Bitwarden, Inc. v. Host Master / 1337 Services LLC
Claim Number: FA2301002029530
Complainant is Bitwarden, Inc. (“Complainant”), represented by Christine B Redfield of Redfield IP PC, USA. Respondent is Host Master / 1337 Services LLC (“Respondent”), Saint Kitts and Nevis.
REGISTRAR AND DISPUTED DOMAIN NAMES
The domain names at issue are <appbitwarden.com> and <bitwardenlogin.com>, registered with Tucows Domains Inc.
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Petter Rindforth as Panelist.
Complainant submitted a Complaint to Forum electronically on January 27, 2023; Forum received payment on January 27, 2023.
On January 30, 2023, Tucows Domains Inc. confirmed by e-mail to Forum that the <appbitwarden.com> and <bitwardenlogin.com> domain names are registered with Tucows Domains Inc. and that Respondent is the current registrant of the names. Tucows Domains Inc. has verified that Respondent is bound by the Tucows Domains Inc. registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On January 31, 2023, Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of February 21, 2023 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@appbitwarden.com, postmaster@bitwardenlogin.com. Also on January 31, 2023, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, Forum transmitted to the parties a Notification of Respondent Default.
On February 24, 2023, pursuant to Complainant's request to have the dispute decided by a single-member Panel, Forum appointed Petter Rindforth as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain names be transferred from Respondent to Complainant.
A. Complainant
The Complainant provides password management and security software. Complainant has rights in the BITWARDEN trademark through numerous trademark registrations, including with the United States Patent and Trademark Office (“USPTO”) (e.g., USPTO Reg. No. 5,580,631, which was registered on October 9, 2018). Respondent’s domain names are confusingly similar to the BITWARDEN trademark since each one includes the entire mark and merely adds a generic term and the “.com” generic top-level domain (“gTLD”).
Respondent lacks rights or legitimate interests in the disputed domain names since Respondent is not licensed or authorized to use Complainant’s BITWARDEN trademark, which has no meaning other than in relation to Complainant’s services. In addition, Respondent is not commonly known by the disputed domain names. Further, Respondent has no legitimate noncommercial or fair use for the domain names, as they divert Internet traffic to Respondent’s websites in furtherance of a phishing scheme.
Respondent registered and uses the disputed domain names in bad faith by seeking to capitalize on the BITWARDEN trademark. Respondent both disrupts Complainant’s business and attracts Internet users for commercial gain by diverting confused users to a webpage that is copied from Complainant’s legitimate website. Respondent is also conducting a phishing scheme.
B. Respondent
Respondent failed to submit a Response in this proceeding.
The Complainant is the owner of the following U.S. trademark registrations:
No. 5,580,631 BITWARDEN (word), registered October 9, 2018 for goods in class 9; and
No. 6,277,472 BITWARDEN (word), registered December 22, 2020 for goods and services in classes 9 and 42.
The Complainant is also the owner of the International Trademark Registration No. IR1563326 BITWARDEN (word), registered August 20, 2020, for goods and services in classes 9 and 42, and designating European Union, United Kingdom and Japan.
The disputed domain names <appbitwarden.com> and <bitwardenlogin.com> were both registered on January 23, 2023.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
Complainant claims rights in the BITWARDEN trademark through multiple trademark registrations, including with the USPTO (e.g., USPTO Reg. No. 5,580,631, which was registered on October 9, 2018). Registration of a trademark with the USPTO is a valid showing of rights in a trademark under Policy ¶ 4(a)(i). See Liberty Global Logistics, LLC v. damilola emmanuel / tovary services limited, FA 1738536 (Forum Aug. 4, 2017) (stating, “Registration of a mark with the USPTO sufficiently establishes the required rights in the mark for purposes of the Policy.”). Since Complainant provides evidence of registration of the BITWARDEN trademark with the USPTO, the Panel find that Complainant has demonstrated rights in the BITWARDEN trademark per Policy ¶ 4(a)(i).
