WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

Bitdefender IPR Management Limited v. Withheld for Privacy Purposes, Privacy service provided by Withheld for Privacy ehf / Will Smith, ITSecurity

Case No. D2021-2530

1. The Parties

1.1 The Complainant is Bitdefender IPR Management Limited, Cyprus, internally represented.

1.2 The Respondent is Withheld for Privacy Purposes, Privacy service provided by Withheld for Privacy ehf, Iceland / Will Smith, ITSecurity, United States of America (“United States”).

2. The Domain Name and Registrar

2.1 The disputed domain name <antivirusbitdefender.com> (the “Domain Name”) is registered with NameCheap, Inc. (the “Registrar”).

3. Procedural History

3.1. The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on August 4, 2021. At that time the Domain Name was registered in the name of the Registrar’s privacy service provided by Withheld for Privacy ehf. The Panel observes that an article placed on the Registrar’s website with a date of March 4, 2021 (and accessible using the url ”www.namecheap.com/blog/domain-privacy-is-changing-at-namecheap/”), records the adoption of “Withheld for Privacy” as its privacy provider, that this is an entity based in Iceland, but that “Importantly, Withheld for Privacy does not require your personal data, meaning your information is stored and stays with Namecheap” [emphasis in original].

3.2 On August 4, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Name. On August 4, 2021, the Registrar transmitted by email to the Center its verification response disclosing the underlying registrant and contact information for the Domain Name. Although at first sight the information disclosed appears to relate to an individual in New York, no proper street address is given, the relevant Unites States state is specified as Washington State and the contact email provided is a Proton email account.

3.3 The Center sent an email to the Complainant on August 9, 2021, providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on August 10, 2021.

3.4 The Center verified that the Complaint, together with the amended Complaint, satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

3.5 In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on August 16, 2021. In accordance with the Rules, paragraph 5, the due date for Response was September 5, 2021. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on September 7, 2021.

3.6 The Center appointed Matthew S. Harris as the sole panelist in this matter on September 29, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

4.1 The Complainant is a company registered in Cyprus and forms part of the “Bitdefender Group” of companies. Bitdefender Group provides cybersecurity and antivirus software and services, which are used in respect of over 500 million systems around the world.

4.2 The Complainant is the owner of various registered trade marks around the world that incorporate or comprise the term “Bitdefender”. These include:

(i) European Union trade mark no. 002372506 for the word mark BITDEFENDER filed on September 11, 2001 and registered on May 14, 2003 in class 9; and

(ii) International trade mark no. 1086029 registered on June 17, 2011 in class 9 designating and proceeding to grant in multiple territories, including the United States, and taking the following form:

logo

4.3 The Complainant owns various domain names that are used by the Bitdefender Group to promote its activities. These include <bitdefender.com> and <bitdefenderantivirus.com>.

4.4 The Domain Name was registered on June 2, 2021.

4.5 On June 14, 2021, the Complainant made contact with the Registrar online claiming that it had identified a “Command and control server for Cobalt Strike being hosted” from a website using the Domain Name. In the exchange that followed, the Registrar was unwilling to take any action in respect of Domain Name.

4.6 The Complainant subsequently made a complaint to Cherry Servers, an Internet service provider (ISP) operator based in Lithuania that appeared to be hosting this website. Cherry Servers also appears to have refused to take any action but referred the Complainant to the Lithuanian police. On June 28, 2021, the Complainant filed an incident report with the Lithuanian police.

4.7 As at the date of this decision there is no active website operating from the Domain Name.

5. Parties’ Contentions

A. Complainant

5.1 The Complainant refers to its business and marks, alleges that Domain Name has been used to spread malware and describes its dealings with the Registrar, Cherry Servers and the Lithuanian Police.

5.2 So far as the malware allegation is concerned, it asserts:

“[…] our security researchers have identified a command and control server for Cobalt Strike being hosted at www.antivirusbitdefender.com, that is currently served by 5.199.162.111, hosted by CherryServers […], a hosting provider located in Lithuania, Vilnius.

The damage that the [Domain Name] may produce with its illegal activity is significant, as the malware it spreads may lead to stolen banking information, stolen passwords, identity theft and victim’s computer being added to a botnet.”

