Bitwarden, Inc. v. Ankur Gupta
Claim Number: FA2304002040219
Complainant is Bitwarden, Inc. (“Complainant”), represented by Christine B. Redfield of Redfield IP PC, California, USA. Respondent is Ankur Gupta (“Respondent”), India.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <bitwardenaccount.net>, registered with Hosting Concepts B.V. d/b/a Registrar.eu.
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Paul M. DeCicco, as Panelist.
Complainant submitted a Complaint to Forum electronically on April 16, 2023; Forum received payment on April 16, 2023.
On April 17, 2023, Hosting Concepts B.V. d/b/a Registrar.eu confirmed by e-mail to Forum that the <bitwardenaccount.net> domain name is registered with Hosting Concepts B.V. d/b/a Registrar.eu and that Respondent is the current registrant of the name. Hosting Concepts B.V. d/b/a Registrar.eu has verified that Respondent is bound by the Hosting Concepts B.V. d/b/a Registrar.eu registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On April 19, 2023, Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of May 9, 2023 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@bitwardenaccount.net. Also on April 19, 2023, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, Forum transmitted to the parties a Notification of Respondent Default.
On May 12, 2023, pursuant to Complainant's request to have the dispute decided by a single-member Panel, Forum appointed Paul M. DeCicco as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain name be transferred from Respondent to Complainant.
A. Complainant
Complainant contends as follows:
Complainant, Bitwarden, Inc., provides password management and security software.
Complainant has rights in the BITWARDEN mark through trademark registrations, including with the United States Patent and Trademark Office (“USPTO”) as well as any of it other registrations worldwide.
Respondent’s <bitwardenaccount.net> domain name is confusingly similar to the BITWARDEN mark as it uses the entire mark, merely adding a generic term. The resolving webpage is also likely to cause consumer confusion.
Respondent lacks rights or legitimate interests in the <bitwardenaccount.net> domain name since Respondent is not licensed or authorized to use Complainant’s BITWARDEN mark and is not commonly known by the at-issue domain name. The BITWARDEN mark is also a made-up term. Additionally, Respondent does not use the at-issue domain name for any bona fide offering of goods or services or legitimate noncommercial or fair use. Rather, Respondent seeks to mislead and divert consumers with a website that imitates Complainant that Respondent uses for phishing.
Respondent registered and uses the <bitwardenaccount.net> domain name in bad faith by capitalizing off of the BITWARDEN mark and falsely associating themselves with Complainant. Respondent is also engaged in a phishing scheme. Finally, Respondent had constructive and/or actual knowledge of Complainant’s rights in the BITWARDEN mark.
B. Respondent
Respondent failed to submit a Response in this proceeding.
Complainant has rights in the BITWARDEN mark.
Respondent is not affiliated with Complainant and has not been authorized to use Complainant’s trademark in any capacity.
Respondent registered the at‑issue domain name after Complainant acquired rights in the BITWARDEN trademark.
Respondent uses the at-issue domain name pass itself off as Complainant in furtherance of a phishing scheme.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
The at-issue domain name is confusingly similar to a trademark in which Complainant has rights.
Complainant’s ownership of a USPTO trademark registration or ownership of any other national registration for its BITWARDEN mark is sufficient to demonstrate Complainant’s rights in such mark for the purposes of Policy ¶ 4(a)(i). See Microsoft Corp. v. Burkes, FA 652743 (Forum Apr. 17, 2006) (“Complainant has established rights in the MICROSOFT mark through registration of the mark with the USPTO.”).
Respondent’s at-issue domain name contains Complainant’s BITWARDEN trademarks followed by the term “account” and with all followed by the “.net” top level domain name. The differences between Respondent’s <bitwardenaccount.net> domain name and Complainant’s BITWARDEN trademark are insufficient to distinguish the at-issue domain name from Complainant’s trademark for the purposes of the Policy. Therefore, the Panel finds that Respondent’s <bitwardenaccount.net> domain name is confusingly similar to Complainant’s trademark pursuant to Policy ¶ 4(a)(i). See Bloomberg Finance L.P. v. Nexperian Holding Limited, FA 1782013 (Forum June 4, 2018) (“Where a relevant trademark is recognizable within a disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) does not prevent a finding of confusing similarity under the first element.”).
Under Policy ¶ 4(a)(ii), Complainant must first make out a prima facie case showing that Respondent lacks rights and legitimate interests in respect of an at-issue domain name and then the burden, in effect, shifts to Respondent to come forward with evidence of its rights or legitimate interests. See Hanna-Barbera Prods., Inc. v. Entm’t Commentaries, FA 741828 (Forum Aug. 18, 2006). Since Respondent failed to respond, Complainant’s prima facie showing acts conclusively.
Respondent lacks both rights and legitimate interests in respect of the at-issue domain name. Respondent is not authorized to use Complainant’s trademark in any capacity and as discussed below there are no Policy ¶4(c) circumstances from which the Panel might find that Respondent has rights or interests in respect of the at‑issue domain name. See Emerson Electric Co. v. golden humble / golden globals, FA 1787128 (Forum June 11, 2018) (“lack of evidence in the record to indicate a respondent is authorized to use [the] complainant’s mark may support a finding that [the] respondent does not have rights or legitimate interests in the disputed domain name per Policy ¶ 4(c)(ii)”)
WHOIS information for the at-issue domain name identifies the domain name’s registrant as “Ankur Gupta” and the record before the Panel contains no evidence that otherwise tends to prove that Respondent is commonly known by the <bitwardenaccount.net> domain name. The Panel therefore concludes that Respondent is not commonly known by the at-issue domain name for the purposes of Policy ¶ 4(c)(ii). See Coppertown Drive-Thru Sys., LLC v. Snowden, FA 715089 (Forum July 17, 2006) (concluding that the respondent was not commonly known by the <coppertown.com> domain name where there was no evidence in the record, including the WHOIS information, suggesting that the respondent was commonly known by the disputed domain name).
