LastPass US LP v Nanci Nette, Name Management Group
WIPO Case No. DCO2023-0070
•02-10-2023
ARBITRATION
AND
| MEDIATION CENTER |
ADMINISTRATIVE PANEL DECISION
LastPass US LP v. Nanci Nette, Name Management Group
Case No. DCO2023-0070
1. The Parties
Complainant is LastPass US LP, United States of America, represented by Day Pitney LLP, United States of
America.
Respondent is Nanci Nette, Name Management Group, United States of America.
2. The Domain Name and Registrar
The disputed domain name <lastpass.co> (the “Domain Name”) is registered with Dynadot, Inc. (the
“Registrar”).
3. Procedural History
The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on August 4, 2023. On August 7, 2023, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Name. On August 7, 2023, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Name which differed from the named Respondent (Redacted for Privacy) and contact information in the Complaint. The Center sent an email communication to Complainant on August 9, 2023 providing the registrant and contact information disclosed by the Registrar, and inviting Complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on August 9, 2023.
The Center verified that the Complaint together with the amended Complaint satisfied the formal
requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for
Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for
Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on August 10, 2023. In accordance with the Rules, paragraph 5, the due date for Response was August 30, 2023. Respondent did not submit any response. Accordingly, the Center notified Respondent’s default on August 31, 2023.
page 2
The Center appointed Kimberley Chen Nobles as the sole panelist in this matter on September 21, 2023.
The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and
Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the
Rules, paragraph 7.
4. Factual Background
Complainant, founded in 2008, is a provider of password management and computer security tools, with
over 33 million personal users and 100,000 business users worldwide. Complainant has used the
LASTPASS trademark both in the United States and internationally, and owns trademark registrations for the
LASTPASS mark in the United States and internationally, including:
| - | United States trademark number 4514427 for LASTPASS word mark, registered on April 15, 2014; |
| - | Australian trademark number 1840784 for LASTPASS word mark, registered on January 17, 2017; |
| - | Canadian trademark number TMA1042981 for LASTPASS word mark, registered on July 19, 2019; |
| - | European Union Trade Mark number 1341702 for LASTPASS word mark, registered on January 17, 2017; and |
| - | United Kingdom trademark number UK00801341702 for LASTPASS word mark, registered on October 3, 2017. |
Complainant also owns and operates the domain name <lastpass.com>, which was registered on March 8,
2005, and on which Complainant’s first offered its password manager products in April 2008.
The Domain Name was registered on September 18, 2016. At the time of the filing of the Complaint, the Domain Name redirected Internet users to several different websites at different times - depending on the browser used - such as “ “ and “ before
directing to Complainant’s website at “ On a secure Firefox browser, the site on which the Domain Name reverts to is blocked as a “HIGH RISK WEBSITE” due to the threat of “Mal/HTMLGen-A malware,” suggesting the use of the Domain Name to distribute malware. Accessing the website via Chrome
led to a “Security threat detected” warning. The site that the Domain Name directs to is also configured for
email capabilities.
5. Parties’ Contentions
A. Complainant
Complainant contends that (i) the Domain Name is identical or confusingly similar to Complainant’s trademarks; (ii) Respondent has no rights or legitimate interests in the Domain Name; and (iii) Respondent registered and is using the Domain Name in bad faith.
In particular, Complainant contends that it has trademark registrations for LASTPASS and that Respondent registered and is using the Domain Name with the intention to confuse Internet users looking for bona fide and well-known LASTPASS products and services.
Complainant notes that it has no affiliation with Respondent, nor authorized Respondent to register or use a domain name, which includes Complainant’s trademark, and that Respondent has no rights or legitimate interests in the registration and use of the Domain Name. Rather, Complainant contends that Respondent has acted in bad faith in registering and setting up the Domain Name, when Respondent clearly knew of Complainant’s rights.
