Bitwarden, Inc. v. umesh sah
Claim Number: FA2210002018163
Complainant is Bitwarden, Inc. (“Complainant”), represented by Christine B Redfield of Redfield IP PC, California, USA. Respondent is umesh sah (“Respondent”), Nepal.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <bitwarden.icu> (“Domain Name”), registered with Sav.com, LLC.
The undersigned certifies that he or she has acted independently and impartially and to the best of his or her knowledge has no known conflict in serving as Panelist in this proceeding.
Nicholas J.T. Smith as Panelist.
Complainant submitted a Complaint to Forum electronically on October 28, 2022; Forum received payment on October 28, 2022.
On October 31 2022, Sav.com, LLC confirmed by e-mail to Forum that the <bitwarden.icu> domain name is registered with Sav.com, LLC and that Respondent is the current registrant of the name. Sav.com, LLC has verified that Respondent is bound by the Sav.com, LLC registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On November 3, 2022, Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of November 23, 2022 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@bitwarden.icu. Also on November 3, 2022, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, Forum transmitted to the parties a Notification of Respondent Default.
On December 1, 2022, pursuant to Complainant's request to have the dispute decided by a single-member Panel, Forum appointed Nicholas J.T. Smith as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the Domain Name be transferred from Respondent to Complainant.
A. Complainant
Complainant is a United States software company offering password management and related security software, which is available through its website at www.bitwarden.com (“Complainant’s Website”). Complainant claims rights in the BITWARDEN mark through its registration with multiple trademark agencies, including the United States Patent and Trademark Office (“USPTO”)(e.g. Reg. No. 5,580,631, registered October 9, 2018). The <bitwarden.icu> domain name is confusingly similar to Complainant’s BITWARDEN mark as it contains the BITWARDEN mark in its entirety and merely adds the generic top level domain (“gTLD”) “.icu”.
Complainant contends Respondent has no rights or legitimate interests in the <bitwarden.icu> domain name. Respondent is not commonly known by the Domain Name, nor has Complainant authorized or licensed Respondent to use its BITWARDEN mark in the Domain Name. Respondent is not using the Domain Name in connection with any bona fide offering of goods and services or for any legitimate or fair use because Respondent uses the Domain Name to pass off as Complainant by mimicking its webpage in furtherance of a phishing scheme.
Respondent registered and uses the <bitwarden.icu> domain name in bad faith because the Domain Name was registered for the purpose of disrupting Complainant’s business and intentionally attracting, for commercial gain, Internet users to its website by passing off as Complainant. Additionally, Respondent had actual knowledge of Complainant’s rights in the BITWARDEN mark the time the Domain Name was registered since the website at the Domain Name (“Respondent’s Website”) is identical to the Complainant’s Website.
B. Respondent
Respondent failed to submit a Response in this proceeding.
Complainant holds trademark rights for the BITWARDEN mark. The Domain Name is identical to Complainant’s BITWARDEN mark. Complainant has established that Respondent lacks rights or legitimate interests in the use of the Domain Name and that Respondent registered and has used the Domain Name in bad faith.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
Complainant has rights in the BITWARDEN mark based on registration with the USPTO (e.g Reg. No. 5,580,631, registered October 9, 2018). Registration of a mark with the USPTO sufficiently confers a complainant’s rights in a mark for the purposes of Policy ¶ 4(a)(i). See Target Brands, Inc. v. jennifer beyer, FA 1738027 (Forum July 31, 2017) ("Complainant has rights in its TARGET service mark for purposes of Policy ¶ 4(a)(i) by virtue of its registration of the mark with a national trademark authority, the United States Patent and Trademark Office (“USPTO”).”).
The Panel finds that the <bitwarden.icu> Domain Name is identical to the BITWARDEN mark as it fully incorporates the BITWARDEN mark and adds the “.icu” gTLD. See Dell Inc. v. Protection of Private Person / Privacy Protection, FA 1681432 (Forum Aug. 1, 2016) (“A TLD (whether a gTLD, sTLD or ccTLD) is disregarded under a Policy ¶ 4(a)(i) analysis because domain name syntax requires TLDs.”).
The Panel finds Complainant has satisfied Policy ¶ 4(a)(i).
Complainant alleges that Respondent holds no rights or legitimate interests in the Domain Name. In order for Complainant to succeed under this element, it must first make a prima facie case that Respondent lacks rights and legitimate interests in the Domain Name under Policy ¶ 4(a)(ii), and then the burden shifts to Respondent to show it does have rights or legitimate interests. See Hanna-Barbera Prods., Inc. v. Entm’t Commentaries, FA 741828 (Forum Aug. 18, 2006) and AOL LLC v. Gerberg, FA 780200 (Forum Sept. 25, 2006) (“Complainant must first make a prima facie showing that Respondent does not have rights or legitimate interest in the subject domain names, which burden is light. If Complainant satisfies its burden, then the burden shifts to Respondent to show that it does have rights or legitimate interests in the subject domain names.”). The Panel holds that Complainant has made out a prima facie case.
