WIPO Arbitration and Mediation Center


Splunk Inc. v. Domain Privacy Service FBO Registrant/ Charles Keane

Case No. D2014-0555

1. The Parties

The Complainant is Splunk Inc. of San Francisco, California, United States of America, represented by Harvey Siskind LLP, United States of America.

The Respondent is Domains By Proxy, LLC of Scottsdale, Arizona, United States of America / Eric Irvin of Birmingham, Alabama, United States of America, represented by Drinker, Biddle & Reath, LLP, United States of America.

2. The Domain Name and Registrar

The disputed domain name <dontgetsplunked.com> is registered with Domain.com, LLC (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on April 7, 2014. On April 7, 2014, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On April 7, 2014, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on April 9, 2014 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on April 14, 2014.

The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2(a) and 4(a), the Center formally notified the Respondent of the Complaint, and the proceedings commenced on April 17, 2014. In accordance with the Rules, paragraph 5(a), the due date for Response was May 7, 2014. The Response was filed with the Center on May 7, 2014.

The Center appointed Peter L. Michaelson as the sole panelist in this matter on May 21, 2014. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

As reflected in the registration record for the disputed domain name in the Registrar’s WhoIs database (a copy of that record is annexed to the Complaint), the disputed domain name was created on March 19, 2014 and is set to expire on March 19, 2015.

A. Complainant’s SPLUNK Marks

As indicated in the Complaint, the Complainant owns several US trademark registrations for marks that either solely contain the term SPLUNK or include that term as a formative with another word or a design symbol. The Complainant has provided, annexed to the Complaint, copies of its registration certificates. Pertinent details of a few of these registrations are as follows:


United States registration no. 3,269,249

registered: July 24, 2007; filed: December 2, 2004; class nos. 9, 16, 35, 38, 42

This registration claims a common date for both first use and first use in commerce of this mark of November 1, 2005.


United States registration no. 4,199,665

registered: August 28, 2012; filed: June 2, 2011; class no. 41

The registration claims a common date for both first use and first use in commerce of this mark of July 31, 2006.

3. splunk>

United States registration no. 4,374,897

registered: July 30, 2013; filed: August 7, 2012; class nos. 9, 16, 35, 38, 41, 42

This registration claims a common date for both first use and first use in commerce of this mark: in conjunction with goods and services in international classes 9, 16, 35, 38 and 42 of November 30, 2005; and in conjunction with services in international class 41 of July 31, 2006.


United States registration no. 4,211,026

registered: September 18, 2012; filed: May 23, 2011; class nos. 16, 35, 38, 41, 42

This registration claims a common date for both first use and first use in commerce of this mark of August 16, 2011.

B. The Parties, Other Actors and Interactions Amongst Them All

The Complainant provides a range of software products that collect, monitor and analyze machine data — a fast growing and significant segment of so-called “Big Data”. The Complainant has over 7,000 customers located across more than 90 countries and, over the years, has received various industry awards for its products and technologies.

The Complainant’s products can be used for a wide range of purposes, including enterprise security, information technology (IT) operations, application management and digital intelligence. For enterprise security, the Complainant offers two related products: Splunk Enterprise and the Splunk App for Enterprise Security. These security products offer real-time security monitoring, historical analysis and visualization of massive data sets, provide security intelligence to help organizations identify both known and unknown threats, facilitate data exploration of incidents in real time to perform comprehensive incident investigations, maintain a proactive defense, and support creation of ad hoc reports. Over 30% of the Complainant’s customers use its products for enterprise security.

The Respondent is employed by the Hewlett-Packard Company (“HP”), specifically as Manager, Sales Engineering in its Enterprise Security Division. The product offerings of that division include “ArcSight” which is a software product that directly competes with the Complainant’s software products in the enterprise security field.

Shortly after registering the disputed domain name on March 19, 2014, the Respondent, along with others – including the respondent in a companion UDRP proceeding presently before the Center (Splunk Inc. v. Domains By Proxy, LLC / Eric Irvin, WIPO Case No. D2014-0554) (both these respondents will be collectively referred to hereinafter as simply the “Respondents”) and two others who are also HP employees having responsibility for HP’s enterprise security products, began a repeated campaign of synchronized cross-platform posting of highly similar, and in several instances identical, content not only to the Respondent’s own website, resolvable by the disputed domain name, but also to various social media outlets, including Twitter (under the handle “@splunkfail”), YouTube (under the handle “Splunky F”) and blogs. The content pointedly disparaged the Complainant and particularly its enterprise security products, services and personnel. In addition, the content which the Respondent posted to his own website was also cross-posted to the website at <splunkfail.com> (the disputed domain name in the companion UDRP proceeding). Examples of this content include:

“Just invented a splunk sandwhich [sic], take two pieces of bread and a bunch of soggy logs with no security and put them together.” #splunkfail” (March 26, 2014 @splunkfail).

