WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
EOS Data Analytics, Inc. v. WhoisGuard Protected, WhoisGuard, Inc. / Mich Sham / lank bo, kingsoft / jesus mail
Case No. D2018-1286
1. The Parties
The Complainant is EOS Data Analytics, Inc. of Menlo Park, California, United States of America (“United States”), represented by Mapa Global Investments SL, Spain.
The Respondent is WhoisGuard Protected, WhoisGuard, Inc. of Panama / Mich Sham of Bucharest, Romania / lank bo, kingsoft of Quanzhou, China / jesus mail of New York, New York, United States.
2. The Domain Names and Registrar
The disputed domain names <eoṣ.com> [xn--eo-4zs.com], <eọs.com> [xn--es-68s.com], and <ẹos.com> [xn--os-g7s.com] are registered with NameCheap, Inc. (the “Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on June 8, 2018. On June 8, 2018, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain names. On June 8, 2018, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain names which differed from the Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on June 15, 2018 providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on June 20, 2018.
The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondents of the Complaint, and the proceedings commenced on June 27, 2018. In accordance with the Rules, paragraph 5, the due date for Response was July 17, 2018. The Respondents did not submit any response. Accordingly, the Center notified the Respondents’ default on July 18, 2018.
The Center appointed Dr. Clive N.A. Trotman as the sole panelist in this matter on July 26, 2018. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
4. Factual Background
The Complainant is in the business of satellites, rockets, image analysis and associated computer software. The initials EOS were initially derived from Earth Observing System. The Complainant is the owner of the following registered trademarks:
EOS, European Union Trademark registration number 015212665, registered on July 18, 2016 in classes 9, 13 and 42;
EOS, United States Trademark serial number 87116133, allowed on September 19, 2017 in classes 9, 13 and 42;
EOS, International Trademark registration number 1383473, registered on November 16, 2017 in classes 9, 13 and 42.
The Complainant has owned the domain name <eos.com> since February 13, 1991.
The first-named Respondent is a privacy service. Nothing is known about the underlying registrants and Respondents except for the contact information provided to the Registrar for the purpose of registration of each disputed domain name. The disputed domain names were registered on the following dates: <eoṣ.com> [xn--eo-4zs.com] on February 10, 2018; <ẹos.com> [xn--os-g7s.com] on December 14, 2017; <eọs.com> [xn--es-68s.com] on December 12, 2017. Each of the disputed domain names contains one non-ASCII (American Standard Code for Information Interchange) character: “ṣ”, “ẹ”, or “ọ” respectively.
The Complainant submits evidence the disputed domain name <ẹos.com> [xn--os-g7s.com] redirected Internet users to a third-party website. Currently, two of the disputed domain names do not resolve to active websites and <eoṣ.com> [xn--eo-4zs.com] resolves to a parked website.
5. Parties’ Contentions
The Complainant submits that the Complaints against all three Respondents should be consolidated because the Complainant believes there is one controlling entity behind all three disputed domain names. The Complainant points to the evidence that two of the disputed domain names were registered within two days, and the third two months later, with the same registrar. The pattern of the disputed domain names is the inclusion of a character constructed of one of the letters “e”, “o” or “s” with a dot below.
The Complainant has produced copies of documentation attesting to its ownership of the EOS trademarks listed in section 4 above and says the disputed domain names, notwithstanding the incorporation of characters with dots below the letters “e”, “o” or “s”, are confusingly similar to its trademark.
The Complainant further contends that the Respondents have no rights or legitimate interests in respect of the disputed domain names. None of the Respondents is a licensee of the Complainant or is permitted to use the Complainant’s trademark. The Complainant’s trademark precedes the registration of the disputed domain names. The Respondents are not commonly known by the Complainant’s trademark.
The Complainant alleges the disputed domain name <ẹos.com> has been used to operate a website for “phishing” (the surreptitious collection of sensitive personal data). The Complainant says the disputed domain name <ẹos.com> has displayed a copy of the webpage “www.eos.io”, which has business in cryptocurrency and blockchain technology, with intent to deceive consumers into believing mistakenly they can buy cryptocurrency through that website. The Complainant says it has received complainants from correspondents alleging actual deception because of the activities associated with the disputed domain name <ẹos.com>.
