Cboe Global Markets, Inc., Cboe Exchange, Inc. and European Central Counterparty N.V v. Szhi Chu / Gamma Ray Technologies
Claim Number: FA2207002004128
Complainant is Cboe Global Markets, Inc., Cboe Exchange, Inc. and European Central Counterparty N.V (“Complainant”), represented by Kevin M. Bovard of Baker & Hostetler LLP, Pennsylvania, USA. Respondent is Szhi Chu / Gamma Ray Technologies (“Respondent”), California, USA.
REGISTRAR AND DISPUTED DOMAIN NAME
The domain name at issue is <europeccp.com>, registered with NameCheap, Inc..
The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.
Richard Hill as Panelist.
Complainant submitted a Complaint to the Forum electronically on July 13, 2022; the Forum received payment on July 13, 2022.
On July 13, 2022, NameCheap, Inc. confirmed by e-mail to the Forum that the <europeccp.com> domain name is registered with NameCheap, Inc. and that Respondent is the current registrant of the name. NameCheap, Inc. has verified that Respondent is bound by the NameCheap, Inc. registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (the “Policy”).
On July 18, 2022, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of August 8, 2022 by which Respondent could file a Response to the Complaint, via e-mail to all entities and persons listed on Respondent’s registration as technical, administrative, and billing contacts, and to postmaster@europeccp.com. Also on July 18, 2022, the Written Notice of the Complaint, notifying Respondent of the e-mail addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent’s registration as technical, administrative and billing contacts.
Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default.
On August 13, 2022, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed Richard Hill as Panelist.
Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum's Supplemental Rules and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.
Complainant requests that the domain name be transferred from Respondent to Complainant.
PRELIMINARY ISSUE: MULTIPLE COMPLAINANTS
Paragraph 3(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”) provides that “[a]ny person or entity may initiate an administrative proceeding by submitting a complaint.” The Forum’s Supplemental Rule 1(e) defines “The Party Initiating a Complaint Concerning a Domain Name Registration” as a “single person or entity claiming to have rights in the domain name, or multiple persons or entities who have a sufficient nexus who can each claim to have rights to all domain names listed in the Complaint.”
There are three Complainants in this matter: Cboe Global Markets, Inc., Cboe Exchange, Inc., and European Central Counterparty N.V.. Cboe Exchange, Inc., and European Central Counterparty N.V. are wholly owned subsidiaries of Cboe Global Markets, Inc..
Previous panels have interpreted the Forum’s Supplemental Rule 1(e) to allow multiple parties to proceed as one party where they can show a sufficient link to each other. For example, in Vancouver Org. Comm. for the 2010 Olympic and Paralymic Games & Int’l Olympic Comm. v. Malik, FA 666119 (Forum May 12, 2006), the panel stated:
It has been accepted that it is permissible for two complainants to submit a single complaint if they can demonstrate a link between the two entities such as a relationship involving a license, a partnership or an affiliation that would establish the reason for the parties bringing the complaint as one entity.
In Tasty Baking, Co. & Tastykake Invs., Inc. v. Quality Hosting, FA 208854 (Forum Dec. 28, 2003), the panel treated the two complainants as a single entity where both parties held rights in trademarks contained within the disputed domain names. Likewise, in Am. Family Health Srvs. Group, LLC v. Logan, FA 220049 (Forum Feb. 6, 2004), the panel found a sufficient link between the complainants where there was a license between the parties regarding use of the TOUGHLOVE mark.
The Panel finds that the evidence in the Complaint is sufficient to establish a sufficient nexus or link between the Complainants, and thus it will treat them as a single entity in this proceeding.
A. Complainant
Complainant states that it provides securities and derivatives exchanges and equities clearing and settlement services. Complainant has rights in the EUROCCP mark through its registration with multiple trademark agencies including in the European Union in 2014.
Complainant alleges that the disputed domain name is identical or confusingly similar to its EUROCCP mark as it consists of a misspelling of the mark (“Euro” is replaced with “Europe”) with the addition of the “.com” generic top-level domain (“gTLD”). Complainant cites UDRP precedents to support its position.
According to Complainant, Respondent lacks rights or legitimate interests in the disputed domain name. Respondent is not commonly known by the disputed domain name, nor has Complainant authorized or licensed Respondent to use its EUROCCP mark in any way. Respondent does not use the disputed domain name for any bona fide offering of goods or services, nor for a legitimate noncommercial or fair use, but instead uses it to pass off as Complainant in emails which phish for the login information of Complainant’s employees. Specifically, Respondent, impersonating itself as Complainants’ Human Resources department through the use of the disputed domain name as part of the email address, sent an email to Complainants’ employees with a malicious document attachment, stating that “this link will work for anyone at Cboe [one of Complainant’s companies]”; the attachment leads to a phishing webpage that asks for login information. Complainant cites UDRP precedents to support its position.
