Equifax Inc. v Stipe Ljubicic

ARBITRATION

AND

ADMINISTRATIVE PANEL DECISION

Equifax Inc. v. Stipe Ljubicic

Case No. D2023-2616

1. The Parties

The Complainant is Equifax Inc., United States of America (“United States”), represented by The GigaLaw

Firm, Douglas M. Isenberg, Attorney at Law, LLC, United States.

The Respondent is Stipe Ljubicic, Croatia.

2. The Domain Name and Registrar

The disputed domain name <securityequifax2017.com> is registered with NameCheap, Inc. (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on June 17, 2023.
On June 19, 2023, the Center transmitted by email to the Registrar a request for registrar verification in
connection with the disputed domain name. On June 19, 2023, the Registrar transmitted by email to the
Center its verification response disclosing registrant and contact information for the disputed domain name
which differed from the named Respondent (Privacy service provided by Withheld for Privacy ehf) and
contact information in the Complaint. The Center sent an email communication to the Complainant on
June 20, 2023, providing the registrant and contact information disclosed by the Registrar, and inviting the
Complainant to submit an amendment to the Complaint. The Complainant filed an amendment to the

Complaint on the same day.

The Center verified that the Complaint together with the amendment to the Complaint satisfied the formal
requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for
Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for
Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the the due date for Response was July 13, 2023. The Response was filed with the Center on July 13, 2023.

The Center appointed Willem J. H. Leppink as the sole panelist in this matter on July 19, 2023. The Panel
finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and
Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the
Rules, paragraph 7.

page 2

4. Factual Background

The following facts are undisputed.

The Complainant is owner of the well-known trademark EQUIFAX, which it uses in the United States and internationally. The Complainant is a provider of information solutions and human resources business process outsourcing services for businesses, governments, and consumers. These services include credit checks and reporting. Its business goes back to 1913 (and its predecessor company dates back to 1899) and it started using and registering the trademark EQUIFAX in 1975. Headquartered in Atlanta, Georgia (USA), the Complainant operates or has investments in 24 countries in North America, Central and South America, Europe, and the Asia Pacific region. The Complainant employs approximately 11,000 people worldwide.

The Complainant owns more than 200 trademark registrations worldwide consisting of or containing the
element EQUIFAX, e.g., United States registration for EQUIFAX 1,027,544 (first used in commerce

March 4, 1975; registered December 16, 1975).

The disputed domain name was registered on November 28, 2018.

At the time of filing the complaint, the disputed domain name resolved to website that includes blog posts
about hacking, the top post of which carries the headline, “How to Hack a Twitter Account Password – 2023

Methods, Multiple Methods, by SecurityEquifax blog” (“Website”).

5. Parties’ Contentions

A. Complainant

To the extent relevant, the Complainant contends the following.

The Complainant is the owner of many registrations consisting of or including the element EQUIFAX and that it has a strong reputation for the services under this trademark. It has a strong U.S. and international presence, also under the domain name, <equifax.com>.

The disputed domain name is confusingly similar to the above-mentioned EQUIFAX trademark, as it contains the EQUIFAX Trademark in its entirety, simply adding the word “security” and the year “2017”.

The Complainant alleges that the Respondent has no rights or legitimate interests in the disputed domain
name, which was registered and used in bad faith. Finally, the Complainant refers to a number of previous
UDRP decisions where the well-known status of its trademark was confirmed.

Furthermore, at least three security vendors have reported that the disputed domain name is being used in connection with malware or phishing activities. Also on the Website posts are included about hacking – the top post of which carries the headline, “How to Hack a Twitter Account Password – 2023 Methods, Multiple Methods, by SecurityEquifax blog”.

In the amendment to the Complaint, filed after the identity of the Respondent had been revealed, the name dispute proceeding, under the Policy, being Snap Inc. v. Stipe Ljubicic, Forum Claim No. 2036257.

B. Respondent

To the extent relevant, the Respondent contends the following.

page 3

The Respondent bought the disputed domain name in October 2019, from a private domain seller her found on some Internet marketing forum. The Complainant owned disputed domain name in 2017, but the Complainant decided to drop it and stop using it anymore after 2017, and as a result the registration of the disputed domain name expired and was available to registration.

From the beginning, the Respondent created content for the website to which the disputed domain name resolved. He added a disclaimer notice on his homepage, and also on his “About Us” page, explaining that that website was not associated and have nothing to do with the Complainant and refers to the Web Archive history of that website. Since 2018, the disputed domain name shows parked domain content. The Respondent has never tried to mislead anyone thinking that the website belongs to the Complainant. The content on the Website is just a small cybersecurity blog where the Respondent is selling guest posts to other Internet marketers. The Respondent registered the disputed domain name as rather than registering a fresh new and unique domain name, dropped domain names with a usage history have more power to rank on the search engines websites.