Respondent’s confusingly similar domain name addresses a website that mimics Complainant’ genuine website. Respondent poses as Complainant through the at-issue domain name and its associated website to deceive BITWARDEN users into giving up confidential information, i.e. their login information for Complainant’s password manager, to Respondent. Respondent’s use of the at-issue domain name in this manner constitutes neither a bona fide offering of goods or services under Policy ¶ 4(c)(i), nor a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii). See Ripple Labs Inc. v. NGYEN NGOC PHUONG THAO, FA 1741737 (Forum Aug. 21, 2017) (“Respondent uses the [disputed] domain name to divert Internet users to Respondent’s website… confusing them into believing that some sort of affiliation exists between it and Complainant… [which] is neither a bona fide offering of goods or services under Policy ¶ 4(c)(i) nor a legitimate noncommercial or fair use under Policy ¶ 4(c)(iii).”); see also, DaVita Inc. v. Cynthia Rochelo, FA 1738034 (Forum July 20, 2017) (”Passing off in furtherance of a phishing scheme is not considered a bona fide offering of goods or services or legitimate noncommercial or fair use.”); see also, Mortgage Research Center LLC v. Miranda, FA 993017 (Forum July 9, 2007) (“Because [the] respondent in this case is also attempting to pass itself off as [the] complainant, presumably for financial gain, the Panel finds the respondent is not using the <mortgageresearchcenter.org> domain name for a bona fide offering of goods or services pursuant to Policy ¶ 4(c)(i), or a legitimate noncommercial or fair use pursuant to Policy ¶ 4(c)(iii).”).
Given the forgoing, Complainant satisfies its initial burden and demonstrates Respondent’s lack of rights and lack of legitimate interests in respect of the at-issue domain name pursuant to Policy ¶ 4(a)(ii).
Respondent’s <bitwardenaccount.net> domain name was registered and used in bad faith. As discussed below without being exhaustive, bad faith circumstances are present that allow the Panel to conclude that Respondent acted in bad faith pursuant to paragraph 4(a)(iii) of the Policy.
First and as mentioned above regarding rights and legitimate interests, Respondent registered and uses <bitwardenaccount.net> to mimic Complainant’s website and pass itself off as Complainant to attract internet traffic to the <bitwardenaccount.net> website. Doing so shows Respondent’s bad faith under Policy ¶ 4(b)(iii) and Policy ¶ 4(b)(iv). See Artistic Pursuit LLC v. calcuttawebdevelopers.com, FA 894477 (Forum Mar. 8, 2007) (finding that the respondent’s registration and use of the disputed domain name, which displayed a website virtually identical to the complainant’s website, constituted bad faith pursuant to Policy ¶ 4(b)(iii)); see also, Bittrex, Inc. v. Wuxi Yilian LLC, FA 1760517 (Forum Dec. 27, 2017) (finding bad faith per Policy ¶ 4(b)(iv) where “Respondent registered and uses the <lbittrex.com> domain name in bad faith by directing Internet users to a website that mimics Complainant’s own website in order to confuse users into believing that Respondent is Complainant, or is otherwise affiliated or associated with Complainant.”).
Next, Respondent uses the at-issue domain name to facilitate a phishing scheme designed to extract confidential password manager account credentials from bona fide users of Complainant’s BITWARDEN password manager. The scheme operates by duping BITWARDEN users into believing they are dealing with Complainant so that they enter their actual BITWARDEN account information into a login page displayed on Respondent’s bogus <bitwardenaccount.net> website. Respondent can then use the inadvertent disclosures to gain access to such users’ password repositories. Respondent’s use of the at-issue domain name to phish for confidential information further shows Respondent’s bad faith registration and use of <bitwardenaccount.net> under Policy ¶ 4(a)(iii). See Morgan Stanley v. Bruce Pu, FA 1764120 (Forum Feb. 2, 2018) (“[T]he screenshot of the resolving webpage allows users to input their name and email address, which Complainant claims Respondent uses that to fraudulently phish for information. Thus, the Panel agrees that Respondent phishes for information and finds that Respondent does so in bad faith under Policy ¶ 4(a)(iii).”); see also, Juno Online Servs., Inc. v. Nelson, FA 241972 (Forum Mar. 29, 2004) (“‘Phishing’ involves the use of e-mails, pop-ups or other methods to trick Internet users into revealing credit cards, passwords, social security numbers and other personal information to the ‘phishers’ who intend to use such information for fraudulent purposes.”).
Moreover, Respondent registered the <bitwardenaccount.net> domain name knowing that Complainant had trademark rights in BITWARDEN. Respondent’s actual knowledge of Complainant’s rights in BITWARDEN is evident from the notoriety of Complainant’s trademark and from Respondent’s use of <bitwardenaccount.net> and its associated website to address a website impersonating Complainant’s genuine website. Respondent’s prior knowledge of Complainant's BITWARDEN trademark further establishes Respondent’s bad faith under the Policy. See Minicards Vennootschap Onder FIrma Amsterdam v. Moscow Studios, FA 1031703 (Forum Sept. 5, 2007) (holding that respondent registered a domain name in bad faith under Policy ¶ 4(a)(iii) after concluding that respondent had "actual knowledge of Complainant's mark when registering the disputed the disputed domain name”).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <bitwardenaccount.net> domain name be TRANSFERRED from Respondent to Complainant.
Paul M. DeCicco, Panelist
Dated: May 15, 2023
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page