Further, says Complainant, Respondent registered and uses the disputed domain name in bad faith. Respondent passes off as Complainant while phishing for personal information. Respondent engages in typosquatting, used a privacy service to hide its identity, and provided false contact information. Respondent registered and uses the disputed domain name with actual knowledge of Complainant’s rights in the EUROCCP mark. Complainant cites UDRP precedents to support its position.
B. Respondent
Respondent failed to submit a Response in this proceeding.
Complainant owns the mark EUROCCP and uses it to provide securities and derivatives exchanges and equities clearing and settlement services.
Complainant’s rights in its mark date back to 2014.
The disputed domain name was registered in 2022.
Complainant has not licensed or otherwise authorized Respondent to use its mark.
The disputed domain name is used in furtherance of a fraudulent email phishing scheme; the fraudulent emails refer to the name of one of Complainant’s companies.
Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."
Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:
(1) the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(2) Respondent has no rights or legitimate interests in respect of the domain name; and
(3) the domain name has been registered and is being used in bad faith.
In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a) and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Jurisprudential Overview 3.0 at ¶ 4.3; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (“Because Complainant did not produce clear evidence to support its subjective allegations [. . .] the Panel finds it appropriate to dismiss the Complaint”).
The disputed domain name consists of a misspelling of Complainant’s EUROCCP mark (“Euro” is replaced with “Europe”) with the addition of the “.com” generic top-level domain (“gTLD”). Under Policy ¶ 4(a)(i), a domain name is generally considered confusingly similar to the mark it incorporates where it adds letters and the “.com” gTLD. See Home Depot Product Authority, LLC v. Angelo Kioussis, FA 1784554 (Forum June 4, 2018) (“The domain name contains the mark in its entirety, with only the addition of the generic letters ‘sb’ and the digits ‘2018,’ plus the generic Top Level Domain (“gTLD”) ‘.com.’ These alterations of the mark, made in forming the domain name, do not save it from the realm of confusing similarity under the standards of the Policy.”); see also Bittrex, Inc. v. Sergey Valerievich Kireev / Kireev, FA 1784651 (Forum June 5, 2018) (holding that the domain name consists of the Complainant’s mark and adds “the letters ‘btc’ and the gTLD .com which do not distinguish the Domain Name from Complainant’s mark.”).
Further, according to 1.7 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Jurisprudential Overview 3.0”): “In specific limited instances, while not a replacement as such for the typical side-by-side comparison, where a panel would benefit from affirmation as to confusing similarity with the complainant’s mark, the broader case context such as website content trading off the complainant’s reputation … may support a finding of confusing similarity.” In the instant case, the disputed domain name is used in furtherance of a fraudulent email phishing scheme; the fraudulent email refers to the name one of Complainant’s companies. The Panel finds that these circumstances support a finding of confusing similarity.
For all the above reasons, the Panel finds that the disputed domain name is confusingly similar to Complainant’s mark under Policy ¶ 4(a)(i).
Complainant has not licensed or otherwise authorized Respondent to use its mark. Respondent is not commonly known by the disputed domain name: under Policy ¶ 4(c)(ii), relevant WHOIS information may demonstrate that a respondent is not commonly known by a disputed domain name. See PragmaticPlay Limited v. Robert Chris, FA2102001932464 (Forum Mar. 23, 2021) (“The WHOIS information of record lists the registrant as “Robert Chris,” and no other information of record suggests Respondent is commonly known by the domain name. Therefore, the Panel finds that Respondent is not commonly known by the disputed domain name under Policy ¶ 4(c)(ii).”). Here, the WHOIS information identifies the registrant as “Szhi Chu”. Thus the Panel finds that Respondent is not commonly known by the disputed domain name under Policy ¶ 4(c)(ii).
Respondent uses the disputed domain name to pass off as Complainant while phishing for information. Specifically, Complainant provides evidence showing that Respondent used the disputed domain name in an email to Complainant’s employees which impersonated the Human Resources department and invited them to click on a link; that link lead to a website that asked the employees to enter their login information. Under Policy ¶¶ 4(c)(i) and (iii), passing off as a complainant while phishing is not a bona fide offering of goods or services, nor a legitimate noncommercial or fair use. See DaVita Inc. v. Cynthia Rochelo, FA 1738034 (Forum July 20, 2017) (”Passing off in furtherance of a phishing scheme is not considered a bona fide offering of goods or services or legitimate noncommercial or fair use.”). Thus the Panel finds that Respondent fails to use the disputed domain name to make a bona fide offering of goods or services, or a legitimate noncommercial or fair use under Policy ¶¶ 4(c)(i) or (iii). And the Panel finds that Respondent does not have rights or legitimate interests in the dispute domain name.