“Splunk doesn’t like alot [sic] of real-time concurrent/searches/correlation. Just hope hackers attack in past/ not real-time” (March 25, 2014 @splunkfail).

“Splunk is a security company #AprilFoolsDay.” (April 1, 2014 @splunkfail).

Approximately a week after the Respondent and others started cross-posting their disparaging content, including through both web postings, blogs and tweets, against the Complainant, the postings took on a rather disturbing tone, by including physical threats against the Complainant, as illustrated by the following blog entries on the Respondent’s website (which were re-posted on Twitter):

“... if I was [sic] in a room with a gun, with two bullets in it, with Osama Bin [sic] Laden, Hitler, and Splunk, I would shoot Splunk ... twice.” (Posted March 31, 2014.)

“Splunk is like a leaky gas line,solution [sic] to fixing the gas leak? How about a bigger gas line? Light a match on #splunkfail #boomgoesdynamite.” (Posted March 31, 2014.)

The Complainant’s employees, who were then engaged in the ordinary course of monitoring the Complainant’s social media presence, viewed the Respondent’s latest postings and tweets by @splunkfail as threats to the physical safety of their own workplace. Consequently, the Complainant bolstered the physical security of its own offices.

The Respondents’ websites, at the disputed domain names in both this and the companion proceeding, share the same layout, color schemes, fonts, and overall look and feel, including dark borders at the top and left sidebar, white backgrounds, and grass-green accents. These graphic elements are very similar to those on the Complainant’s website at <splunk.com>.

As with the Respondent’s website, the website at <splunkfail.com> contains disparaging posts, including one which accuses the Complainant of being “like a Heroin addiction and, frankly, the TRUE security guys in the room want to kick the habit.” Other posts refer to the Complainant as “log pimps . . . trying to up your license” and “pissing off a lot of customers lately.”

HP is not a party to either the present or companion proceedings, nor does it own, operate or control the websites of either of the Respondents.

Nevertheless, on April 7, 2014, the same day the Complaints were filed in the present and companion proceedings, the Complainant’s counsel also sent a letter to Ms. Watson, Chief Ethics and Compliance Officer at HP, notifying her of the disparagement then being orchestrated against the Complainant and the potential involvement of HP personnel in doing so, and seeking HP’s assistance in stopping further disparagement. The Complainant’s counsel supplemented that letter by a second letter sent to Ms. Watson on April 11, 2014 which, based on the Complainant’s intervening investigation, identified the specific HP personnel, as including the two Respondents -- one of whom is an HP employee, and also two other HP employees also in the HP Enterprise Security Division, for a total of 4 individuals. A copy of these letters is annexed to the Complainant’s Supplemental Filing.

Apparently, in response to the April 7th letter, the Respondents took down their respective websites and voluntarily disabled and/or removed their Twitter accounts. HP’s counsel, which is also representing both Respondents in this and the companion proceeding, replied by e-mail dated April 22, 2014 (a copy of this message is annexed to the Complainant’s Supplemental Filing), stating, in pertinent part:

“Although HP disputes your characterizations regarding the websites and twitter accounts, and does not believe that the facts stated in your letter give rise to any cognizable claim, much less any damage or harm to Splunk, HP would prefer to resolve the matter amicably rather than devoting resources to a dispute. Consequently, HP is prepared to work with the individual owners of the domains identified by Splunk, and believes it can persuade them, to voluntarily effectuate a transfer of those domains to Splunk in exchange for an appropriate release for the interested parties, including HP. HP’s interest in resolution is not intended as, and should be not viewed as, an admission of wrongdoing by HP or the individual HP employees. HP acted swiftly to request removal of the content by the involved individuals, notwithstanding the fact that HP did not own or control the websites or accounts, and had no responsibility for the content referenced in your letter.”

Currently, the disputed domain name no longer resolves to an operational website.

On May 8, 2014, HP’s counsel filed a common consolidated Response, signed by both Respondents, in both this and the companion proceedings.

5. Parties’ Contentions

A. Complainant

(i) Identical or Confusingly Similar

The Complainant contends that the disputed domain name is confusingly similar to the Complainant’s SPLUNK Marks. Specifically, the disputed domain name contains the term “Splunk” as a past tense verb “splunked” prepended by the words “don’t get” (though without the apostrophe), all of which are incapable of adding sufficient distinctiveness whatsoever to the name to mitigate any resulting user confusion between the name and the SPLUNK Marks.

