by its predecessor in 1905, which provides car insurance, driving lessons, breakdown cover, loans, motoring advice, road maps and other services. In the last financial year, the Complainants served 12m personal members and business customers which resulted in trading revenue of GBP £989m (c. USD $1,195m). Complainant has registered rights in the AA trademark in the United Kingdom and the European Union (e.g., Trademark No. UK00000362557 registered on July 14, 1914) as well as common law rights in the mark THE AA through its longstanding use in commerce. It also operates a website at the address www.theaa.com. Respondent’s <theaa.uk.com> domain name is identical or confusingly similar to Complainant’s mark as it incorporates the mark in its entirety while omitting the space between the word “the” and “aa”, adding the “.uk” country code and the “.com” gTLD.
Respondent lacks rights and legitimate interests in the <theaa.uk.com> domain name. Respondent is not commonly known by the disputed domain name, nor has Complainant authorized or licensed Respondent to use it’s the AA mark in the disputed domain name. Respondent does not use the disputed domain name for any bona fide offering of goods or services, nor a legitimate noncommercial or fair use, but instead it engages in a phishing scheme. Additionally, the domain name remains inactive after Complainant was successful in having the relevant hosting provider take down Respondent’s website.
Respondent registered or uses the <theaa.uk.com> domain name in bad faith. Respondent engages in phishing activity and uses a privacy service to hide its identity. Additionally, Respondent’s domain name currently remains inactive.
B. Respondent
Respondent failed to submit a Response in this proceeding.
- The two named Complainants may be consolidated into this proceeding;
- Complainants have demonstrated the ownership of registered rights in the AA trademark as well as common law trademark rights in the mark THE AA;
- The <theaa.uk.com> domain name is identical or confusingly similar to Complainants’ above-mentioned trademarks;
- Respondent has no rights or legitimate interests in the disputed domain name where it is used to impersonate Complainants and carry out a phishing or other fraudulent scheme; and
- The use of the disputed domain name for phishing and fraud indicates that it was registered and is used in bad faith.
Paragraph 15(a) of the Rules instructs this Panel to “decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable.”
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered or is being used in bad faith.
The CDRP also requires that Complainant have participated in a CentralNic Mediation, and that said mediation must have been terminated prior to the consideration of the Complaint.
Given the similarity between the Uniform Domain Name Dispute Resolution Policy (“UDRP”) and the CDRP Policy, the Panel will draw upon UDRP precedent as applicable in rendering its decision.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
Complainant claims registered trademark rights in the AA mark as well as common law rights in the mark THE AA. Under Policy ¶ 4(a)(i), registration with an appropriate government agency will satisfy the required showing that rights are present in an asserted trademark. B HDR Global Trading Limited v. David Czinczenheim, FA 2007568 (Forum Sep. 8, 2022) (“It is well established by decisions under this Policy that a trademark registered with a national authority is evidence of trademark rights. * * * Complainant therefore has rights as it provides proof of its registration of the trademark BITMEX with the EUIPO, a pan-national trademark authority”.) See also Microsoft Corporation v. Story Remix / Inofficial, FA 1734934 (Forum July 10, 2017) (finding that “The Policy does not require a complainant to own a registered trademark prior to a respondent’s registration if it can demonstrate established common law rights in the mark.”) Here, Complainant has submitted screenshots from the websites of the United Kingdom Intellectual Property Office (“UKIPO”) and the European Intellectual Property Office (“EUIPO”) depicting registrations of the AA trademark. It also submits screenshots from its www.theaa.com website, its Twitter, Facebook, and Instagram pages, as well as copies of news articles dating back to 1933, each of which refer to Complainant as “The AA”. On the basis of this evidence, the Panel finds that Complainant has demonstrated both registered rights in the AA mark as well as common law rights in the trademark THE AA.
Next, Complainant argues that Respondent’s <theaa.uk.com> domain name is identical or confusingly similar to Complainant’s AA and THE AA marks. Under Policy ¶ 4(a)(i), where a domain name incorporates a mark in its entirety while adding a gTLD is insufficient in differentiating from the mark. See Licensing IP International S.à.r.l. v. Kayshauri Teymuraz Garevich, FA 2021615 (Forum Dec. 31, 2022) (“Respondent’s <pornhub.promo> domain name is identical to Complainant’s mark as it wholly incorporates the mark and adds the inconsequential ‘.promo’ generic top-level-domain (‘gTLD’), which may be ignored.”) Additionally, omitting the space in a mark is not sufficient in differentiating from the mark. See Research Now Group, Inc. v. Pan Jing, FA 1735345 (Forum July 14, 2017) (“The … elimination of spacing [is] considered irrelevant when distinguishing between a mark and a domain name.”) The disputed domain name incorporates both the AA and THE AA marks in their entirety while omitting the space, and adding the “.uk” country code and the “.com” gTLD. As such, the Panel finds that Respondent’s domain name is identical or confusingly similar to Complainant’s marks under Policy ¶ 4(a)(i).
Complainant must first make a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain name under Policy ¶ 4(a)(ii). Should it succeed in this effort, the burden then shifts to Respondent to show that it does have rights or legitimate interests. See Advanced International Marketing Corporation v. AA-1 Corp, FA 780200 (Forum Nov. 2, 2011) (finding that a complainant must offer some evidence to make its prima facie case and satisfy Policy ¶ 4(a)(ii)); see also Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”).
