GoSecure Inc. is a Canadian based organization, established in 2003, providing security related solutions including predictive endpoint detection & response, next gen antivirus and so on. Whereas Mr. Billa Bhandari has a strong recognition in the International Bio-metrics community and a vast experience building business oriented, secure, scale-able and mission-critical trading systems in the banking industry, since last over 30 years.
GoSecure Inc. filed a domain name disputed over generic domain name GoSecure.com claiming infringement of it’s registered Trademark rights and also went on to allege – Phishing attempts by Respondent, Passive Holding of Domain Name since Trademark registration in 2016. Also alleged that Respondent Repeatedly Renewed the Registration and Used the Domain in Bad Faith and based the same on further five grounds:
a) Respondent’s use of the at-issue trademark identical domain name to host email in furtherance of a phishing scheme aimed at defrauding third parties.
b) A request for a 5-figure payment in exchange for transferring the disputed domain name back to its rightful trademark owner is.
c) Respondent’s continued renewal of the domain in the absence of any content on the website for the past 10 years since 2011 constitutes bad faith use and registration.
d) Last five renewals of the registration from 2016-2020 were done after the GOSECURE Mark registered on June 28, 2016.
e) Respondent provided incomplete information when registering his domain name.
GoSecure.com domain had a registration date of September 14, 1999 and was legitimately used from 2002 till 2011 by the Respondent and even a Trademark registration was attempted. The Complainant Trademark got registered with USPTO in 2016 in USA and was having previous Canadian Trademarks but never disclosed in the Complaint. Further, the Complainant alleged phishing attempts being made by the Respondent, which they later backtracked under Additional Submissions.
There have been negotiation between the parties for $75k, while Complainant offered maximum of $10k and later came into UDRP. Respondent even provided evidence as to future plans as to his another project VitalProbe Inc. in Dubai and using the term GoSecure in his new project as well.
The Panel upheld the legitimate interests the Respondent had as the emails were still in use and demonstrable preparations to use were evident as well. Further held this to be a matter of Reverse Domain Name hijacking and referred these proceedings as Complainant’s plan B, with an attempt to reverse domain hijacking, after a failed negotiation !
GoSecure Inc. v. Billa Bhandari
Claim Number: FA2107001954083
Complainant is GoSecure Inc. (“Complainant”), represented by Andrew Skale of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C., California, USA.
Respondent is Billa Bhandari (“Respondent”), represented by Ankur Raheja of Cylaw Solutions, India.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <gosecure.com>, registered with GoDaddy.com, LLC.
The undersigned certifies that they have acted independently and impartially and to the best of their knowledge have no known conflict in serving as Panelists in this proceeding.
Ho-Hyun Nahm, Esq. (Chair), Gerald M. Levine, Ph.D., Esq., and Fernando Triana, Esq., as Panelists.
Complainant submitted a Complaint to the FORUM electronically on July 7, 2021; the FORUM received payment on July 7, 2021.
On July 7, 2021, GoDaddy.com, LLC confirmed by e-mail to the FORUM that the <gosecure.com> domain name is registered with GoDaddy.com, LLC and that Respondent is the current registrant of the name. GoDaddy.com, LLC has verified that Respondent is bound by the GoDaddy.com, LLC registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On July 8, 2021, the FORUM served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of August 2, 2021 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to firstname.lastname@example.org. Also on July 8, 2021, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post
and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
A timely Response was received and determined to be complete on August 2, 2021.
On August 9, 2021, Respondent submitted to the Forum its objection to Complainant’s request for further submission. On August 10, 2021, Complainant filed an Additional Submission without permission from the Panel. On August 11, 2021, pursuant to Respondent’s request to have the dispute decided by a three-member Panel, the FORUM appointed Ho-Hyun Nahm, Esq. (Chair), Gerald M. Levine, Ph.D., Esq., and Fernando Triana, Esq. as Panelists.
On August 16, 2021, Respondent filed an Additional Submission without permission from the Panel.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the FORUM has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2.