Hence, the Complainant believes that it has satisfied the confusing similarity/identity requirement in paragraph 4(a)(i) of the Policy.

(ii) Rights or Legitimate Interests

The Complainant contends that the Respondent has no rights or legitimate interests in the disputed domain name pursuant to paragraph 4(a)(ii) of the Policy.

Specifically, the name no longer resolves to an operational website. Inasmuch as the Respondent is now passively holding the name, he is not using the name in a manner consistent with either a legitimate noncommercial or fair use.

The Respondent, being affiliated with a division of HP which directly competes with the Complainant, stood to gain, whether directly or indirectly, through misleading potential customers by any of the disparaging comments posted to his website (as well as having been cross-posted elsewhere) which, in turn, would cause sales destined for the Complainant to be diverted from the Complainant to HP. Obviously, whatever gain the Respondent intended, through his actions, to attain, whether for himself, HP or both, was commercial in nature. Thus, the Respondent’s gripe site, reflecting commercially-purposed criticism, could not constitute a legitimate noncommercial use of the name. Moreover, the Respondent made no effort, by way of a suitable disclaimer or otherwise, to dispel any confusion of Internet users he intentionally caused.

(iii) Registered and Used in Bad Faith

The Complainant also contends that the Respondent has registered and is using the disputed domain name in bad faith pursuant to paragraph 4(a)(iii) of the Policy.

Prior to taking down his website, the Respondent used the disputed domain name in bad faith to threaten the Complainant with physical violence, to discredit and disrupt the Complainant’s business and to divert potential customers of the Complainant to HP Enterprise Security Division’s competitive product offerings and thus deprive the Complainant of ensuing sales. If the Respondent succeeds in diverting those customers to the Complainant’s direct competitor, then the Respondent stands to make significant commercial gains.

B. Respondent

(i) Identical or Confusingly Similar

In sharp contrast to the position taken by the Complainant, the Respondent argues that the disputed domain name is not confusingly similar or identical to the Complainant’s marks.

Specifically, the Respondent believes that the disputed domain name itself plainly evinces to any ordinary Internet user that the name is associated with a site which provides commentary critical of the Complainant, i.e. a so-called gripe site, and, as such, has no association whatsoever with the Complainant.

(ii) Rights or Legitimate Interests

The Respondent contends, contrary to the Complainant’s view, that he does have rights or legitimate interests in the disputed domain name.

Specifically, the Respondent argues that his website is a legitimate gripe site, presenting criticism of the Complainant’s own products by one of its “users”. This criticism is protected speech under the free speech guarantees of the First Amendment to the US Constitution. Further, while the criticism is highly critical of the Complainant, the website does not attempt to misleadingly divert the Complainant’s customers to any competitive supplier. Just as importantly, there is no commerce transacted on the site. The site solely contains criticism.

(iii) Registered and Used in Bad Faith

As noted, the Respondent claims he has legitimate rights or interests in the disputed domain name by virtue of its use in conjunction with a legitimate gripe site. Given that, the Respondent concludes that his registration of the disputed domain name and his subsequent use for such a site cannot be in bad faith.

Further, the Respondent asserts that his sole purpose in registering and using the disputed domain name was to create a legitimate, permissible criticism website, and “that is what was done”.

C. Supplemental Filings

Both sides submitted Supplemental Filings. Much of these filings centers around the argument as to whether: (a) the Complainant’s Supplemental Filing truly offered new evidence not previously available to the Complainant: Complainant argues it does to justify the Panel’s admission of its filing, and which the Respondent counter-argues in its filing to oppose the admission of Complainant’s filing; and (b) whatever effect that evidence would have on assessing the role, if any, that HP had in potentially planning, facilitating and/or sanctioning the Respondents’ conduct. That evidence was the identification of the Respondent as an employee of HP and specifically its Enterprise Security Division. With this identification having been made, the Complainant argues that HP served some such role, thus further corroborating its view that the Respondent’s gripe site was commercially motivated; while the Respondent argues that HP had no such role.

The Panel, exercising its sole discretion under the Rules, paragraphs 10 and 12, has carefully considered both filings. To the extent either filing provided any additional factual information, that information has been incorporated into the factual summary above.

6. Discussion and Findings

A. Identical or Confusingly Similar

The Panel finds that the disputed domain name is confusingly similar to the Complainant’s SPLUNK Marks.

