Keeper Security, Inc. is a cybersecurity firm that attempted to usurp the domain name Keeper.com – an aged, generic domain name registered in 1995 – by filing a UDRP at the WIPO.
Despite the fact that the Respondent, Lou Crawford, THE KEEPER INC., failed to respond, the WIPO panelist performed enough due diligence leading him to a decision.
The Complainant claimed that the Respondent went out of business and that the domain Keeper.com is under some other party’s control.
The WIPO panelist received no hard evidence of these claims:
The submitted WhoIs evidence shows an unbroken chain of ownership of the Disputed Domain Name by Respondent. There is no evidence Respondent, who registered the Disputed Domain Name in 1995, has transferred it to anyone.
Furthermore, the Panelist pointed out that the domain’s registration in 1995 predates the Complainant’s registration of a text-only KEEPER mark in 2011 by numerous years. Lastly, the Complainant’s claims that the domain was used to distribute malware were not proven.
Final decision: Deny the transfer of the domain name Keeper.com to the Complainant.
The domain transfer was denied.
ARBITRATION AND MEDIATION CENTER
ADMINISTRATIVE PANEL DECISION
Keeper Security, Inc. v. Lou Crawford, THE KEEPER INC.
Case No. D2024-26091. The Parties
Complainant is Keeper Security, Inc., United States of America (hereinafter “United States”), represented by Latimer LeVay Fyock, LLC, United States.
Respondent is Lou Crawford, THE KEEPER INC., United States.
2. The Domain Name and Registrar
The disputed domain name keeper.com (hereinafter “Disputed Domain Name”) is registered with GoDaddy.com, LLC (the “Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on June 24, 2024. On June 27, 2024, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Disputed Domain Name. On June 27, 2024, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Disputed Domain Name which differed from the named Respondent (REGISTRATION PRIVATE, Domains By Proxy, LLC) and contact information in the Complaint. The Center sent an email communication to Complainant on July 2, 2024, providing the registrant and contact information disclosed by the Registrar, and inviting Complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on July 7, 2024.
The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on July 12, 2024. In accordance with the Rules, paragraph 5, the due date for Response was August 1, 2024. Respondent did not submit any response. Accordingly, the Center notified Respondent’s default on August 8, 2024.
The Center appointed Lawrence K. Nodine as the sole panelist in this matter on August 16, 2024. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
4. Factual Background
Complainant is a cybersecurity company founded in 2009 and headquartered in Chicago, Illinois. Complainant provides security and encryption software covering functions such as password and passkey management, secrets management, privileged access management, secure remote access and encrypted messaging.
Complainant’s primary domain name is keepersecurity.com.
Complainant has used the service mark KEEPER (hereinafter the “Mark”) since its inception in 2009. Complainant also owns United States Registration No. 3,719,919 (registered on December 1, 2009) for the Mark plus a design (an image of a lock). Complainant owns United States Registration No. 3,965,190 (registered on May 24, 2011) for the Mark in plain type without a design.
The Disputed Domain Name was registered in 1995. For many years Respondent appears to have been a legitimate business offering to sell menstrual cups. However, in 2023 some customers filed complaints with “Better Business Bureau” agencies complaining that paid orders were not received.
In 2022, Complainant received the first of several reports that visitors to the Disputed Domain Name were infected by malware. Complainant sent several messages to Respondent, both email and letter, based on the available contact information, but received no response.
Complainant commissioned a private investigator who reported that:
– The telephone number listed for Respondent has been disconnected.
– The contact information found in “about” tab on the Disputed Domain Name website lists “The Keeper, Inc.” at an Ohio address.
– The telephone number routes to an automated answer with information about an unrelated product.
– There is no record that “The Keeper, Inc.” has been dissolved.
– There is an incorporation for a company called The Moon Cup LLC associated with “The Keeper Inc.” which sold a product called Moon Cup previously.
– The number associated with The Moon Cup no longer claims to sell this product.
– Based on a reasonable investigation and due diligence, the investigator is of the opinion that both The Keeper, Inc. and Moon Cup LLC are out of business.5. Parties’ Contentions
A. Complainant
Complainant contends that “[i]t is the reasonably justified belief of Complainant that [Respondent] no longer controls the Disputed Domain Name and that by at least 2022 another entity had taken control of the Disputed Domain Name as it makes absolutely no sense for a legitimate business to want to allow or to cause malware to be downloaded on user’s computers. Further Complainant believes, based on all of these factors and the investigation performed, that this other entity renewed the Disputed Domain Name on May 30, 2024, without authorization of [Respondent] and for nefarious purposes.”
B. Respondent
Respondent did not reply to Complainant’s contentions.
6. Discussion and Findings
A. Identical or Confusingly Similar
It is well accepted that the first element functions primarily as a standing requirement. The standing (or threshold) test for confusing similarity involves a reasoned but relatively straightforward comparison between Complainant’s trademark and the disputed domain name. WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition, (“WIPO Overview 3.0”), section 1.7.
Complainant has shown rights in respect of a trademark or service mark for the purposes of the Policy. WIPO Overview 3.0, section 1.2.1.
