{
    "case_number": "CAC-UDRP-103841",
    "time_of_filling": "2021-06-07 09:26:05",
    "domain_names": [
        "hLdglobQl.com"
    ],
    "case_administrator": "Denisa Bilík (CAC) (Case admin)",
    "complainant": [
        " ASSA ABLOY AB"
    ],
    "complainant_representative": "Coöperatieve Vereniging SNB-REACT U.A.",
    "respondent": [
        "Register.com, Inc. (\"Register Holding Account\")"
    ],
    "respondent_representative": null,
    "factual_background": "FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:\r\n\r\nThe Complainant, ASSA ABLOY, is a global leader in door opening solutions with sales of 94 billion Swedish krona in 2019 (€9.2 billion or nearly $11 billion). It has a presence in over seventy countries and a market leading position in Europe, North America and the Asia Pacific region. About 70% of the group’s total sales fall under the ASSA ABLOY master brand, while 20% are under Yale (home access and security) and HID (identification technology), of which HID GLOBAL forms a sub-brand.\r\n\r\nOn 4 September 2020 a phishing mail was sent from an e-mail address employing the disputed domain name. It attached false \"updated bank information\" and requested recipients to ensure that they made payment using it before the end of the week. An image file was used in the mail to display the Complainant's HID figurative mark. The Complainant's correct domain name <hidglobal.com> was furthermore given in the corporate details along with the address of offices of the Complainant at Fort Lauderdale in the United States.\r\n\r\nThe Complainant was made aware of the fraudulent mail. On 5 January 2021, the Complainant's Authorized Representative sent an abuse report regarding the disputed domain name to the registrar, Register.com. However, the Complainant received no response. \r\n\r\nAt the time of opening the present proceeding, the Complainant took a screenshot of a Register.com page offering the disputed domain name for sale by means of \"backorder\", that is, by means of the registrar entering into contact with the registrant on behalf of a buyer.\r\n\r\nThe CAC Case Administrator requested the registrar's verification of the disputed domain name details on 4 June 2021 and was obliged to send reminders to the registrar on 8 and 10 June. The registrar's response was finally received on 11 June 2021.\r\n\r\nThe Registrar confirmed that \"Register Holding Account\" as the name for the registrant. It also affirmed that \"The registrant has submitted the Registration Agreement at the principal office of the registrar\" and other details incidental to the ADR process. The postal address the registrar provided for the registrant is the same as Register.com's own address, namely, 5335 Gate Pkwy Jacksonville​, Florida 32256, in the United States.\r\n\r\nThe CAC Case Administrator queried these registrant details on 17 June 2021. The registrar re-confirmed them on the same day.",
    "other_legal_proceedings": "The Panel is not aware of any other legal proceedings which are pending or decided and relate to the disputed domain name.",
    "no_response_filed": "PARTIES' CONTENTIONS:\r\n\r\nCOMPLAINANT:\r\n\r\nThe disputed domain name is confusingly similar to the Complainants' trade marks and is an example of typosquatting. It consists in a misspelling that maintains sufficiently recognizable aspects of the Complainant’s trademarks. The only difference between the stem of the disputed domain name <hldglobql.com> and the HID GLOBAL trademark is the change of the letter \"i\" to the letter \"l\" and the letter \"a\" to the letter \"q\". These new characters still look like the letters i and a in some computer fonts. Previous similar cases before ADR Panels include WIPO Case D2018-1815 on <hidQlobal.com>, another case involving phishing, where the Panel remarked that \"An Internet user, including an email recipient, would likely fail to recognize the very minor distinction in appearance between Complainant’s trademark and the disputed domain name\".\r\n\r\nThe Respondent has no rights or legitimate interest in the disputed domain name, which was registered in August 2020. This was long after the Complainant had established its rights in its well-known trademarks, which the Respondent has not been authorized to use. Far from the Respondent having any rights or legitimate interest in the disputed domain name, the Respondent relied on it to conduct fraudulent activity, i.e. phishing.\r\n\r\nThis is in itself also evidence of bad faith registration and use contrary to the UDRP, and it shows that the Respondent was clearly aware that the well-known HID and HID GLOBAL trademarks were registered and being used by the Complainant. The Respondent in fact impersonated the Complainant. Furthermore, as stated in WIPO Case D2018-1815 when reaching a finding of bad faith: \"Regrettably, it is not uncommon for domain names which closely approximate distinctive trademarks to be used as instruments of fraud or other abuse.\" An additional factor for a finding of bad faith is that the Respondent also uses an anonymization service, PERFECT PRIVACY, LLC, which is established at the same address as the registrar’s. It is difficult to see in the present case why this Respondent should need to protect its identity, except to make it difficult for the Complainant to protect its trademark rights.\r\n\r\nADDITIONAL CONTENTION RELATED TO THE REGISTRAR’S COMPLICITY\r\n\r\nThe registrar has provided contradictory statements to the CAC Case Administrator concerning the Respondent's identity. On 11 June 2021 it stated that \"Register Holding Account is the current registrant of the hldglobql.com domain name\" but also that \"The registrant has submitted the Registration Agreement at the location of the principal office of the registrar.