Zero click redirect landed the #domain Arm.biz in hot water!

The use of zero click redirect landers took Arm.biz away from its Israeli registrant, via the UDRP process.

In a UDRP filed by Arm Limited, United Kingdom, the Complainant argued successfully that the domain was used, via advertising, to redirect visitors to malicious or fraudulent destinations:

  • A “parking” page or Pay Per Click (PPC) page at “www.dsparking.com”, which displays various links utilizing some related to the Complainant’s products and the ARM platform, generating a likelihood of affiliation and confusion the Respondent has not attempted to avoid;
  • A website that allegedly replicates a Microsoft website and displays a pop-up message indicating that the device accessing to this website may be infected, providing a call-in number through which it seeks to persuade users to install software (probably enabling cybercriminals to access to their device), which has no affiliation or association to Microsoft; and
  • A website that tries to mimic McAfee antivirus software provider website and also displays a pop-up message indicating that the device accessing to this website may be infected, offering to perform an antivirus scan, which is not authorized or affiliated with McAfee.

Although it lost the UDRP for Arm.app, the Complainant has succeeded to usurp domains such as Arm.click and Arm.co, along with Arm.ai. It has failed to get the domain Arm.world transferred. The Complainant has active UDRP cases against the domain Arm.global.

Final decision: Transfer Arm.biz to the Complainant, basically due to the claims about malicious content.

Arm Limited v. Domain Admin, Match Domains LLC
Case No. D2021-0971

1. The Parties

The Complainant is Arm Limited, United Kingdom, represented by Quinn IP Law, United States of America (“United States”).

The Respondent is Domain Admin, Match Domains LLC, Israel.

2. The Domain Name and Registrar

The disputed domain name <arm.biz> is registered with Communigal Communications Ltd. (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on March 31, 2021. On March 31, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On April 2, 2021, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent a deficiency notification to the Complainant on April 26, 2021 providing the registrant and contact information disclosed by the Registrar, and requesting the Complainant to submit an amendment to the Complaint. The Complainant filed an amendment to the Complaint on April 30, 2021. On May 2, 2021, the Complainant submitted additional argumentation. On May 12, 2021, the Complainant filed an amended Complaint.

The Center verified that the Complaint together with the amendment to the Complaint and the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on May 12, 2021. In accordance with the Rules, paragraph 5, the due date for Response was June 1, 2021. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on June 16, 2021.

The Center appointed Reyes Campello Estebaranz as the sole panelist in this matter on June 25, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

On July 30, 2021, the Panel issued an administrative procedural order (Procedural Order No. 1), requesting the Complainant to provide a more detailed explanation and clarification concerning various points referred to the affidavit submitted as annex VIII of the Complaint. On August 6, 2021, the Complainant replied to this request.

4. Factual Background

The Complainant is a provider of technology related to various goods and services, which operates since 1990. The Complainant designs sophisticated electronic products, including computer processors, graphics processors, digital memories and peripheral hardware, and provides software, development tools for computer hardware, software, and consultancy services. The Complainant’s processors are used as the main Central Processing Unit (“CPU”) for mobile telephones, as well as for other devices including laptops, tablets, televisions, and other electronic products. Per Complaint, the Complainant has sold over 180 billion products, and its products and services reach over 70 percent of the world’s population.

The Complainant operates under various trademarks including the trademark ARM, owning a large portfolio of trademark registrations comprising this mark in a number of different jurisdictions, including:

– United Kingdom Registration No. UK00002000006, ARM, word, registered on January 29, 1999, in Classes 9, 16, and 42;
– European Union Registration No. 1112986, ARM, word, registered on June 8, 2000, in Classes 9 and 42;
– United States Registration No. 2,332,930, ARM, word, registered on March 21, 2000, in Classes 21, 23, 26, 36, and 38; and
– Israel Registration No. 273622, ARM, word, registered on June 6, 2017, in Classes 9, 16, 35, 37, 38, 41, 42, and 45, (collectively the “ARM mark”).

Prior decisions under the Policy have recognized the goodwill and reputation of the ARM mark, as well as the Complainant’s position as a world leader in the field of technology.1

The Complainant is also the owner of various domain names comprising the ARM mark, including <arm.com> (registered on February 7, 1995), which is linked to its primary corporate website, where the Complainant’s products and services are promoted.