B. Respondent
Respondent did not reply to Complainant’s contentions.
page 3
6. Discussion and Findings
Under paragraph 4(a) of the Policy, to succeed Complainant must satisfy the Panel that:
(i) the Domain Name is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and
(ii) Respondent has no rights or legitimate interests in respect of the Domain Name; and
(iii) the Domain Name was registered and is being used in bad faith.
Section 4.3 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition
(“WIPO Overview 3.0”) states that failure to respond to the complainant’s contentions would not by itself
mean that the complainant is deemed to have prevailed; a respondent’s default is not necessarily an
admission that the complainant’s claims are true.
Thus, although in this case Respondent has failed to respond to the Complaint, the burden remains with evidence. See, e.g., The Knot, Inc. v. In Knot We Trust LTD, WIPO Case No. D2006-0340.
A. Identical or Confusingly Similar
Ownership of a trademark registration is generally sufficient evidence that a complainant has the requisite rights in a mark for purposes of paragraph 4(a)(i) of the Policy. See WIPO Overview 3.0, section 1.2.1. Complainant provided evidence of its rights in the LASTPASS trademarks, as noted above. Complainant has also submitted evidence, which supports that the LASTPASS trademarks are widely known and a source identifier of Complainant’s products and services. Complainant has therefore proven that it has the requisite rights in the LASTPASS trademarks.
With Complainant’s rights in the LASTPASS trademarks established, the remaining question under the first element of the Policy is whether the Domain Name, typically disregarding the Top-Level Domain (“TLD”) in which it is registered (in this case, “.co”), is identical or confusingly similar to Complainant’s trademark. See,
e.gB & H Foto & Electronics Corp. v. Domains by Proxy, Inc. / Joseph Gross
., , WIPO Case No. the Domain Name is identical to Complainant’s LASTPASS trademark.
Thus, the Panel finds that Complainant has satisfied the first element of the Policy.
B. Rights or Legitimate Interests
Under paragraph 4(a)(ii) of the Policy, a complainant must make a prima facie showing that a respondent possesses no rights or legitimate interests in a disputed domain name. See, e.g., Malayan Banking Berhad v. Beauty, Success & Truth International, WIPO Case No. D2008-1393. Once a complainant makes such a prima facie showing, the burden of production shifts to the respondent, though the burden of proof always remains on the complainant. If the respondent fails to come forward with relevant evidence showing rights or legitimate interests, the complainant will have sustained its burden under the second element of the UDRP.
From the record in this case, it is evident that Respondent was, and is, aware of Complainant and its LASTPASS trademarks, and does not have any rights or legitimate interests in the Domain Name. Complainant has confirmed that Respondent is not affiliated with Complainant, or otherwise authorized or licensed to use the LASTPASS trademarks or to seek registration of any domain name incorporating the trademarks. Respondent is also not known to be associated with the LASTPASS trademarks, and there is no evidence showing that Respondent has been commonly known by the Domain Name.
page 4
In addition, Respondent has not used the Domain Name in connection with a bona fide offering of goods or services or a legitimate noncommercial or fair use. Rather, at the time of the filing of the Complaint, the Domain Name redirected Internet users to several different websites at different times - depending on the browser used - such as “ “ and “ before directing to Complainant’s website at “ On a secure Firefox browser, the site on which the Domain Name reverts to is blocked as a “HIGH RISK WEBSITE” due to the threat of “Mal/HTMLGen-A malware,” suggesting the use of the Domain Name to distribute malware. Accessing the website via Chrome led to a “Security threat detected” warning. The site that the Domain Name directs to is also configured for email capabilities.
Such use does not constitute a bona fide offering of goods or services or a legitimate noncommercial or fair
use and cannot under the circumstances confer on Respondent any rights or legitimate interests in the
Domain Name. See, e.g., Intesa Sanpaolo S.p.A. v. Charles Duke / Oneandone Private Registration, WIPO
Case No. D2013-0875.