Complainant requests that the domain name be transferred from Respondent to Complainant.
i) Complainant, GoSecure Inc., provides computer and data security goods and services. Complainant has rights in the GOSECURE mark based on registration of the mark with the United States Patent and Trademark Office (“USPTO”) (e.g., Reg. No. 4,986,200, registered June 28, 2016). The disputed domain name is identical to Complainant’s GOSECURE mark because it simply adds the “.com” generic top-level domain (“gTLD”).
ii) Respondent does not have rights or legitimate interests in the disputed domain name. Respondent is not commonly known by the disputed domain name. Additionally, Respondent does not use the disputed domain for any bona fide offering of goods or services or legitimate noncommercial or fair use. Respondent uses the disputed domain to send phishing emails and also fails to
make active use of the disputed domain as it does not have a resolving website.
iii) Respondent registered and uses the disputed domain name in bad faith. Respondent offers to sell the domain at a price that exceeds registration costs. Additionally, Respondent uses the disputed domain name to send phishing emails. Furthermore, the disputed domain name has been inactive for the past 10 years. Respondent also failed to provide complete WHOIS information.
Respondent continued to renew the disputed domain name after Complainant’s GOSECURE mark was registered.
i) Respondent is a well-known entrepreneur with experience in information security and privacy. Complainant has not established rights in the GOSECURE mark. Additionally, the disputed domain name consists of generic terms.
ii) Respondent has rights and legitimate interests in the disputed domain name since Respondent uses it for professional purposes and is commonly known by the domain name. Additionally, Respondent has never used the domain name for phishing and has plans to make active use of the domain. Furthermore, Respondent’s registration of the disputed domain name predates Complainant’s claimed rights in the GOSECURE mark by 16 years.
(iii) Respondent does not deny that Complainant reached out to the GoDaddy domain broker service to attempt to purchase the disputed domain name or that Respondent refused to sell the disputed domain name “for anything less than a strong 6-figure(s).”
iv) Respondent registered and uses the disputed domain name in good faith. Respondent did not solicit the sale of the disputed domain name and has the right to sell the domain at whatever price it deems appropriate. Additionally, Complainant’s allegations of phishing are false. Furthermore, Respondent made active use of the disputed domain name for over a decade and has plans to make active use of the domain name again in the near future. Also, Respondent’s WHOIS information is not completely visible due to the requirements of the GDRP Policy. Respondent’s registration of the disputed domain name predates Complainant’s rights in the GOSECURE mark and the renewal of the domain name is irrelevant.
(v) Complainant engages in reverse domain name hijacking.
C. Additional Submissions
Complainant’s Additional Submission
i) Respondent challenges Complainant’s rights in the GOSECURE mark by arguing that Complainant has a different address on the certificate of Registration than in this proceeding. USPTO’s record clearly shows that Complainant’s new address is the same as the address claimed here.
ii) The USPTO determined that the GOSECURE mark was not generic in determining that the mark should register on the principal register. As such, it is clear that Complainant has rights in the GOSECURE mark.
iii) Respondent did not have rights or legitimate interests in the disputed domain because: (i) he was utilizing the <gosecure.com> domain to send phishing emails to Complainant’s customers, who then complained directly to Complainant; (ii) he has been passively holding the unused domain for over ten years; (iii) he is not known by the GOSECURE name and has not been using it in any other context.
iv) Respondent’s renewal and use of the disputed domain name have been in bad faith. The Complaint identified five separate bases for this finding, including:
(i) Respondent was engaging in a phishing scheme through use of the disputed domain;
(ii) Respondent demanded a five figure payment in exchange for transferring the domain;
(iii) Respondent continued to renew the domain in the absence of any content (passive holding);
(iv) five of these renewals occurred after Complainant’s GOSECURE mark was registered on the principal register; and
(v) Respondent provided incomplete information in the Whois registry.
v) There is no basis for a finding of reverse domain name hijacking.
Respondent’s Objection to Complainant’s Additional Submission Respondent objects to Complainant’s attempt to request for further submission, because it is not in compliance with established UDRP procedure respecting any additional filings, and also because it lamentably seeks to prejudice Respondent.