The disputed domain name was registered on May 31, 2009 and it is apparently currently inactive. The access to the disputed domain name is blocked due to security reasons with a message indicating that the access is not secure. According to the evidence provided by the Complainant, the disputed domain name has been linked to an active website, which presented content offering the installation of software. This website displayed a notice indicating that:

“before you continue to arm.biz, by clicking the button you’ll be redirected to the Fire Fox Store and be given the option to install “Safe Search” addon, otherwise skip directly to your destination by clicking the close button to your right. This addon will change your default search engine to your private search domain”.

This notice was followed by an “accept” clicking button.

5. Parties’ Contentions

A. Complainant

Key contentions of the Complaint may be summarized as follows:

The ARM mark is well known, enjoying an extraordinary global marketplace recognition. Various decisions in court cases or administrative proceedings have recognized its reputation.

The disputed domain name incorporates the ARM mark in its entirety, and the addition of the generic Top-Level Domain (“gTLD”) “.biz” is insufficient to avoid the confusing similarity.

The Respondent has no rights or legitimate interests in respect of the disputed domain name. The Respondent is not affiliated with or licensed by Complainant, it is not commonly known by nor has any trademark registrations for the term “arm” or the disputed domain name, and it has not used the disputed domain name in connection with a bona fide offering of goods and/or services or to a legitimate noncommercial or fair use. The disputed domain name is not currently used, albeit recently presented content and attempted to install software on the accessing device prior to redirecting the accessing party to Complainant’s official website “www.arm.com”. On March 11, 2021, the Complainant sent a cease and desist communication to the Respondent through the Registrar, with no response.

The disputed domain name was registered and is being used in bad faith. Given the reputation of the ARM mark and the incorporation in its entirety of this mark in the disputed domain name, the Respondent could not have innocently registered the disputed domain name. The Respondent had constructive notice of the Complainant’s rights and chose to register the disputed domain name targeting the ARM mark to prevent the Complainant from registering a domain name corresponding to this mark, and/or to profit from the reputation of the ARM mark. The disputed domain name is currently inactive and has been used in bad faith. The disputed domain name has been used to attempt to install software (potentially malware according to the Complainant) on the Internet users’ devices accessing to the site that was linked to the disputed domain name before redirecting the users to the Complainant’s official website, creating the false expectation for the users that the disputed domain name was affiliated with the Complainant. Further circumstances that corroborate the Respondent’s bad faith are its failure to respond to the Complainant’s demand letter and the passive holding of the disputed domain name.

The Complainant has cited previous decisions under the Policy, particularly Arm Limited v. Privacy Administrator, Anonymize, Inc. / Sarbel Bandak, WIPO Case No. D2021-0594, which it considers supportive of its position, and requests the transfer of the disputed domain name.

In reply to Procedural Order No. 1, the Complainant indicates the following:

The Respondent uses the disputed domain name to redirect Internet users to unauthorized or malicious websites, including:

– a “parking” page or Pay Per Click (PPC) page at “www.dsparking.com”, which displays various links utilizing some related to the Complainant’s products and the ARM platform, generating a likelihood of affiliation and confusion the Respondent has not attempted to avoid;

– a website that allegedly replicates a Microsoft website and displays a pop-up message indicating that the device accessing to this website may be infected, providing a call-in number through which it seeks to persuade users to install software (probably enabling cybercriminals to access to their device), which has no affiliation or association to Microsoft; and

– a website that tries to mimic McAfee antivirus software provider website and also displays a pop-up message indicating that the device accessing to this website may be infected, offering to perform an antivirus scan, which is not authorized or affiliated with McAfee.
Furthermore, the Complainant’s representative attempted to access the disputed domain name and its firewall restricted its access designating the website as containing malware.

The Complainant provides evidence of the above allegations, including various screenshots and firewall reports.

The person signing the affidavit submitted as annex VIII of the Complaint (Nga Dinh) is identified in the reply to Procedural Order No. 1 as the Chief Administrative Officer of IPWatch Systems Corporation, a technology and legal solutions provider that uses an artificial-intelligence solution to continuously monitor, protect, and enforce trademark rights for a number of clients, including Complainant. Ms. Dinh has worked in her role for IPWatch for over 10 years, and her responsibilities include evaluating data related to the disputed domain name, identifying the malicious use of the disputed domain name.