Accordingly, Complainant has provided evidence supporting its prima facie claim that Respondent lacks any rights or legitimate interests in the Domain Name. Respondent has failed to produce countervailing evidence of any rights or legitimate interests in the Domain Name. Thus, the Panel concludes that Respondent does
not have any rights or legitimate interests in the Domain Name and Complainant has met its burden under
paragraph 4(a)(ii) of the Policy.
C. Registered and Used in Bad Faith
The Panel finds that Respondent’s actions indicate that Respondent registered and is using the Domain
Name in bad faith.
Paragraph 4(b) of the Policy provides a non-exhaustive list of circumstances indicating bad faith registration and use on the part of a domain name registrant, namely:
“(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the
purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is
the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration
in excess of your documented out-of-pocket costs directly related to the domain name; or
(ii) you have registered the domain name in order to prevent the owner of the trademark or service mark from
reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such
conduct; or
(iii) you have registered the domain name primarily for the purpose of disrupting the business of a
competitor; or
(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet
users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s
mark as to the source, sponsorship, affiliation, or endorsement of your website or location or of a product or
service on your web site or location.”
The Panel finds that Complainant has provided ample evidence to show that registration and use of the LASTPASS trademarks long predate the registration of the Domain Name. Complainant is also well established and known. Indeed, the record shows that Complainant’s LASTPASS trademarks and related products and services are widely known and recognized. Therefore, Respondent was likely aware of the LASTPASS trademarks when Respondent registered the Domain Name, or knew or should have known that the Domain Name was identical to Complainant’s trademarks. See WIPO Overview 3.0, section 3.2.2; see also TTT Moneycorp Limited v. Privacy Gods / Privacy Gods Limited, WIPO Case No. D2016-1973.
page 5
The Panel therefore finds that Respondent’s awareness of Complainant’s trademark rights at the time of registration suggests bad faith. See Red Bull GmbH v. Credit du Léman SA, Jean-Denis Deletraz, WIPO Case No. D2011-2209; Nintendo of America Inc v. Marco Beijen, Beijen Consulting, Pokemon Fan Clubs Org., and Pokemon Fans Unite, WIPO Case No. D2001-1070; BellSouth Intellectual Property Corporation v.
Serena, Axel, WIPO Case No. D2006-0007.
Further, the registration of the Domain Name incorporating Complainant’s LASTPASS trademark in its entirety suggests Respondent’s actual knowledge of Complainant’s rights in the LASTPASS trademarks at the time of registration of the Domain Name and its effort to opportunistically capitalize on the registration and use of the Domain Name.
Moreover, at the time of the filing of the Complaint, the Domain Name redirected Internet users to several different websites at different times - depending on the browser used - such as “ “ and “ before directing to Complainant’s website at “ On a secure Firefox browser, the site on which the Domain Name reverts to is blocked as a “HIGH RISK WEBSITE” due to the threat of “Mal/HTMLGen-A malware,” suggesting the use of the Domain Name to distribute malware, as well as attempting to deceive unsuspecting Internet users into providing sensitive personal information. In addition, accessing the website via Chrome led to a “Security threat detected” warning.
The site that the Domain Name directs to is also configured for email capabilities, which suggests that emails may be sent from an identical domain, that is, @lastpass.co, resulting in causing confusing among consumers who may mistakenly perceive such emails as originating from Complainant’s own @lastpass.com email address. Such use of the Domain Name may not only cause harm to consumers, but also result in causing harm to Complainant and its reputation, disrupting Complainant’s business, and tarnishing its good will.
Finally, the Panel also notes the reputation of the LASTPASS trademarks, Respondent’s pattern of bad faith registration and use of domain names, and the failure of Respondent to submit a response to the Complaint.
Accordingly, the Panel finds that Respondent has registered and is using the Domain Name in bad faith and
Complainant succeeds under the third element of paragraph 4(a) of the Policy.
7. Decision
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name <lastpass.co> be transferred to Complainant.
/Kimberley Chen Nobles/
Kimberley Chen Nobles
Sole Panelist
Date: October 2, 2023
0
0
0