\" On 17 June, it maintained that \"these are the correct contact details.\" However, an \"account\" clearly cannot be a registrant. A registrant's name must be that of either an organization or a person.\r\n\r\nFurther, the address mentioned in the WHOIS data provided by the registrar seems to be the registrar's own address. The registrar thus failed to share information on the actual registrant of the disputed domain name with the ADR Provider or the Complainant. By contrast, the UDRP requires that the registrar must provide the UDRP Provider with full registration data. It is unclear why the registrar does not do so for a domain name used for phishing.\r\n \r\nThe Complainant thus refers here to Decisions of previous ADR Panels such as in WIPO Case No. DCO2019-0033 -- \"where a registrar breached the provisions of the Policy or Rules or its conduct otherwise threatened to undermine the proper operation of the UDRP, it might be appropriate to invite the Center to bring that failure to the attention of ICANN, with a view to ICANN undertaking such investigation into, and enforcement steps against, the registrar as it considers appropriate\" -- and CAC Case 100149.\r\n\r\nFor now, the registrar's mentioned legal entity, \"Register.com, Inc.\", is (also) itself a proper Respondent to the Complaint, as per WIPO Case No. D2010-1945: Pandora Jewelry, LLC v. Whois Privacy Protection Service, Inc. \/ Lisa Xu, in which the Panel stated that “In conclusion, …, the Panel considers by parity that the relevant domain names [sic] is in fact controlled by both persons, the privacy service as public registrant and the underlying registrant and that naming both entity [sic] as Respondents respects the UDRP rules”.\r\n\r\nRESPONDENT:\r\n\r\nNO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.",
    "rights": "The Complainant has, to the satisfaction of the Panel, shown that the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).",
    "no_rights_or_legitimate_interests": "The Complainant has, to the satisfaction of the Panel, shown that the Respondent has no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).",
    "bad_faith": "The Complainant has, to the satisfaction of the Panel, shown that the disputed domain name was registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).",
    "procedural_factors": "Paragraph 4 of the UDRP Rules states as follows in respect of the registrar verification step of the ADR procedure:\r\n\r\n\"(a) The Provider shall submit a verification request to the Registrar. The verification request will include a request to Lock the domain name.\r\n\r\n\"(b) Within two (2) business days of receiving the Provider's verification request, the Registrar shall provide the information requested in the verification request and confirm that a Lock of the domain name has been applied. The Registrar shall not notify the Respondent of the proceeding until the Lock status has been applied. The Lock shall remain in place through the remaining Pendency of the UDRP proceeding. Any updates to the Respondent's data, such as through the result of a request by a privacy or proxy provider to reveal the underlying customer data, must be made before the two (2) business day period concludes or before the Registrar verifies the information requested and confirms the Lock to the UDRP Provider, whichever occurs first. Any modification(s) of the Respondent's data following the two (2) business day period may be addressed by the Panel in its decision.\"\r\n\r\nBased on the documentation of the registrar verification contained in the Case File, the Panel FINDS that the registrar of the disputed domain name in this case failed by two full days to comply with the requirements of UDRP Paragraph 4(b).\r\n\r\nAs concerns the Complainant's contentions regarding the content of the information provided by the registrar, these raise a substantive issue which is dealt with under the Principal Reasons for the Decision.\r\n\r\nThe Panel is satisfied that all other procedural requirements under UDRP were met and that there is no reason why it would be inappropriate to provide a decision.",
    "decision": "Accepted",
    "panelists": [
        "Kevin J. Madders"
    ],
    "date_of_panel_decision": "2021-07-31 00:00:00",
    "informal_english_translation": "The Complainant has demonstrated that it is the owner of:\r\n\r\n- the word mark \"HID\", registered on 7 March 2000 as EU Trade Mark No.001061464 under Nice Classification System Class 9 and similarly in the United States since 2016 as US Trademark No. 85756909;\r\n- the figurative mark with textual element \"HID\" in white capital letters on blue background with rounded corners, registered as EU trademark No. 012876991 since 13 October 2014 in Classes 9, 16, 42 and 45; and\r\n- the word mark \"HID GLOBAL\", registered as EU Trade Mark No.352951 since14 August 2007 under Class 9 and similarly in the United States since 2008 as US Trademark No. 78853856.\r\n\r\nThe Complainant refers in regard to the quality of the last-mentioned trademarks to WIPO Case No. D2018-2027 <hidgiobal.com>, in which the Panel found that \"HID GLOBAL trademark (...) has strong reputation and is widely known, as evidenced by its substantial use worldwide\".\r\n\r\nThe Complainant uses its trademarks in domain names it has registered: <hidglobal.com>, <hidglobal.co.uk>, <hidglobal.de> and <hidglobal.se>.\r\n\r\nThe Respondent registered the disputed domain name on 27 August 2020.",
    "decision_domains": {
        "HLDGLOBQL.COM": "TRANSFERRED"
    },
    "panelist": null,
    "panellists_text": null
}