GitHub, Inc. v Chris Koepke

ARBITRATION

AND

ADMINISTRATIVE PANEL DECISION

GitHub, Inc. v. Chris Koepke

Case No. D2023-2995

1. The Parties

Complainant is GitHub, Inc., United States of America, represented by Chestek Legal, United States of

America (“United States”).

Respondent is Chris Koepke, United States.

2. The Domain Name and Registrar

The disputed domain name <github.cam> (hereinafter “Disputed Domain Name”) is registered with

NameCheap, Inc. (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on July 12, 2023. On July 13, 2023, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Disputed Domain Name. On the same date, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Disputed Domain Name which differed from the named Respondent (Privacy service provided by Withheld for Privacy ehf) and contact information in the Complaint. The Center sent an email communication to complainant on July 25, 2023 providing the registrant and contact information disclosed by the Registrar, and inviting complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on July 27, 2023.

The Center verified that the Complaint together with the amended Complaint satisfied the formal
requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for
Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for
Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified respondent of the Complaint, and the proceedings commenced on July 28, 2023. In accordance with the Rules, paragraph 5, the due date for Response was August 17, 2023.

On July 28, 2023, the Center received email communications from Respondent. On July 31, 2023, the proceeding for settlement discussions. No suspension request was received.

page 2

The Response was filed with the Center on August 15, 2023.

The Center appointed Lawrence K. Nodine as the sole panelist in this matter on August 25, 2023. The Panel
finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and
Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the

Rules, paragraph 7.

4. Factual Background

Complainant coined the term “GitHub.” It has no meaning in any language. Complainant owns trademark registrations for GITHUB (the “Mark”) in several countries, including United States Trademark Registration No. 3,805,947 (registered on June 22, 2010).

Complainant operates a website at <github.com> that hosts its users’ software code, allowing developers to store and manage their code. Millions of software developers use Complainant’s services. It is one of the largest source code hosts in the world.

Like many websites, participating in Complainant’s website requires creating a username and password combination that is used to log in to the platform.

The Disputed Domain Name was registered on August 2, 2018 and currently redirects to a website that impersonates Complainant’s official website.

A. Complainant

Complainant contends that it has rights in the Mark; that the Disputed Domain Name is identical to the Mark; that it has not authorized Respondent to use its Mark and that Respondent does not have any rights or legitimate interests in the Disputed Domain Name; that Respondent registered the Disputed Domain Name in bad faith because Respondent likely knew of Complainant’s well known Mark (which is a coined word) when it registered the Disputed Domain Name without any plausible good faith purpose; and that Respondent uses the Disputed Domain Names in bad faith.

The webpages associated with the Disputed Domain Name are nearly identical copies of Complainant’s webpages. Complainant requested a Google Transparency Report which examines URLs for unsafe websites. The Google report stated the Disputed Domain Name was “unsafe” because it “contains harmful content, including pages that: Try to trick visitors into sharing or downloading personal info or downloading software.”

B. Respondent

In his response, Respondent stated: “I deny any implication of wrong doing, but I’m not contesting their
claim to the domain so I’m not going to waste anyone’s time arguing. I consent to the transfer of the domain

[name] to Complainant.”

6. Discussion and Findings

Given Respondent’s consent, the Panel could order transfer without discussing the merits. Nevertheless, the Panel deems further comment appropriate because Respondent disclaims any bad faith and there is a public interest in exposing potential identity theft or distribution of malware. WIPO Overview of WIPO Panel

Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 4.10.

The Panel finds that Complainant has satisfied all requirements of the Policy.

page 3

Complainant has shown rights in respect of the Mark for the purposes of the Policy. WIPO Overview 3.0, section 1.2.1 and the Disputed Domain Name is identical to Complainant’s Mark in all material respects.

Respondent has no rights or legitimate interest in the Disputed Domain Name. Respondent disclaims “any
implication of wrong doing,” but offers no benign explanation for copying and publishing webpages that
mimic Complainant’s website and invite visitors to sign in with an email address and create accounts.
Therefore, Respondent has failed to demonstrate any rights or legitimate interests in the Disputed Domain
Name, and thus, Complainant is deemed to have satisfied the second element. WIPO Overview 3.0, section
2.1.

Although Complainant does not submit any evidence of specific instances of identity theft or distribution of harmful software, the Google Transparency Report advises that the website “contains harmful content, including pages that: Try to trick visitors into sharing or downloading personal info or downloading software.” Respondent did not respond to this evidence.

Panels have held that the use of a domain name for illegal activity (e.g., phishing, distributing malware, unauthorized account access/hacking, impersonation/passing off, or other types of fraud) constitutes bad faith. WIPO Overview 3.0, section 3.4. Having reviewed the record, the Panel finds the Respondent’s registration and use of the disputed domain name constitutes bad faith under the Policy.

Respondent registered the Disputed Domain Name August 2, 2018. It has been online for five years. Where, as here, the evidence indicates a risk that Respondent may have facilitated identity theft or distributed malicious software, and the Respondent fails to respond to evidence (other than the perfunctory denial of wrongdoing)., there is a public interest in a written record so that potential victims may be alerted to the risk. In these circumstances, it is not sufficient to transfer the Disputed Domain Name based on consent without further comment.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Disputed Domain Name, <github.cam> be transferred to complainant.

/Lawrence K. Nodine/
Lawrence K. Nodine
Sole Panelist
Date: September 8, 2023