The Complainant posits that the disputed domain name <eoṣ.com>, as yet unused, is likely to be put to use similarly to <ẹos.com>.
The Complainant further contends that the disputed domain names were registered and are being used in bad faith.
The Complainant says the use of a disputed domain name for the purpose of defrauding Internet users by phishing is considered abusive registration and use under the Policy. Non-use of a disputed domain name does not prevent a finding of use in bad faith. The Respondents intend to attract Internet users for phishing purposes for commercial gain. Whilst a third-party’s website (“www.eos.io”) is a target of the phishing activity, the Complainant’s reputation suffers damage because the disputed domains are effectively identical to the Complainant’s trademark and its domain name <eos.com>.
The Complainant says the disputed domain names <eoṣ.com> and <eọs.com> are passively held, constituting evidence of bad faith in the particular circumstances, which include: the strong reputation of the Complainant’s trademark; the absence of any evidence of actual or plausible good faith use; and the concealment of the Respondents’ identities by the provision of false contact details.
The Complainant questions the use of a privacy service by the Respondents if the objective is to frustrate proceedings in respect of a disputed domain name.
The Complainant has cited a number of previous decisions under the Policy that it considers to be supportive of its position.
The Complainant requests the transfer of the disputed domain names.
The Respondents did not reply to the Complainant’s contentions.
6. Discussion and Findings
A. Preliminary matters
Paragraph 4(a) of the Policy states that a Respondent is required to submit to a mandatory administrative proceeding in the event that the Complainant asserts to the applicable dispute-resolution provider, in compliance with the Rules, that:
“(i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and
(ii) you have no rights or legitimate interests in respect of the domain name; and
(iii) your domain name has been registered and is being used in bad faith”.
The Complainant has made the relevant assertions as required by the Policy. The dispute is properly within the scope of the Policy and the Panel has jurisdiction to decide the dispute.
Attempts by the Center to contact the underlying registrants of the disputed domain names, either through the contact details they provided or through the privacy service, were not replied to. The Panel is satisfied that the Center has fulfilled its obligations in accordance with paragraph 2 of the Rules.
Paragraph 10(e) of the Rules reads: “A Panel shall decide a request by a Party to consolidate multiple domain name disputes in accordance with the Policy and these Rules”. The Complainant has requested that the proceedings in respect of all three disputed domain names be consolidated. In deciding the request, the Panel has taken into account: that all three disputed domain names were registered in a two month period, with <ẹos.com> and <eọs.com> being registered two days apart; the common Registrar and privacy services employed; the similarity of the disputed domain names in comprising variations on the Complainant’s trademark EOS (and domain name <eos.com>) in which each of the ASCII letters “e”, “o” and “s” respectively has been replaced with a non-ASCII construction with an underdot; and the rare prevalence of the characters “ẹ”, “ọ” and “ṣ” even among Unicode characters. None of the Respondents has contested the consolidation of the Complaints. On balance, the Panel finds it more probable than not that the three disputed domain names are under the control of a single entity. Accordingly the Panel accedes to the Complainant’s request to consolidate the Complaints. It will be appropriate to refer to the Respondent in the singular hereafter.
Each disputed domain name is shown in two forms, for example <eoṣ.com> [xn--eo-4zs.com]. The first form, <eoṣ.com>, incorporating the non-ASCII character “ṣ”, is the form in which a domain name may be applied for to the Registrar and registered. The intention is to enable Internationalized Domain Names (IDN) to be created containing characters or accents of other writing systems than Latin, such as Arabic, Cyrillic or Tamil. Every such character, accent or symbol, of which there are tens of thousands (and every ASCII character), has a unique code number in the Unicode system.