It has already been a week since the Response was filed. Moreover, under the Policy, parties have no right to submit additional arguments or evidence (Lloyds TSB Bank PLC v. Daniel Carmel-Brown, WIPO Case No. D2008-1889). Rule 12 of the UDRP Rules specifically states, that the UDRP process involves only a “Complaint” and a “Response”, with only the possibility of the Panel itself requesting further statements or documents from either of the parties:
The controlling provision is Paragraph 12 of ICANN’s Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), under which discretion to request such supplementation rests with the Panel”. A central purpose of the Policy and Rules is providing an expeditious and relatively inexpensive procedure for determining a certain type of domain name dispute, in which each party is entitled to make just one submission.
On August 16, 2021 Respondent filed an Additional Submission responding to specific contentions Complainant restates or repeats from the Complaint. The Panel has carefully reviewed both Additional Submissions. To the extent either responds to facts that it would not have been in a position to assert in the Complaint and Response the Panel has considered them in its determination.
1. The disputed domain name was registered on September 14, 1999.
2. Complainant has established rights in the GOSECURE mark based on registration of the mark with the United States Patent and Trademark Office (“USPTO”) (e.g., Reg. No. 4,986,200) registered June 28, 2016.
3. Respondent has established that it has rights or legitimate interests in the disputed domain name.
4. As Respondent has rights or legitimate interests in the disputed domain name, the Panel has concluded that it is unnecessary to consider whether Respondent registered or is using the disputed domain name in bad faith.
5. Complainant has engaged in Reverse Domain Name Hijacking.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith. Identical and/or Confusingly Similar Complainant asserts rights in the GOSECURE mark based on registration with
the USPTO (e.g., Reg. No. 4,986,200, registered June 28, 2016). Registration of a mark with the USPTO is a valid showing of rights in a mark per Policy ¶ 4(a)(i). See Target Brands, Inc. v. jennifer beyer, FA 1738027 (FORUM July 31, 2017) ("Complainant has rights in its TARGET service mark for purposes of Policy ¶ 4(a)(i) by virtue of its registration of the mark with a national trademark authority, the United States Patent and Trademark Office (“USPTO”).”). Since Complainant provides evidence of registration of the GOSECURE mark with the USPTO, the
Panel finds that Complainant has rights in the mark under Policy ¶ 4(a)(i). Complainant argues that the disputed domain name is identical to Complainant’s GOSECURE mark because it simply adds the “.com” gTLD. When a domain name differs from a mark only by the addition of a gTLD it may be found to be identical to the mark. See F.R. Burger & Associates, Inc. v. shanshan lin, FA 1623319 (FORUM July 9, 2015) (holding, “Respondent’s <frburger.com> domain name is identical to Complainant’s FRBURGER mark because it differs only by
the domain name’s addition of the top-level domain name “.com.”). Therefore, the Panel finds that the disputed domain name is confusingly similar to the GOSECURE mark under Policy ¶ 4(a)(i).
While Respondent contends that the disputed domain name is comprised of common and generic terms and as such cannot be found to be identical to Complainant’s mark, the Panel finds that such a determination is not necessary under Policy ¶ 4(a)(i) as this portion of the Policy considers only whether Complainant has rights in the mark and whether the disputed domain name is identical or confusingly similar to Complainant’s mark. See Precious Puppies of Florida, Inc. v. kc, FA 1028247 (FORUM Aug. 10, 2007) (examining Respondent’s generic terms arguments only under Policy ¶ 4(a)(ii) and Policy ¶ 4(a)(iii) and not under Policy ¶ 4(a)(i)); see also Vitello v. Castello, FA 159460 (FORUM July 1, 2003) (finding that the respondent’s disputed domain name was identical to complainant’s mark under Policy ¶ 4(a)(i), but later determining the issue of whether the disputed domain name was comprised of generic terms under Policy
¶¶ 4(a)(ii) and 4(a)(iii)).