Complainant argues that the disputed domain names are confusingly similar to its BITWARDEN trademark since they use the entire trademark while merely adding the terms “app” and “login”, as well as the “.com” gtLD. When a disputed domain name wholly incorporates another’s trademark, additional terms are inusufficient to defeat a finding of confusing similarity. See Bloomberg Finance L.P. v. Nexperian Holding Limited, FA 1782013 (Forum June 4, 2018) (“Where a relevant trademark is recognisable within a disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) does not prevent a finding of confusing similarity under the first element.”); see also The Toronto-Dominion Bank v. George Whitehead, FA 1784412 (Forum June 11, 2018) (“[S]light differences between domain names and registered marks, such as the addition of words that describe the goods or services in connection with the mark and gTLDs, do not distinguish the domain name from the mark incorporated therein per Policy ¶ 4(a)(i).”).Given that Respondent simply adds a term - that is in fact also related to the Complainant’s services - and a gTLD to the BITWARDEN trademark, the Panel find that <appbitwarden.com> and <bitwardenlogin.com> are confusingly similar to Complainant’s trademark under Policy ¶ 4(a)(i).
Once the Complainant makes a prima facie case in support of its allegations in respect of the second element of the Policy, the burden shifts to the Respondent to show that it does have rights or legitimate interests pursuant to Policy ¶ 4(a)(ii). See Advanced International Marketing Corporation v. AA-1 Corp, FA 780200 (Forum Nov. 2, 2011) (finding that a complainant must offer some evidence to make its prima facie case and satisfy Policy ¶ 4(a)(ii)); see also Neal & Massey Holdings Limited v. Gregory Ricks, FA 1549327 (Forum Apr. 12, 2014) (“Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests”).
Complainant argues that Respondent has no rights or legitimate interests in the <appbitwarden.com> and <bitwardenlogin.com> domain names because Respondent is not commonly known by the disputed domain names and Complainant has never licensed rights to or authorized Respondent to use the BITWARDEN trademark. In the absence of a response, WHOIS information may be used to determine whether a respondent is commonly known by the disputed domain name/s. See Amazon Technologies, Inc. v. Suzen Khan / Nancy Jain / Andrew Stanzy, FA 1741129 (Forum Aug. 16, 2017) (finding that respondent had no rights or legitimate interests in the disputed domain names when the identifying information provided by WHOIS was unrelated to the domain names or respondent’s use of the same). In addition, where there is no evidence to indicate a complainant has authorized the use of a mark, it may act as support that a respondent is not commonly known by a disputed domain name and thus lacks any rights or legitimate interest in the disputed domain name. See Emerson Electric Co. v. golden humble / golden globals, FA 1787128 (Forum June 11, 2018) (“lack of evidence in the record to indicate a respondent is authorized to use [the] complainant’s mark may support a finding that [the] respondent does not have rights or legitimate interests in the disputed domain name per Policy ¶ 4(c)(ii)”). The WHOIS information for the disputed domain names list the registrant as “Host Master / 1337 Services LLC.” Further, there is no evidence to suggest that Respondent was authorized, licensed rights to, or otherwise permitted to use the BITWARDEN trademark. Therefore, the Panel find that Respondent is not commonly known by, and lacks rights or legitimate interests in, the disputed domain names per Policy ¶ 4(c)(ii).
Complainant also notes that the BITWARDEN trademark has no meaning apart from Complainant’s services. Panels have determined that the more unique and distinct a trademark is, the less likely it is for a respondent to be commonly known by that trademark and have rights or legitimate interests in a disputed domain name that makes use of that mark. See G.D. Searle & Co. v. Sean, FA 129128 (Forum Dec. 27, 2002) (“[A]s Complainant's mark is a fanciful term specifically coined by Complainant, it is doubtful that anyone other than Complainant could claim to be ‘commonly known by’ a derivative of the mark.”); see also Udemy Inc. v. Milen Radumilo, FA 1694614 (Forum Nov. 23, 2016) (finding that the “fanciful” nature of complainant’s mark contributed to the presumption that respondent lacked rights and legitimate interests in a domain name containing said mark). The Panel agrees with the conclusion that the unique and original nature of the BITWARDEN trademark further support the conclusion that Respondent is not commonly known by, and lacks rights or legitimate interests in, the disputed domain names per Policy ¶ 4(c)(ii).