5.3 It further claims that its conclusions are supported by a third party called “VirusTotal” and supplies a print out in this respect from the VirusTotal website. This is said to show that “three security vendors flagged the [Domain Name] as malicious at the date of the analysis”.

5.4 The Complainant contends that the Domain Name comprises its BITDEFENDER trade mark and the term “Antivirus”. It also contends that the use made by the Respondent of the Domain Name demonstrates a lack of a right or legitimate interest and bad faith registration and use for the purposes of the Policy.

B. Respondent

5.5 The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

6.1 There are no exceptional circumstances within paragraph 5(f) of the Rules so as to prevent this Panel from determining the dispute based upon the Complaint, notwithstanding the failure of the Respondent to lodge a Response.

6.2 Notwithstanding the default of the Respondent, it remains incumbent on the Complainant to make out its case in all respects set out in paragraph 4(a) of the Policy. Namely, the Complainant must prove that:

(i) the Domain Name is identical or confusingly similar to a trade mark or service mark in which the Complainant has rights (paragraph 4(a)(i)); and

(ii) the Respondent has no rights or legitimate interests in respect of the Domain Name (paragraph 4(a)(ii)); and

(iii) the Domain Name has been registered and is being used in bad faith (paragraph 4(a)(iii)).

6.3 However, under paragraph 14(b) of the Rules, where a party does not comply with any provision of the Rules, the Panel shall “draw such inferences therefrom as it considers appropriate”.

A. Identical or Confusingly Similar

6.4 The Complainant has satisfied the Panel that it has registered trade mark rights for the term “Bitdefender” in the form, inter alia, of a word mark. In order to satisfy the first element of the Policy it is usually sufficient for a complainant to show that the relevant mark is “recognizable within the disputed domain name”; as to which see section 1.7 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”).

6.5 The Domain Name can only be sensibly understood as either “bitdefender” or “bit defender” in combination with the word “antivirus” and the “.com” generic Top-Level Domain (“gTLD”). The Complainant’s mark is therefore clearly recognisable in the Domain Name.

6.6 The Complainant has, therefore, satisfied the Panel that the Domain Name is confusing similar to its trade mark and has thereby made out the requirements of paragraph 4(a)(i) of the Policy.

B. Rights or Legitimate Interests and Registered and Used in Bad Faith

6.7 It is usual for panels under the Policy to consider the issues of rights or legitimate interests, and registration and use in bad faith in turn. However, in a case such as this it is more convenient to consider those issues together.

6.8 The Panel accepts the Complainant’s contention that the Domain Name has been registered and is being used to falsely impersonate the Complainant, with a view to spreading malware. The Domain Name not only incorporates the Complainant’s registered trade mark in combination with a term that relates to the Complainant’s business, but also merely reverses the order of these terms in a domain name used by the Complaint. The Panel is also prepared to accept at face value the contention that the Complainant’s security researches have identified a command and control server for Cobalt Strike being hosted at the Domain Name, particularly given the Complainant’s cybersecurity and antivirus software business activities. The third party VirusTotal material supplied by the Complainant is not easy for a non-expert in the field to understand and it is not at all obvious how this document demonstrates that three security vendors flagged the Domain Name as malicious. However, it does make reference to a windows executable file with the name “cobaltstrike_shellcode.exe” and the IP address 5.199.162.111, which is consistent with the Complainant’s allegations.

6.9 There are no rights or legitimate interests in holding a domain name that falsely impersonates a rights holder for the purpose of spreading malware. Further, the registration and use of a domain name for such a purpose involves registration and use in bad faith. These are propositions that should need little authority but for examples of previous UDRP decisions that have held this to be so, see Wikimedia Foundation, Inc. v. Nanci Nette, Name Management Group, WIPO Case No. D2018-0717; and Carvana, LLC v. Domain Privacy, Above.com Domain Privacy, WIPO Case No. D2021-0290.

6.10 A further factor that points to bad faith and which is also consistent with the Complainant’s allegations, is the fact that the registration details for the Domain Name are clearly false.

6.11 In the circumstances, the Complainant has made out the requirements of paragraph 4(a)(ii) and 4(a)(iii) of the Policy.

7. Decision

7.1 For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name, <antivirusbitdefender.com>, be transferred to the Complainant.

Matthew S. Harris
Sole Panelist
Date: October 1, 2021