In order for an IDN to be transmitted across the domain name system, it is first encoded into the few permitted ASCII characters allowed by the domain name system. The conversion is done transparently by an algorithm known as Punycode. The product of the algorithm in the above example, [xn--eo-4zs.com], contains three component parts before the “.com”: (1) the ASCII compatible encoding (ACE) prefix “xn--”, which designates an IDN (or a domain name containing one or more non-ASCII characters) converted into Punycode; (2) “eo”, being those characters in the particular domain name that are permitted ASCII characters; (3) “4zs”, which signifies (a) that the character to be inserted is Unicode character U+1E63, defined as “Latin small letter s with dot below”, and (b), that its position is after “eo”, thus resolving to “eoṣ”.
If either <eoṣ.com> (by cutting and pasting, or by clicking a link) or [xn--eo-4zs.com] is inserted into an Internet browser, it will lead to the same website.
B. Identical or Confusingly Similar
The determination of confusing similarity requires an objective comparison of the disputed domain name with the Complainant’s trademark. The Panel finds it likely that many Internet users, on seeing the disputed domain names <eoṣ.com>, <ẹos.com> or <eọs.com> would disregard the respective underdots and would find the disputed domain names confusingly similar to the Complainant’s trademark EOS. Accordingly the Panel finds for the Complainant under paragraph 4(a)(i) of the Policy.
C. Rights or Legitimate Interests
The Complainant says that the Respondent is not a licensee of the Complainant and has not been permitted to use the Complainant’s trademark, which was registered before the disputed domain name. Accordingly, the Complainant has made a prima facie case that the Respondent has no rights or legitimate interests in the disputed domain names.
Paragraph 4(c) of the Policy provides for the Respondent to contest the Complainant’s prima facie case under paragraph 4(a)(ii) of the Policy and to establish rights or legitimate interests in each disputed domain name by demonstrating, without limitation:
“(i) before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or
(ii) you (as an individual, business, or other organization) have been commonly known by the domain name, even if you have acquired no trademark or service mark rights; or
(iii) you are making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue”.
The Respondent has not asserted any rights or legitimate interests in the disputed domain names with reference to paragraphs 4(c)(i), (ii) or (iii) of the Policy, or otherwise. The Panel has seen no evidence to the effect that the disputed domain names have been used in connection with a bona fide offering of goods or services, or that the Respondent has been known by any of them, or that their use has been noncommercial or fair, within the meaning of paragraph 4(c) of the Policy. The Panel finds that the Respondent does not have rights or legitimate interests in respect of the disputed domain names and accordingly finds for the Complainant under paragraph 4(a)(ii) of the Policy.
D. Registered and Used in Bad Faith
The Complainant must prove under paragraph 4(a)(iii) of the Policy that the disputed domain names have been registered and are being used in bad faith. Paragraph 4(b) of the Policy lists four alternative circumstances, without limitation, that shall be evidence of the registration and use of a domain name in bad faith by a respondent, namely:
“(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or
(ii) you have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such conduct; or
(iii) you have registered the domain name primarily for the purpose of disrupting the business of a
(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your website or location or of a product or service on your website or location”.
The examples provided in paragraph 4(b) of the Policy are particularly applicable where a respondent has directed its activities towards a specific complainant. The present case is unusual in that the Complaint is not brought by a targeted holder of EOS cryptocurrency or a company or entity concerned in that business, but by the Complainant, unconcerned with cryptocurrency, as having suffered alleged collateral damage to its reputation and disruption of its business from the Respondent’s activities. The provisions of paragraph 4(b) of the Policy are, however, without limitation and are subservient to the more general requirement under paragraph 4(a)(iii) of the Policy to determine whether the disputed domain name “has been registered and is being used in bad faith”.
The disputed domain name <ẹos.com>, which is distinguished by having been used, will be considered first.
The Complainant’s trademark EOS is used in connection with satellites, spacecraft and imagery. It appears from the evidence that EOS is also the name of an incipient form of cryptocurrency or blockchain technology unconnected with the Complainant. The Complainant has produced a four-page screen capture from another website, “www.medium.com”, which appears to be in the nature of advice or warnings directed towards people interested in cryptocurrency or blockchain technology. The warnings report that some holders of EOS cryptocurrency have fallen victim to various phishing scams in consequence of which they have been defrauded of digital currency. Specifically, according to the warning, victims have received emails with false promises urging them to visit the website “www.ẹos.com/airdrop/”, which incorporates the disputed domain name <ẹos.com>. From there they have been directed to visit a fake representation of the cryptocurrency wallet website “www.myetherwallet.com” (in which, the Panel notes in passing, the letters “a” and “t” in the word “wallet” were substituted with non-ASCII characters to form “wạlleṫ”), whereupon the victims have been tricked into disclosing the information that enabled others to access their wallets.