Further, Complainant claims that Respondent seeks to divert Internet traffic in order to conduct a phishing scheme. Previous Panels have found that use of a domain name to divert customers away from a complainant does not constitute either a bona fide offering of goods or services per Policy ¶ 4(c)(i) or a legitimate noncommercial or fair use per Policy ¶ 4(c)(iii). See Ripple Labs Inc. v. NGYEN NGOC PHUONG THAO, FA 1741737 (Forum Aug. 21, 2017) (“Respondent uses the [disputed] domain name to divert Internet users to Respondent’s website… confusing them into believing that some sort of affiliation exists between it and Complainant… [which] is neither a bona fide offering of goods or services under Policy ¶ 4(c)(i) nor a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii).”). In addition, Panels have declined to find a bona fide offering of goods or services or a legitimate noncommercial or fair use of a domain name when a respondent diverts users to a page that attempts to steal personal or financial information. See Enterprise Holdings, Inc. v. I S / Internet Consulting Services Inc., FA 1785242 (Forum June 5, 2018) (“On its face, the use of a domain name that is confusingly similar to the mark of another in order to facilitate a phishing scheme cannot be described as either a bona fide offering of goods or services under Policy ¶ 4(c)(i) or a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii).”). Here, Complainant contends that Respondent is using Google Ads to attract users to <appbitwarden.com> once they search for the term “bitwarden.” Upon clicking the ad, titled “Password Manager – Bitwarden,” users are brought to <bitwardenlogin.com> and offered a place to enter an email address, name, and password. Both domain names also prompt phishing warnings from Google or a security service. The Panel finds that Respondent is diverting Internet traffic to engage in illegal phishing, and thereby also finds that Respondent fails to satisfy Policy ¶¶ 4(c)(i) and (iii).
Complainant argues that Respondent registered and uses the <appbitwarden.com> and <bitwardenlogin.com> domain names in bad faith by capitalizing on the BITWARDEN trademark and deceiving customers as to the source of the domain names by copying Complainant’s login page. Previous Panels have determined that a respondent’s use of a domain name to attract Internet traffic to a site that passes itself off as a complainant evinces bad faith disruption of a complainant’s business pursuant to Policy ¶ 4(b)(iii). See Artistic Pursuit LLC v. calcuttawebdevelopers.com, FA 894477 (Forum Mar. 8, 2007) (finding that the respondent’s registration and use of the disputed domain name, which displayed a website virtually identical to the complainant’s website, constituted bad faith pursuant to Policy ¶ 4(b)(iii)). Passing off has also been held as evidence of bad faith attraction for commercial gain pursuant to Policy ¶ 4(b)(iv). See Bittrex, Inc. v. Wuxi Yilian LLC, FA 1760517 (Forum December 27, 2017) (finding bad faith per Policy ¶ 4(b)(iv) where “Respondent registered and uses the <lbittrex.com> domain name in bad faith by directing Internet users to a website that mimics Complainant’s own website in order to confuse users into believing that Respondent is Complainant, or is otherwise affiliated or associated with Complainant.”). As noted in the present case, Respondent first attracts users through a Google Ad that appears at the top of the search result when users search “bitwarden.” Once users arrive at <bitwardenlogin.com>, the page is identical to Complainant’s legitimate login page at <vault.bitwarden.com> (where users can access their “vault” of passwords). The Panel agrees that Respondent is impersonating Complainant and taking advantage of the BITWARDEN trademark, and the Panel therefore find bad faith under Policy ¶ 4(b)(iii) and/or Policy ¶ 4(b)(iv).
Complainant also argues that Respondent is using the disputed domain names to phish for confidential information from customers. Phishing has been used as independent evidence of bad faith per Policy ¶ 4(a)(iii). See Morgan Stanley v. Bruce Pu, FA 1764120 (Forum Feb. 2, 2018) (“[T]he screenshot of the resolving webpage allows users to input their name and email address, which Complainant claims Respondent uses that to fraudulently phish for information. Thus, the Panel agrees that Respondent phishes for information and finds that Respondent does so in bad faith under Policy ¶ 4(a)(iii).”). As described above, <appbitwarden.com> and <bitwardenlogin.com> work in tandem to attract users and invite them to enter their personal and confidential information, which they use to access their stored passwords. Complainant also adds that, once information is entered, users are redirected back to Complainant’s legitimate website. Further, Complainant provides an article written by a “security industry watchdog” about the scam. The Panel agrees, and find that Respondent’s phishing operation is indeed additional evidence of bad faith per Policy ¶ 4(a)(iii).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <appbitwarden.com> and <bitwardenlogin.com> domain names be TRANSFERRED from Respondent to Complainant.
Petter Rindforth, Panelist
Dated: February 26, 2023
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page