The disputed domain name automatically redirects itself to <crazygreek.co.uk> and the Respondent is planning to keep the disputed domain name in the future, so the Complainant does not have to worry about cybersquatting.

6. Discussion and Findings

Pursuant to paragraph 4(a) of the Policy, the Complainant must prove each of the following three elements:

(i)        the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and

(ii)       the Respondent has no rights or legitimate interests in respect of the disputed domain name; and

(iii)      the disputed domain name has been registered and are being used in bad faith

A. Identical or Confusingly Similar

The Complainant has sufficiently proven to have rights in the trademark EQUIFAX.

The trademark is fully integrated in the disputed domain name. The element “Equifax” stands out in the disputed domain name. Only the elements “security” and (obviously) the year “2017” were added.

As set out in the Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition “the WIPO Overview 3.0”), section 1.8, the addition of other terms would not prevent a finding that a domain name is confusingly similar to the relevant mark for purposes of the first element. The trademark is clearly

recognizable in the disputed domain name. The addition of the two terms does not prevent a finding of

confusing similarity between the disputed domain name and the Complainant’s trademark.

The Panel, therefore, finds that the first element has been satisfied.

B. Rights or Legitimate Interests

The Panel has carefully considered the factual allegations that have been made by the Complainant and are supported by the submitted evidence, as well as the response submitted by the Respondent.

In particular, the Respondent has failed to offer the Panel any of the types of evidence set forth in paragraph 4(c) of the Policy from which the Panel might conclude that the Respondent has rights or legitimate interests in the disputed domain name, such as:

page 4

(i)        use or preparation to use the disputed domain name or a name corresponding to the disputed domain name in connection with a bona fide offering of goods or services prior to notice of the dispute; or

(ii)       being commonly known by the disputed domain name (as an individual, business or other organization) even if the Respondent has not acquired any trademark or service mark rights; or

(iii)      making legitimate noncommercial or fair use of the disputed domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.

Although, the Respondent provided some undated evidence that purports to show that it had created website hack a Twitter account and that the disputed domain name is used in connection with malware or phishing activities. Although this has been clearly brought forward in the complaint, the Respondent has not denied this or given any justification for this. The Panel moreover notes that the Respondent’s own screenshot mentions the Complainant’s own website which is “similar to this one” (the order of the terms “security” and “Equifax” in the Complainant’s site is reversed).
content for the website to which the disputed domain name initially resolved and that this included a
disclaimer, this does not show evidence that there was any connection of the disputed domain name – which
notably trades on the Complainant’s well-known mark – with the bona fide offering of goods or services.

The Respondent is also not known by the disputed domain name and as the Respondent indicated his financial motives, there would not be any legitimate noncommercial or fair use of the disputed domain name.

The Panel, therefore, finds that the second element has been satisfied.

C. Registered and Used in Bad Faith

The Panel finds that the Disputed domain name was registered and is being used in bad faith.

The Panel refers to its considerations under section 6.B and adds the following:

In light of the evidence filed by the Complainant, and in particular the notoriety of the Complainant and the
EQUIFAX trademark and not to mention the fact that the Respondent’s former Website referred to the
Complainant and its similar domain name, the Panel finds that the Respondent must have been aware of the
existence of the Complainant’s activities and rights at the time that the Respondent registered the disputed
domain name. In the response the Respondent also admitted that it registered the disputed domain name
as he was aware that it was a “dropped domain name” with a usage history, as this would have more power
to rank on the search engines websites. The Respondent seems to ignore the fact that such a dropped
domain name would only have “power” because it was earlier developed by someone else; in terms of this
case, the value of the disputed domain name to the Respondent arises from the Complainant’s efforts (and

trademark) and the Respondent is seeking to unfairly capitalize on this.

The Panel finds that this will also apply to the use of disputed domain name by the Respondent, i.e.,
redirecting from the disputed domain name to the Website. The use is solely intended to create traffic to the
Website.

The Panel thus finds that the Respondent has registered and is using the disputed domain name to intentionally attract Internet users for commercial gain by a redirect to the Website by creating a likelihood of confusion with the Complainant’s trademark as to the source, sponsorship, affiliation or endorsement of the Website.

In addition, panels have held that the use of a domain name for illegal activity (e.g., the sale of counterfeit goods or illegal pharmaceuticals, phishing, distributing malware, unauthorized account access/hacking, impersonation/passing off, or other types of fraud) constitutes bad faith, see WIPO Overview 3.0, section 3.4. The Respondent has sidestepped the allegations made by the Complainant in that regard.

page 5

Also, the bad faith is supported by the Complainant’s substantiated allegation that the Respondent has previously been subject to a complaint under the Policy, which has not been rebutted by the Respondent in his response.

The Panel, therefore, finds that the third element has been satisfied.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name, <securityequifax2017.com> be transferred to the Complainant.

/Willem J.H. Leppink/
Willem J. H. Leppink
Sole Panelist
Date: August 2, 2023