From a simple comparison of the disputed domain name to the Complainant’s mark SPLUNK, no doubt exists that the disputed domain name is confusingly similar to the Complainant’s marks. The primary difference between the disputed domain name and the mark SPLUNK is the use of the mark as a past tense verb and prepending the common English words “don’t get” to form a separate corresponding composite term “dontgetsplunked” along with, secondarily, appending the generic Top-Level Domain (gTLD) “.com” to that term to form the disputed domain name, with the last addition being typically irrelevant in assessing confusing similarity or identity under paragraph 4(a)(i) of the Policy and thus ignored in this instance.

It is now very well-established in UDRP precedent, including numerous decisions previously rendered by this Panel, that a minor variation, such as adding a short letter or number group, or even generic or highly descriptive words, or geographic identifiers, such as a country name, to a mark, is usually insufficient in and of itself, when used in forming a domain name that results from modifying the mark, to confer requisite and sufficient distinctiveness to that name to avoid user confusion. Here, the modifications which the Respondent specifically did to the mark SPLUNK clearly resulted in such a minor variation.

Therefore, the Panel finds that the disputed domain name is confusingly similar to the Complainant’s SPLUNK Marks. Hence, the Complainant has satisfied its burden under paragraph 4(a)(i) of the Policy.

B. Rights or Legitimate Interests

Based on the evidence of record here, the Panel finds that no basis exists which would appear to legitimize a claim of rights or legitimate interests by the Respondent to the disputed domain name under paragraph 4(c) of the Policy.

The Respondent predicates his claim of having rights or legitimate interests in the name on the basis that his website provided nothing more than Constitutionally protected critical commentary and thus constituted a legitimate gripe site sufficient to fall within the ambit of being a “legitimate noncommercial use” under paragraph 4(c)(iii) of the Policy.

The Panel categorically rejects the Respondent’s view that his website is simply an exercise of his Constitutionally protected right to critical speech. Nothing could be further from reality.

If the Respondent and his co-actors (collectively both in this and the companion proceedings) had no relationship whatsoever to the Enterprise Security Division of HP, which is a direct competitor of the Complainant, that is, none of them was an employee of or a consultant to that division and had nothing whatsoever to personally gain, whether financially or otherwise, from their scathing and rather disparaging criticism of the Complainant, then the Panel might be more solicitous of the Respondent’s view. But that is not the reality here. The reality which the Respondent’s counsel conveniently overlooks in the Response is that the Respondents had a direct pecuniary relationship with that division: one is an employee and, of particular criticality, in a sales capacity, and the other is a paid consultant to that division. By injuring the Complainant, they both stood to gain – or so they likely thought.

If that division improved its sales, apparently in the minds of the Respondents however that were to occur – even if illicitly, then it stood to reason that the Respondents believed that they would likely and eventually receive added compensation and/or other benefits commensurate with the sales gain. Perhaps a bonus or an increase in salary? Perhaps a promotion or added responsibilities? Perhaps just increased visibility and notoriety in the division which might subsequently lead to pecuniary benefits. Why would the Respondents collectively expend needed time and resources to plan and then engage in a deliberate campaign of formulating highly disparaging content and then cross-posting that content across various social media outlets and websites in an attempt to sufficiently discredit the Complainant to an extent, which they obviously calculated, would cause a diversion in its sales if the Respondents, being paid by HP, did not stand to personally benefit, in some manner, as a result? The Panel can think of no other credible reason. While the record here (and in the companion proceeding) is devoid of any evidence reflective of just what the Respondents ultimately sought to personally attain from their conduct, it is eminently clear to this Panel and the Panel so infers, from the totality of the specific circumstances of record here, that the intended gain, whatever it was thought to have been, would positively impact their relationship, as a paid agent (whether as a consultant or employee), of HP.

In 322 West 57th Owner LLC v. Administrator, Domain, WIPO Case No. D2008-0736, this Panel held that in order for a gripe site to be legitimate, not only must the site be noncommercial but the owner of that site cannot engage in any commercial activity through the site or benefit in any way from use of the domain name used for that site. This Panel had previously recognized in Citgo Petroleum Corporation v. Richard Antinore, WIPO Case No. D2006-1576, that a respondent’s website which solely provides criticism, regardless of the severity or directness of that criticism, is protected under the First Amendment to the US Constitution as being an exercise of that respondent’s right of free speech, but this protection is not absolute. “If the respondent engages in actions that evince bad faith, and particularly conduct that commercially exploits the name for the respondent’s pecuniary benefit, thus indicating that the respondent’s intentions were not aimed solely at providing critical comment, then any such protection which would otherwise arise is lost.” Ibid. Specifically in Citgo, the respondent used the domain names <nomocitgo.com> and <nomocitgo.org> as addresses of a website containing comment critical of the government of Venezuela, which owned the complainant Citgo, and also offered to sell each of these two and other similar names and the gripe site itself to the complainant for a total of USD 10,500 – a sum far in excess of the costs of registering the names. This Panel held that when the facts where viewed in their totality of the evidence, the respondent’s primary purpose was not to disseminate critical speech but rather to coerce the complainant into purchasing his gripe site and the domain names and thus extort a significant sum of money for the cessation of respondent’s negative criticism, hence effectively forcing the complainant to pay to silence the respondent. Thus, this Panel concluded that the respondent had no rights or legitimate interests in either of those domain names. For a similar result, see National Collegiate Athletic Association v. Dusty Brown, WIPO Case No. D2004-0491.