Complainant asserts that Respondent has no rights or legitimate interests in the Domain Name as Respondent is not commonly known by the Domain Name, nor has Complainant authorized Respondent to use the BITWARDEN mark. Respondent has no relationship, affiliation, connection, endorsement or association with Complainant. WHOIS information can help support a finding that a respondent is not commonly known by the disputed domain name, especially where a privacy service has been engaged. See State Farm Mutual Automobile Insurance Company v. Dale Anderson, FA1504001613011 (Forum May 21, 2015) (concluding that because the WHOIS record lists “Dale Anderson” as the registrant of the disputed domain name, the respondent was not commonly known by the <statefarmforum.com> domain name pursuant to Policy ¶ 4(c)(ii)); see also Kohler Co. v. Privacy Service, FA1505001621573 (Forum July 2, 2015) (holding that the respondent was not commonly known by the disputed domain name pursuant to Policy ¶ 4(c)(ii) where “Privacy Service” was listed as the registrant of the disputed domain name). The WHOIS lists “umesh sah” as registrant of record. Coupled with Complainant’s unrebutted assertions as to absence of any affiliation or authorization between the parties, the Panel finds that Respondent is not commonly known by the Domain Name in accordance with Policy ¶ 4(c)(ii).
The Domain Name is presently inactive but prior to the commencement of the proceeding resolved to the Respondent’s Website, which is an identical copy of the Complainant’s Website. It would have been possible for consumers hoping to use Complainant’s services to visit Respondent’s Website under the misapprehension that they are visiting the Complainant’s Website and provide personal information to Respondent which could be used to allow Respondent to commit fraud on those consumers. Such conduct is best characterized as “phishing”. Respondent’s use of the Domain Name to impersonate Complainant for the purpose of engaging in a phishing scheme to acquire confidential information is not a bona fide offering of goods or services or a legitimate noncommercial or fair use per Policy ¶¶ 4(c)(i) or (iii). See Bittrex, Inc. v. Caroline Alves Maia, FA 1796113 (Forum Aug. 6, 2018) (finding the respondent lacked rights and legitimate interests in the domain name because it used the name to resolve to a website virtually identical to the complainant’s to prompt users to enter their login information so that the respondent may gain access to that customer’s cryptocurrency account); see also Caterpillar Inc. v. ruth weinstein, FA 1770352 (Forum Mar. 7, 2018) (“Use of a disputed domain name in an attempt to pass itself off as a complainant and to conduct a phishing scheme is indicative of a failure to use said domain name in connection with a bona fide offer of goods and services per Policy ¶ 4(c)(i) or a legitimate noncommercial or otherwise fair use per Policy ¶ 4(c)(iii).”).
The Panel finds Complainant has satisfied Policy ¶ 4(a)(ii).
The Panel finds on the balance of probabilities that at the time Respondent registered the Domain Name, September 21, 2022, Respondent had actual knowledge of Complainant’s BITWARDEN mark. There is no obvious reason (and none has been provided) as to why an entity would register the Domain Name consisting of the BITWARDEN mark and redirect it to a website which is almost an exact copy of the Complainant’s website other than to deceive Internet users into believing an affiliation exists between Complainant and Respondent. In the absence of rights or legitimate interests of its own this demonstrates registration in bad faith under Policy ¶ 4(a)(iii).
The Panel finds that Respondent registered and uses the Domain Name in bad faith as Respondent uses or has used the Domain Name to impersonate Complainant in furtherance of a phishing scheme. Use of a disputed domain name to impersonate a complainant in furtherance of a phishing scheme is evidence of bad faith per Policy ¶ 4(a)(iii). See Google Inc. v. Domain Admin / Whois Privacy Corp., FA1506001622862 (Forum Aug. 10, 2015) (finding that the respondent’s apparent use of the disputed domain name in furtherance of a ‘phishing’ scheme further established its bad faith registration and use of the disputed domain name under Policy ¶ 4(a)(iii)). Accordingly, the Panel finds that Respondent registered and uses the Domain Name in bad faith pursuant to Policy ¶ 4(a)(iii).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <bitwarden.icu> domain name be TRANSFERRED from Respondent to Complainant.
Nicholas J.T. Smith, Panelist
Dated: December 2, 2022
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page