Rights or Legitimate Interests
A complainant has the further burden of demonstrating for the second limb that respondent lacks rights or legitimate interests in the subject domain name. It can do this by offering prima facie proof of its contention on this issue. If it succeeds on a prima facie showing that a respondent lacks rights or legitimate interests the burden then shifts to respondent to rebut the contention that it lacks rights or legitimate interests in the disputed domain name.
Here Complainant contends that Respondent lacks rights or legitimate interests in <gosecurity.com> because it does not now and has not for many years resolved to a website and Respondent is not presently making a bona fide offer of any goods or services through a resolving website. Additionally, it contends that Respondent is not commonly known by the disputed domain name, nor is it using the disputed domain name for noncommercial or fair use purposes.
Complainant contends that it has not authorized Respondent to hold the disputed domain name.
Although Complainant concedes that its trademark postdates the registration of the disputed domain name, it contends that Respondent’s nonuse of <gosecurity.com> as a website and for the other reasons it advances Respondent lacks rights or legitimate interests in the disputed domain name. Facts rebutting these contentions are, of course, within Respondent’s knowledge,
and not necessarily that of Complainant.
It is for this reason that a respondent must come forward with rebuttal evidence, and if it cannot then Complainant succeeds on this limb. Here, the Panel finds that Complainant’s contentions together with Respondent’s admissions that the domain name does not presently resolve to an active website are sufficient to state a prima facie case that Respondent lacks rights or legitimate interests in the disputed domain name.
Once the burden shifts, Respondent has the opportunity of demonstrating its right or legitimate interest by showing the existence of any of the following nonexclusive circumstances:
(i) before any notice to you [respondent] of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or
(ii) you [respondent] (as an individual, business, or other organization) have been commonly known by the domain name, even if you have acquired no trademark or service mark rights; or
(iii) you [respondent] are making a legitimate noncommercial or fair use of the domain, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue. The Panel notes that Respondent does not deny that the disputed domain name is currently inactive, although its proof does support the contention that for many years it was actively used. Rather, it contends that it has nonetheless continuously used the domain name for email operations. See Zero International Holding GmbH & Co. Kommanditgesellsshaft v. Beyonet Services and Stephen Urich, 2000-0161 (WIPO May 12, 2000) (“We do not accept that complainant’s contention that registration of a domain name which is only to be used for [e-mail and file transfer operations] is in some way improper and constitutes bad faith.”) Respondent additionally demonstrates that it maintains a “WordPress” blog at https://gosecure.wordpress.com and that it is presently developing a project for the website with another company located in UAE. The specifics of the project while sketchy are sufficiently spelled out in Respondent’s attachments. The Panel finds that this evidence supports Respondent’s assertion that it is making “demonstrable preparations to use” the domain name.
Respondent also contends that it was commonly known by the domain name for this extended period. It states and provides evidence that it is an established entrepreneur in the biometrics and information security field for the last 30 years.
It even sought trademark protection for “Go Secure” although did not proceed with the registration. This contention appears to be supported by the totality of evidence offered, but this is post-hoc. There is no evidence that the disputed domain name was acquired by Respondent operating with that name. The Panel finds that Respondent’s rebuttal and evidence is persuasive on the issue of rights and legitimate interests. Accordingly, Complainant has not succeeded on this element of the Policy.
Registration and Use in Bad Faith
Where complainant fails to establish an element necessary for a finding of abusive domain name registration and use it is unnecessary to proceed further in analyzing the third limb of the Policy. Here, the Panel has found that Respondent has rights or legitimate interests in the disputed domain name. See Creative Curb v. Edgetec Int’l Pty. Ltd., FA 116765 (FORUM Sept. 20, 2002) (finding that because the complainant must prove all three elements under the Policy, the complainant’s failure to prove one of the elements makes further inquiry into the
remaining element unnecessary); also Netservice, Inc. v. Ryan Howard / Howard Technologies, Ltd., FA1721637 (FORUM Apr. 17, 2017).
Accordingly, Complainant has not succeeded in proving Respondent registered and is using the disputed domain name in bad faith.
Reverse Domain Name Hijacking
Respondent alleges that Complainant has acted in bad faith and is engaging in reverse domain name hijacking by initiating this dispute. Complainant denies that there is any basis for a finding of reverse domain name hijacking.