What distinguished the legitimacy of the respondent’s site as a protected gripe site in 322 West 57th Owner from that in Citgo was the simple fact that in the former case there was no evidence whatsoever of record showing that the respondent’s purpose in registering and using the disputed domain name was anything other than to disseminate her legitimate noncommercial criticism of the complainant, evidence of which existed in the Citgo case.

The over-riding purpose of the Respondent’s website here was not to solely disseminate critical speech, but rather to gain some financial benefit through diverting sales from the Complainant to its direct competitor, the Enterprise Security Division of HP, with which the Respondent was engaged and from which he received remuneration for his work. Accordingly, the Respondent’s site does not qualify as a legitimate gripe site to fall within the ambit of legitimate, noncommercial use required under paragraph 4(c)(iii) of the Policy.

Further, there is no evidence whatsoever presently before the Panel to the effect that the Respondent’s conduct may qualify under paragraphs 4(c)(i) or 4(c)(ii) of the Policy. Further, the record is also devoid of any evidence that would indicate that the Respondent has acquired, through any other means, any rights or legitimate interests in the disputed domain name.

Accordingly, the Panel concludes that the Respondent has no rights or legitimate interests in the disputed domain name within paragraph 4(a)(ii) of the Policy.

The Panel recognizes that the websites and domain names at issue in the present and companion proceedings were individually and solely owned and operated by their respective Respondents. The Panel also recognizes, in light of the absence of any evidence to the contrary, that HP neither authorized nor condoned the establishment, use or operation of these sites, and that HP did not have any direct control over these sites. Nevertheless, HP, as soon as it was placed on notice by the April 7th letter from the Complainant’s counsel, acted to successfully persuade the Respondents to shut down their respective websites and end further disparaging commentary towards the Complainant – as they then did.

C. Registered and Used in Bad Faith

The Panel finds that the Respondent’s actions, with respect to the disputed domain name, constitute bad faith registration and use.

There is no question at all, from the discussion above and the evidence of record, that the Respondent intentionally registered and subsequently used the disputed domain name in a manner that deliberately disrupted the business of a direct competitor, the Complainant, by attempting to divert customers and their attendant sales otherwise destined for the Complainant away to the Enterprise Security Division of HP, with which the Respondent was employed, for, ultimately, the Respondent’s own financial gain arising out of that employment. For panel rulings finding disruption under paragraph 4(b)(iii) of the Policy, see, e.g., Motorola Trademark Holdings, LLC v. PeaceSearch.com, Ltd., WIPO Case No. D2011-2033, Wal-Mart Stores, Inc. v. Gerry Senker, WIPO Case No. D2006-0211, and Triodos Bank NV v. Ashley Dobbs, WIPO Case No. D2002-0776.

Granted, that use ceased approximately two months ago, with the disputed domain name no longer resolving to an operational website. However, the specific language of paragraph 4(b)(iii) of the Policy, which reads: “you have registered the domain name primarily for the purpose of disrupting the business of a competitor”, merely requires a panel to consider the primary purpose behind the registration, and not necessarily the present status of the name. If a respondent’s intent in registering a disputed domain name was primarily to disrupt the business of a competitor – as is clearly shown by the specific evidence of record to have occurred here, then that alone suffices to invoke this paragraph and brand the respondent’s conduct as bad faith registration and use. Such is the result here.

Hence, the Panel concludes that the Respondent’s registration and use of the disputed domain name fall within the bad faith provision of paragraphs 4(a)(iii) and specifically 4(b)(iii) of the Policy.

Thus, the Panel concludes that the Complainant has provided sufficient proof of its allegations, with respect to the disputed domain name, to establish a case under paragraph 4(a) of the Policy upon which the relief it now seeks can be granted.

7. Decision

Accordingly, under paragraphs 4(i) of the Policy and 15 of the Rules, the Panel grants the relief sought by the Complainant. The disputed domain name <dontgetsplunked.com> is ordered to be transferred to the Complainant.

Peter L. Michaelson
Sole Panelist
Date: June 2, 2014