The Complainant has produced evidence of the deception of Internet users and damage to the Complainant’s reputation attributable to the above scam. In the first instance, the Complainant’s service provider wrote to say, “Please review the attached complaint below regarding the domain name eos.com. According to the complaint the domain name eos.com is involved in fraudulent activities. Please take appropriate action”. The forwarded original complaint notably had the subject heading “eos.com” (being the Complainant’s legitimate domain name) whereas the message body stated “this domain is being used for a ‘phishing’ scam involving EOS crypto currency https://ẹos.com/airdrop/”, referring to the disputed domain name.
An email from another individual to the Complainant said in part, “I followed a link on an email I received with regards to an Airdrop from EOS. The next thing my whole ether wallet is empty”.
A third complaining person wrote to the Complainant: “I understand you will make a drop for customers who hold EOS. I do not know what I should do in order to qualify for the airdrop. My current holding is more than 100 eos. I did not get airdrop on April 15. Kindly advise me the steps I need to take in order to get the airdrop”.
The Complainant has no connection with EOS cryptocurrency and the three complaining persons above had confused the disputed domain name <ẹos.com> with the Complainant.
The examples of bad faith outlined in paragraph 4(b) of the Policy are not expected to fit every case precisely. In respect of the disputed domain name <ẹos.com>, the Panel finds on the totality of the evidence, and on the balance of probabilities, that it has been used as an integral part of a scheme in which individuals have been induced to visit a phishing website and have consequently been defrauded of EOS assets. The Complainant has suffered collateral damage as a result. The Panel finds that the disputed domain name <ẹos.com> has been used in bad faith, and was registered for that purpose.
The disputed domain names <eoṣ.com> and <eọs.com> appear to have been passively held at all relevant times and there is no evidence of their use for websites or email addresses. The disputed domain name <ẹos.com> is apparently now parked or passively held and the discussion below applies to it also.
Non-use for an active website or email address does not preclude a finding of use of a disputed domain name in bad faith. As observed as long ago as 2000 by the respective panelist in Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003, and widely cited in decisions since, the issue may be “not whether the Respondent is undertaking a positive action in bad faith in relation to the domain name, but instead whether, in all the circumstances of the case, it can be said that the Respondent is acting in bad faith”.
The Respondent has exercised some technical guile in the creation of three disputed domain names in which the letters “e”, “o” and “s” have been replaced with underdot equivalents found in the extended Unicode list as U+1EB9 (“ẹ”), U+1ECD (“ọ”) and U+1E63 (“ṣ”) respectively. The differences are, and are doubtless intended to be, deceptive and easily overlooked or ignored, and has actually happened according to the evidence in respect of the disputed domain name <ẹos.com>. It is of no consequence that the target of the deception, as is clear from the evidence, was more likely cryptocurrency users than the Complainant. The Complainant has produced evidence of damage to its reputation and has standing to bring the Complaint. The Respondent has not provided any evidence of use or intended use of the disputed domain names in good faith and the Panel does not find it possible to conceive of any plausible legitimate use. The Respondent has obscured its identity behind a privacy service and has ignored the Center’s contact attempts in circumstances that the Panel finds more probably than not amount to an attempt to frustrate the service of proceedings. Any failure to maintain correct contact details is a violation of paragraph 13 of the Registration Agreement between the Respondent and the Registrar.
On the totality of the evidence and the balance of probabilities, the Panel finds the disputed domain names to have been registered and used in bad faith within the contemplation of paragraph 4(a)(iii) of the Policy.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain names, <eoṣ.com> [xn--eo-4zs.com], <eọs.com> [xn--es-68s.com], and <ẹos.com> [xn--os-g7s.com] be transferred to the Complainant.
Dr. Clive N.A. Trotman
Date: August 3, 2018