Under Paragraph 1 of the Rules, "Reverse Domain Name Hijacking" (RDNH) is defined as "using the Policy in bad faith to attempt to deprive a registered domain-name holder of a domain name. “Paragraph 15(e) of the Rules provides that if "the Panel finds that the complaint was brought in bad faith, for example in an attempt at Reverse Domain Name Hijacking or was brought primarily to harass the domain-name holder, the Panel shall declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding.”
The Panel observes that such a finding is justified where a complainant proceeds despite the fact that it knew or should have known that it did not have a colorable claim under the Policy. See Karma International, LLC v. David Malaxos, FA 1822198 (FORUM Feb. 15, 2019) (finding RDNH where complainant lacked trademark rights, came into being long after domain name was registered, and had made prior unsolicited offer to purchase domain name). It also notes that even if a panel would find that Complainant has failed to satisfy its burden under the Policy, this does not necessarily render a finding of reverse domain name hijacking. See ECG European City Guide v. Woodell, FA 183897 (FORUM Oct. 14, 2003) (“Although the Panel has found that Complainant failed to satisfy its burden under the Policy, the Panel cannot conclude on that basis alone, that Complainant acted in bad faith.”); see also Church in Houston v. Moran, D2001-
0683 (WIPO Aug. 2, 2001) (noting that a finding of reverse domain name hijacking requires bad faith on the complainant’s part, which was not proven because the complainant did not know and should not have known that one of the three elements in Policy ¶ 4(a) was absent).
The Panel notes that Respondent does have rights and legitimate interests in the disputed domain name for purposes of paragraph 4(a)(ii) of the Policy. It also notes that the disputed domain name registration predates Complainant’s first claimed rights in the GOSECURE mark for almost 16 years. Nevertheless, Complainant asserts that the disputed domain name was registered and is being used in violation of its trademark rights. It also accuses Respondent of using its email operation for phishing, but the evidence does not support this contention.
Complainant initiated these proceedings after failing to purchase the domain name in the marketplace. Its trademark came into being long after the disputed domain name was registered, and Complainant had made prior unsolicited offers to purchase the domain name. See Mechoshade Systems, LLC v. DNS Admin / Mecho Investment, FA1805001784649 (FORUM June 18, 2018) (Complainant
continued to pursue this case, including with the frivolous and demonstrably incorrect arguments that use of a Domain Name for purposes of a family email address is not a legitimate interest.”)
This case is what is sometimes referred to as a “Plan B” scenario, where a complainant attempts to purchase a domain name and then switches tactics, bringing a complaint under the Policy despite a clear inability to make the required showings. See Aether, LLC v. Aether Domains / Aether Things, Inc., FA 1739957 (FORUM Aug. 24, 2017) (finding RDNH of <aether.com> where complaint was brought after unsuccessful commercial negotiations); EBSCO Industries, Inc. v. WebMagic Staff / WebMagic Ventures, LLC, FA 1722095 (FORUM May 25, 2017) (finding RDNH of “novelist.com” where respondent had previously rejected multiple purchase offers from complainant).
Complainant is represented by counsel with experience in the UDRP process, who likely advised Complainant that its position was unsupportable. See Daniel Biro / RealtyPRO Network, Inc. v. Ben Kueh / Computerese, FA 1929289 (FORUM Mar. 29, 2021) (finding RDNH against unrepresented complainant, while noting that such complainants “are generally given a free pass” for purposes of RDNH).
On balance, the Panel finds that the Complaint was brought in bad faith, in an instance of reverse domain name hijacking, and constitutes an abuse of the administrative proceeding.
Having not established all three elements required under the ICANN Policy, the Panel concludes that relief shall be DENIED.
Accordingly, it is Ordered that the <gosecure.com> domain name REMAIN WITH Respondent.
Complainant has engaged in Reverse Domain Name Hijacking.
Ho Hyun Nahm, Esq., Chair of the Panel, and Gerald M. Levine, Ph.D., Esq., and Fernando Triana, Esq. as Panelists
Dated: August 19, 2021