The disputed domain name incorporates the reputed ARM mark to generate traffic to sites that appear to relate to the Complainant’s products. The website linked to the disputed domain name further offers to install a “Safe Search” add-on feature, without authentication of the source or validity of the offered software, which is evidence of a fraudulent scheme to trick users to download or install malicious content. The use of the disputed domain name for an illegitimate activity is an evidence of bad faith, and damages the reputation of the Complainant and its ARM trademark. Further evidence of the Respondent’s bad faith is its failure to respond to the Complaint, and the use of a Registrar considered by an Awake Security study as mostly hosting malware and browser-based surveillance tools (in almost 60 per cent of its reachable domain names).

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

The Complainant has made the relevant assertions as required by the Policy and the dispute is properly within the scope of the Policy. The Panel has authority to decide the case examining the three elements in paragraph 4(a) of the Policy,2 taking into consideration all of the relevant evidence, annexed material and allegations, and performing some limited independent research under the general powers of the Panel articulated, inter alia, in paragraph 10 of the Rules.
A. Identical or Confusingly Similar

The Complainant indisputably has rights in the registered trademark ARM, both by virtue of its numerous trademark registrations and as a result of its global goodwill and reputation. The disputed domain name incorporates the ARM mark in its entirety, and the gTLD “.biz” is a technical requirement, generally disregarded for the purpose of the analysis of the confusing similarity. See sections 1.7, and 1.11 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition, (“WIPO Overview 3.0”).

Accordingly, this Panel finds that the disputed domain name is identical to the Complainant’s trademark, and the first element of the Policy under paragraph 4(a)(i) has been satisfied.

B. Rights or Legitimate Interests

Although the Complainant bears the ultimate burden of establishing all three elements of paragraph 4(a) of the Policy, prior UDRP panels have recognized that this could result in the often impossible task of proving a negative, requiring information that is primarily if not exclusively within the knowledge of the Respondent. Thus, the consensus view is that paragraph 4(c) of the Policy shifts to the Respondent the burden of coming forward with evidence of rights or legitimate interests in the disputed domain name, once the Complainant has made a prima facie showing indicating the absence of such rights or legitimate interests.

The Complainant’s above-noted assertions and evidence in this case effectively shift the burden of production to the Respondent of producing evidence of rights or legitimate interests in the disputed domain name, providing the circumstances of paragraph 4(c) of the Policy, without limitation, that may establish rights or legitimate interests in the disputed domain name in order to rebut the Complainant’s prima facie case.

However, the Respondent has not replied to the Complainant’s contentions, not providing any explanation or evidence of rights or legitimate interests in the disputed domain name.

A core factor in assessing fair use of the disputed domain name is that it does not falsely suggest affiliation with the Complainant’s trademark. See section 2.5, WIPO Overview 3.0. The disputed domain name incorporates the ARM mark in its entirety being identical to this trademark. Therefore, the Panel considers that there is a risk of implied affiliation.

The Panel, under its general powers included, inter alia, in paragraph 10 of the Rules, has consulted the Internet archive WayBackMachine in relation to the disputed domain name, finding that it seems to have been inactive for a period of time linked to a parking website displaying PPC links (at least between 2014 and 2019).

The evidence provided by the Complainant further shows that the disputed domain name was temporally linked (during 2020) to a website offering the installation of software, which is one of the products and services provided by the Complainant. The Complainant has further alleged and provided evidence (in the form of an attestation and various supporting screenshots and firewall reports), which corroborates that the said website invited Internet users to download software and redirected to various allegedly unauthorized replicated websites from various reputed providers of antivirus software solutions, like Microsoft or McAfee (not being affiliated to these reputed software providers), and evidence related to the use of the disputed domain name in connection to a website displaying promotional PPC links (some related to the Complainant’s products).

The Panel considers that the above-mentioned use of the disputed domain name contributes to a risk of affiliation and confusion, not amounting to a bona fide offering of goods or services.

The Panel further finds remarkable the Respondent’s attitude choosing not to reply to the Complainant’s cease and desist communication or to the Complaint, and apparently taking down the website linked to the disputed domain name.

All these circumstances lead the Panel to conclude that the Complainant has established a prima facie case, not rebutted by the Respondent, and all cumulative facts and circumstances of this case point to consider that the Respondent lacks any rights or legitimate interests in the disputed domain name.

