PARTIES' CONTENTIONS:
COMPLAINANT:
The disputed domain name is confusingly similar to the Complainants' trade marks and is an example of typosquatting. It consists in a misspelling that maintains sufficiently recognizable aspects of the Complainant’s trademarks. The only difference between the stem of the disputed domain name <hldglobql.com> and the HID GLOBAL trademark is the change of the letter "i" to the letter "l" and the letter "a" to the letter "q". These new characters still look like the letters i and a in some computer fonts. Previous similar cases before ADR Panels include WIPO Case D2018-1815 on <hidQlobal.com>, another case involving phishing, where the Panel remarked that "An Internet user, including an email recipient, would likely fail to recognize the very minor distinction in appearance between Complainant’s trademark and the disputed domain name".
The Respondent has no rights or legitimate interest in the disputed domain name, which was registered in August 2020. This was long after the Complainant had established its rights in its well-known trademarks, which the Respondent has not been authorized to use. Far from the Respondent having any rights or legitimate interest in the disputed domain name, the Respondent relied on it to conduct fraudulent activity, i.e. phishing.
This is in itself also evidence of bad faith registration and use contrary to the UDRP, and it shows that the Respondent was clearly aware that the well-known HID and HID GLOBAL trademarks were registered and being used by the Complainant. The Respondent in fact impersonated the Complainant. Furthermore, as stated in WIPO Case D2018-1815 when reaching a finding of bad faith: "Regrettably, it is not uncommon for domain names which closely approximate distinctive trademarks to be used as instruments of fraud or other abuse." An additional factor for a finding of bad faith is that the Respondent also uses an anonymization service, PERFECT PRIVACY, LLC, which is established at the same address as the registrar’s. It is difficult to see in the present case why this Respondent should need to protect its identity, except to make it difficult for the Complainant to protect its trademark rights.
ADDITIONAL CONTENTION RELATED TO THE REGISTRAR’S COMPLICITY
The registrar has provided contradictory statements to the CAC Case Administrator concerning the Respondent's identity. On 11 June 2021 it stated that "Register Holding Account is the current registrant of the hldglobql.com domain name" but also that "The registrant has submitted the Registration Agreement at the location of the principal office of the registrar." On 17 June, it maintained that "these are the correct contact details." However, an "account" clearly cannot be a registrant. A registrant's name must be that of either an organization or a person.
Further, the address mentioned in the WHOIS data provided by the registrar seems to be the registrar's own address. The registrar thus failed to share information on the actual registrant of the disputed domain name with the ADR Provider or the Complainant. By contrast, the UDRP requires that the registrar must provide the UDRP Provider with full registration data. It is unclear why the registrar does not do so for a domain name used for phishing.
The Complainant thus refers here to Decisions of previous ADR Panels such as in WIPO Case No. DCO2019-0033 -- "where a registrar breached the provisions of the Policy or Rules or its conduct otherwise threatened to undermine the proper operation of the UDRP, it might be appropriate to invite the Center to bring that failure to the attention of ICANN, with a view to ICANN undertaking such investigation into, and enforcement steps against, the registrar as it considers appropriate" -- and CAC Case 100149.
For now, the registrar's mentioned legal entity, "Register.com, Inc.", is (also) itself a proper Respondent to the Complaint, as per WIPO Case No. D2010-1945: Pandora Jewelry, LLC v. Whois Privacy Protection Service, Inc. / Lisa Xu, in which the Panel stated that “In conclusion, …, the Panel considers by parity that the relevant domain names [sic] is in fact controlled by both persons, the privacy service as public registrant and the underlying registrant and that naming both entity [sic] as Respondents respects the UDRP rules”.
RESPONDENT:
NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.
|