The entirety of the Mark is reproduced within the Disputed Domain Name. Accordingly, the Disputed Domain Name is identical to the mark for the purposes of the Policy. WIPO Overview 3.0, section 1.7.
The Panel finds the first element of the Policy has been established.
B. Rights or Legitimate Interests
Because the Panel finds that Complainant has not satisfied the third element of the Policy, it will not discuss the second element.
C. Registered and Used in Bad Faith
The Disputed Domain Name was registered in 1995, long before Complainant acquired rights in the Mark in 2009. Subject to exceptions that do not apply here, “where a respondent registers a domain name before Complainant’s trademark rights accrue, panels will not normally find bad faith on the part of Respondent.” WIPO Overview 3.0, section 3.8.1.
Complainant contends that the bad faith registration requirement is satisfied here because an unknown and unnamed bad actor somehow hijacked the Disputed Domain Name in recent years to distribute malware and that this third parties’ actions are tantamount to a transfer of the domain name. WIPO Overview 3.0, section 3.9 (transfer date treated as registration date). Complainant does not claim to know when the unidentified bad actor started using the Disputed Domain Name for this purpose, but there are several reports since 2021 of Internet users being infected with malware after visiting the Disputed Domain Name website. Complainant supports its argument by combining these malware reports with evidence that Respondent is no longer in business and Respondent’s failure to respond to many efforts to communicate about the malware. Complainant alleges that since 2022 Respondent “no longer controls” the Disputed Domain Name and that an unknown and unnamed third-party bad actor renewed the Disputed Domain Name on May 30, 2024.
The Panel is not in a position to confirm this contention. The submitted WhoIs evidence shows an unbroken chain of ownership of the Disputed Domain Name by Respondent. There is no evidence Respondent, who registered the Disputed Domain Name in 1995, has transferred it to anyone.
Complainant cites no authority for the proposition that a third party’s malicious infection of a website associated with a domain name would satisfy the requirement of bad faith registration. Complainant also fails to support its theory with persuasive evidence. Although the evidence is sufficient to show that visitors to the Disputed Domain Name website have been infected by malware, Complainant offers no evidence about how this is accomplished and, in particular, there is no evidence the alleged bad actors’ actions are so extensive as to constitute a complete takeover of the Disputed Domain Name tantamount to a transfer of ownership, and thereby constitute registration. Complainant’s assertion, for example, that the third party recently renewed the Disputed Domain Name is mere speculation and ignore more likely possibilities, such as Respondent himself renewed the Disputed Domain Name or that it was automatically renewed by default. Regardless, panels have consistently held that renewing a domain name does not constitute registration under the Policy. ownership, and thereby constitute registration. Complainant’s assertion, for example, that the third party recently renewed the Disputed Domain Name is mere speculation and ignore more likely possibilities, such as Respondent himself renewed the Disputed Domain Name or that it was automatically renewed by default. Regardless, panels have consistently held that renewing a domain name does not constitute registration under the Policy. ownership, and thereby constitute registration. Complainant’s assertion, for example, that the third party recently renewed the Disputed Domain Name is mere speculation and ignore more likely possibilities, such as Respondent himself renewed the Disputed Domain Name or that it was automatically renewed by default. Regardless, panels have consistently held that renewing a domain name does not constitute registration under the Policy.
Complainant does not foreclose the possibility that the hypothesized third party’s actions, while malicious, fall short of taking complete control of Respondent’s website and the Disputed Domain Name. The alleged bad actor may have “infected” Respondent’s website resolving from the Disputed Domain Name, but not “taken control” of it so completely as to constitute constructive transfer of ownership of the Disputed Domain Name itself. This distinction is important. If mere infection were enough to be considered a transfer, and thereby satisfy the bad faith registration requirement, this would expose legitimate domain name owners to an accusation of bad faith registration whenever a cyber-criminal infected its website. This is especially problematic given the potential that a domain name owner may not be aware that its website has been infected by bad actors. Moreover, while related, the Panel notes that a website resolving from a domain name and a domain name registration are distinct entities, and that access to the website does not necessarily indicate full control and/or ownership of the domain name itself.
There is evidence that Complainant attempted to put Respondent on notice that its website was being used to distribute malware. If such notice were ignored, and Respondent nonetheless allowed the malware to be distributed, this may be sufficient to show recent bad faith use of the Disputed Domain Name to distribute malware, see WIPO Overview 3.0, sections 2.13 and 3.4, but it is not sufficient to show bad faith registration where, as here, the Disputed Domain Name had been registered in good faith many years before Complainant acquired rights in the trademark it asserts. “If the domain name was not registered bad faith, the complaint will fail even if it can be shown that the domain name was subsequently used in bad faith. This is so no matter how egregious that subsequent bad faith use may be.” Fieldd Pty Ltd v. Jessica Duarte, WIPO Case No. D2022-4980 (Harris, M., dissenting on other issues).
The Panel acknowledges that Complainant has a compelling need to stop the distribution of malware from a website that is identical to its Mark. However, the Policy does not apply in the circumstances of this case.
7. Decision
For the foregoing reasons, the Complaint is denied.
/Lawrence K. Nodine/
Lawrence K. Nodine
Sole Panelist
Date: August 30, 2024