Therefore, the second element of the Policy under paragraph 4(a)(ii) has been established.

C. Registered and Used in Bad Faith

The Policy, paragraph 4(a)(iii), requires that the Complainant establishes that the disputed domain name has been registered and is being used in bad faith.

The applicable standard of proof in UDRP cases is the “balance of probabilities” or “preponderance of the evidence”, being the Panel prepared to draw certain inferences in light of the particular facts and circumstances of the case. See section 4.2, WIPO Overview 3.0.

The Panel notes that the ARM mark has extensive presence over the Internet and it is worldwide used and well known, being unlikely that the Respondent did not have knowledge of this trademark at the time of registration of the disputed domain name. Particularly considering that, according to the content that was included in the website linked to the disputed domain name, the Respondent seems to be if not related to the technological field and the software industry in which the Complainant is well known, at least well versed in such field such that it would likely have been aware of the Complainant and its trademark.

The Complainant has used the ARM mark since 1990 (nearly 20 years before the registration of the disputed domain name), and operates an active website since, at least 1997 at “www.arm.com”. (The Panel under its general powers articulated, has consulted the Internet archive WayBackMachine with reference to the Complainant’s domain name <arm.com>.)

It is further to be noted that the Respondent either apparently operates in the same field of technology as the Complainant or is at least very familiar with it given the various attempts to install malware on users devices, which implies the likelihood of its knowledge of the Complainant and its reputed trademark. Additionally, in the Panel’s view it would be normal for a registrant to do a search for the registration of any domain name, which at the time of the registration of the disputed domain name may certainly revealed the Complainant’s domain name <arm.com> as already registered an unavailable, leading the Respondent to the Complainant, its reputed trademark, and its official website – and to the available disputed domain name.

Furthermore, all cumulative circumstances of this case point to bad faith registration and use of the disputed domain name:

(i) the disputed domain name incorporates the ARM mark in its entirety being identical to this trademark, which creates an intrinsic likelihood of confusion and affiliation;

(ii) the Complainant’s trademark is well known worldwide;

(iii) the Complainant operates globally including the country (Israel) where the Respondent is located according to the WhoIs record of the disputed domain name;

(iv) the Respondent used a privacy registration service;

(v) according to the evidence provided by the Complainant, the website that was linked to the disputed domain name at one time (i.e., while not seeking to distribute malware) targeted the Complainant and its trademark, allegedly directing to a promotional website displaying PPC links, including links to the Complainant’s products; and, subsequently, the disputed domain name has been linked to a website with a pop-up message indicating that the accessing device may be infected and redirecting to websites that apparently replicated (with no authorization) the official websites of other reputed software companies, in the same field of technology as the Complainant, unrelated to the Complainant and its reputed ARM trademark;

(vi) the Respondent did not reply to the cease and desist communication sent by the Complainant through the Registrar or to the Complaint, not offering any explanation of any rights or legitimate interests in the disputed domain name and not coming forward to deny the Complainant’s assertions of bad faith; and

(vii) the Respondent’s reaction to the cease and desist communication and/or to the Complaint has apparently been taking down the website that was linked to the disputed domain name.

It is further to be noted that the current non-use of the disputed domain name does not prevent a finding of bad faith under the doctrine of passive holding. See section 3.3, WIPO Overview 3.0.

In light of the above, taking into consideration all cumulative facts and circumstances of this case, in a balance of probabilities, the Panel considers that the disputed domain name was registered and is being used in bad faith, with the intention of obtaining a free ride on the established reputation of the Complainant. The disputed domain name was registered and used for targeting the Complainant and its reputed trademark, intentionally creating a likelihood of confusion as to the affiliation or association to misleadingly attract Internet users to the Respondent’s website to promote its software.

It is further probable that the Respondent acted in bad faith with the intention to introduce malware in the devices of the Internet users accessing to its website accepting the installation of its software, which may have been used to obtain sensitive private information from its websites’ visitors.

Accordingly, the Panel concludes that the Complainant has met its burden of establishing that the disputed domain name has been registered and is being used in bad faith.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name, <arm.biz> be transferred to the Complainant.

Reyes Campello Estebaranz
Sole Panelist
Date: August 9, 2021

Copyright © 2024 DomainGang.com · All Rights Reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available