Complainant contends that Respondent is not commonly known by the <theaa.uk.com> domain name, nor has Complainant authorized or licensed Respondent to use its AA or THE AA marks in the disputed domain name. Under Policy ¶ 4(c)(ii) relevant WHOIS information may inform the question of whether a Respondent is commonly known by a disputed domain name. See Instron Corp. v. Kaner, FA 768859 (Forum Sept. 21, 2006) (finding that the respondent was not commonly known by the disputed domain names because the WHOIS information listed “Andrew Kaner c/o Electromatic a/k/a Electromatic Equip't” as the registrant and there was no other evidence in the record to suggest that the respondent was commonly known by the domain names in dispute). Additionally, lack of authorization to use a complainant’s mark may indicate that the respondent is not commonly known by the disputed domain name. See PragmaticPlay Limited v. Robert Chris, FA 1932464 (Forum Mar. 23, 2021) (“The WHOIS information of record lists the registrant as ‘Robert Chris,’ and no other information of record suggests Respondent is commonly known by the domain name. Therefore, the Panel finds that Respondent is not commonly known by the disputed domain name under Policy ¶ 4(c)(ii).”) The WHOIS information for the <theaa.uk.com> domain name identifies Respondent as “WhoisSecure” and so this provides no information that is helpful to Respondent. Further, Complainant states that “[t]he Respondent is not a licensee of the Complainants and has not received any permission or consent from either Complainant to use their marks or any variation of their marks.” As Respondent has not come forward with any assertion or evidence to the contrary, the Panel finds no ground upon which to conclude that Respondent is commonly known by the disputed domain name under Policy ¶ 4(c)(ii).
Next, Complainant contends that Respondent is not using the <theaa.uk.com> domain name for any bona fide offering of goods or services and that it is not making any noncommercial or fair use because it is engaged in phishing activities. Under Policy ¶¶ 4(c)(i) and (iii) phishing and other forms of fraud are clearly not considered a bona fide offering of goods or services, nor any legitimate noncommercial or fair use. See United States Postal Service v. Kehinde Okunola / Genuine ICT Centre, FA 1785420 (Forum June 6, 2018) (“Respondent uses the <uspscouriers.com> domain name both to sell services competing with the business of Complainant and to phish for personal identification information from Internet users. Neither of these uses of the domain name constitutes a bona fide offering of goods or services under Policy ¶ 4(c)(i) or a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii) such as would confirm in Respondent rights to or legitimate interests in the domain name as provided in those subsections of the Policy.”) Additionally, after Complainant successfully had Respondent’s phishing site taken down by the relevant hosing provider, the domain name has become inactive. Hosting an inactive domain name is also not a bona fide offering of goods or services or a legitimate noncommercial or fair use. See Morgan Stanley v. Francis Mccarthy / Baltec Marine Llc, FA 1785347 (Forum June 8, 2018) (“both Domain Names resolve to a web site that shows the words, ‘Not Found, The requested URL / was not found on this server.’ Inactive holding of a domain name does not qualify as a bona fide offering of goods or services within the meaning of Policy ¶ 4(c)(i), or a legitimate non-commercial or fair use within the meaning of Policy ¶ 4(c)(iii).”) Complainant provides screenshots of the website that formerly resolved from the disputed domain name and this copies images, text, and the look and feel of Complainant’s own www.theaa.com website. It also displays links to “Get a Quote” and for “Existing Members” to access a log-in page, as well as phone numbers which a user may call to “buy breakdown cover” or “change or discuss your cover”. All of the pages on Respondent’s site conclude with the footer “© Automobile Association Developments Ltd. 2022”, the identical footer used on Complainant’s legitimate site. Complainant asserts that Respondent uses the <theaa.uk.com> website to phish for users’ personal information and notes that it has been the target of similar attacks in the past, citing the decision of Withheld for Privacy Purposes, Privacy service provided by Withheld for Privacy ehf / Pat Bool, D2021-1568 (WIPO July 8, 2021) in which the domain name <theaa-services.com> was ordered to be transferred where it was used for “the redirection of Internet users to a website designed to mimic the Complainants’ website in order to gather their personal data and financial information”. At present, the website is inactive as the hosting provider took it down in response to Complainant’s take-down request, a copy of which has also been submitted into evidence. Based on Complainant’s submissions and the lack of Respondent’s participation in this case, the Panel finds, by a preponderance of the evidence, that Respondent was, until recently, impersonating Complainant in furtherance of a phishing scheme and is not using the disputed domain name for any bona fide offering of goods or services, nor is it making any legitimate noncommercial or fair use thereof under Policy ¶¶ 4(c)(i) and (iii).
Complainant states that Respondent registered and uses the disputed domain name in bad faith per Policy ¶ 4(a)(iii). It does not specifically address Policy ¶ 4(b) but the Panel will nevertheless look at the totality of the circumstances and reach its own conclusion based on the evidence presented.
Additionally, Complainant contends that Respondent registered or uses the <theaa.uk.com> domain name in bad faith based upon its use of a privacy service to hide its identity. Under Policy ¶ 4(a)(iii), using a privacy service to hide one’s identity may present additional evidence of bad faith. See Robert Half International Inc. v. robert arran, FA 1764367 (Forum Feb. 5. 2018) (“Respondent's use of a privacy registration service in an attempt to conceal his identity, though not itself dispositive, is a further indication of bad faith.”) The Panel notes that the verification message from the concerned Registrar to the Forum shows that Respondent uses a multi-layered privacy service to hide its identity and, viewed against the backdrop of the impersonation and phishing activity carried out at the <theaa.uk.com> website the Panel finds this to lend further support to its finding that Respondent registered and uses the domain name in bad faith under Policy ¶ 4(a)(iii).
Having established all three elements required under the CDRP Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <theaa.uk.com> domain name be TRANSFERRED from Respondent to Complainant.
Steven M. Levy, Esq., Panelist
Dated: January 10, 2023
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page