Respondent (who did not reply to Complainant’s contentions) has not presented any plausible explanation for its use of Complainant’s mark. In accordance with paragraph 14(b) of the Rules, the Panel shall draw such inferences from Respondent’s failure to reply as it considers appropriate. Accordingly, the Panel finds that Respondent did not have a legitimate use in mind when registering the disputed domain name.
Indeed, as already noted, Respondent uses the disputed domain name to pass off as Complainant in furtherance of a phishing scheme. Under Policy ¶ 4(a)(iii), phishing for personal information is evidence of bad faith registration and use. See Qatalyst Partners LP v. Devimore, FA 1393436 (Forum July 13, 2011) (finding that using the disputed domain name as an e-mail address to pass itself off as the complainant in a phishing scheme is evidence of bad faith registration and use). Thus the Panel finds that Respondent registered and uses the disputed domain name in bad faith under Policy ¶ 4(a)(iii).
Further, Respondent engaged in typosquatting. A finding of typosquatting can evince bad faith under Policy ¶ 4(a)(iii). See Webster Financial Corporation and Webster Bank, National Association v. Zhichao Yang, FA2110001970133 (Forum Nov. 24, 2021) (“Typosquatting is a practice whereby a domain name registrant deliberately introduces typographical errors or misspellings into a domain name hoping that internet users will inadvertently type the malformed string when searching for products or services associated with the target trademark, or will otherwise confuse the misspelled trademark laden domain name with its target trademark, a web address, an email address, or some other reference to the mark holder.”); see also Computerized Sec. Sys., Inc. v. Hu, FA 157321 (Forum June 23, 2003) (finding that the respondent engaged in typosquatting, which is evidence of bad faith registration and use under Policy ¶ 4(a)(iii)); see also Sports Auth. Mich., Inc. v. Skander, FA 135598 (Forum Jan. 7, 2002) (stating that “[b]y registering the ‘typosquatted’ domain name in [Complainant’s] affiliate program, Respondent profits on the goodwill of [Complainant’s] protected marks and primary Internet domain names,” which is evidence of bad faith registration and use). As such, the Panel finds bad faith typosquatting under Policy ¶ 4(a)(iii).
Furthermore, Respondent provided false contact information when registering the disputed domain name: the street address in the WHOIS does not exist. Under Policy ¶ 4(a)(iii), providing false or misleading contact information may contribute to a finding of bad faith. See Farouk Systems, Inc. v. Jack King / SLB, FA1505001618704 (Forum June 19, 2015) (finding bad faith registration and use pursuant to Policy ¶ 4(a)(iii) where the respondent had provided false contact information when registering the disputed domain name). Thus the Panel finds that Respondent registered and uses the disputed domain name in bad faith under Policy ¶ 4(a)(iii) on this ground also.
Finally, Respondent has actual knowledge of Complainant’s mark when it registered the disputed domain name: as already noted, the fraudulent email sent to Complainants’ employee posed as “Human Resources” and stated that anyone at one of Complainant’s companies could open the link; it is inconceivable that Respondent could have registered the disputed domain name, wrote to one of Complainants’ employees, and said that the link could be opened by anyone at one of Complainants’ company, without being aware of Complainant and its trademark. While constructive notice is insufficient to demonstrate bad faith, actual knowledge of a complainant’s rights in a mark prior to registration may be evidence of bad faith per Policy ¶ 4(a)(iii). See Custom Modular Direct LLC v. Custom Modular Homes Inc., FA 1140580 (Forum Apr. 8, 2008) (“There is no place for constructive notice under the Policy.”); see also Am. Online, Inc. v. Miles, FA 105890 (Forum May 31, 2002) (“Respondent is using the domain name at issue to resolve to a website at which Complainant’s trademarks and logos are prominently displayed. Respondent has done this with full knowledge of Complainant’s business and trademarks. The Panel finds that this conduct is that which is prohibited by Paragraph 4(b)(iv) of the Policy.”). The Panel finds that Respondent had actual knowledge of Complainant’s rights in the mark prior to Respondent’s registration of the disputed domain name and that this constitutes bad faith registration and use under Policy ¶ 4(a)(iii).
Having established all three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.
Accordingly, it is Ordered that the <europeccp.com> domain name be TRANSFERRED from Respondent to Complainant.
Richard Hill, Panelist
Dated: August 15, 2022
Click Here to return to the main Domain Decisions Page.
Click Here to return to our Home Page