Equifax Inc. filed a UDRP complaint against the domain reportsequifax.info, which was registered in October 2025 and utilized for a phishing scheme targeting user credentials. The WIPO panelist found the respondent acted in bad faith by impersonating the well-known credit reporting firm and ordered a full transfer of the domain.
Case Snapshot
| Case Number | D2025-4522 |
|---|---|
| Complainant | Equifax Inc. |
| Respondent | AFP HABITAT |
| Disputed Domain | reportsequifax.info |
| Threat Tactic | Phishing and Email Fraud |
| Decision Date | 2025-12-18 |
| Panelist | Marilena Comanescu |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4522 |
Credential Harvesting and the Deceptive Use of Brand-Plus-Keyword Portals
The registration and deployment of reportsequifax.info represent a direct threat to customer trust through a calculated phishing scheme. By hosting a ‘White Label QR Platfom’ that featured a prominent login form for usernames and passwords, the respondent created a functional facsimile of a corporate authentication gateway. This tactic targets the specific expectation of privacy and security that consumers associate with financial data services. For Equifax, the risk extends beyond simple trademark infringement to the potential exposure of sensitive user credentials, which can be leveraged for identity theft or broader financial fraud. The absence of any disclaimer or identity information on the respondent’s site further confirms a deceptive intent to harvest data by exploiting the brand’s 50-year history of trademark use.
The use of the ‘brand plus keyword’ tactic—specifically appending the term ‘reports’ to the EQUIFAX mark—is a refined method of traffic diversion that targets high-intent users. In the financial services sector, consumers frequently seek ‘reports,’ making this domain name appear as a legitimate, logical extension of the complainant’s digital infrastructure. This naming convention is designed to neutralize user skepticism, leading individuals to believe they are accessing an official reporting portal. Such mimicry not only threatens the integrity of the complainant’s customer service channels but also forces the brand owner to bear the significant evidentiary and financial burden of monitoring high-volume trademark registrations across various top-level domains like .info.
The procedural behavior of the respondent highlights the operational challenges brand owners face in modern enforcement. By utilizing a privacy service and failing to provide a substantive response to the UDRP complaint, the respondent attempted to shield their identity while maintaining a deceptive digital asset. Although the domain resolved to an error page by the time of the filing, the prior evidence of credential harvesting established a clear record of bad faith. This transient use of domains—activating a phishing site and then allowing it to go dark—demonstrates a strategy of evasion that requires brands to act with extreme speed between the detection of a threat and the initiation of legal proceedings to secure the transfer of the asset.
Panel Analysis of Confusing Similarity, Rights, and Bad Faith Registration
The Panel determined that the disputed domain name, reportsequifax.info, is confusingly similar to the Complainant’s registered EQUIFAX trademark. This finding rests on the fact that the domain incorporates the mark in its entirety. The addition of the descriptive word ‘reports’ was found to be insufficient in diminishing the confusing similarity, as the term relates closely to the Complainant’s core business functions in credit data and analytics. Under the UDRP framework, such additions often exacerbate the risk of consumer confusion rather than mitigate it, particularly when the underlying trademark is highly distinctive or globally recognized as a brand identifier in the financial sector.
Regarding rights or legitimate interests, the Panel concluded that the Respondent, AFP HABITAT, failed to demonstrate any valid claim to the domain name. The Complainant established that it never assigned, licensed, or authorized the use of its trademark to the Respondent in any capacity. Crucially, the evidence showing the domain was utilized to host a ‘White Label QR Platfom’ designed to harvest user credentials precluded a finding of a bona fide offering of goods or services. The Panel noted that the collection of usernames and passwords through deceptive impersonation is fundamentally incompatible with the requirement for legitimate interests, and the Respondent’s default further weakened any potential defense.
The bad faith analysis centered on the global fame of the EQUIFAX mark and the predatory nature of the Respondent’s website. With over 221 trademark registrations across 56 jurisdictions, including a U.S. registration dating back to 1975, the mark was established as well-known 50 years prior to the Respondent’s registration of the domain in October 2025. The Panel found that the domain was so obviously connected to the Complainant that the Respondent’s likely intent was to mislead users into disclosing sensitive information. The absence of any prominent disclaimer or accurate identity information on the site, combined with the use of a privacy service, reinforced the finding of bad faith registration and use intended for fraudulent activity.
Strategic Application of Trademark Longevity and Phishing Documentation
Equifax Inc. secured a favorable outcome by leveraging the historical weight of its global trademark portfolio, which includes over 221 registrations across 56 jurisdictions. By highlighting a U.S. registration dating back to 1975—exactly 50 years prior to the registration of the disputed domain—the Complainant established a prior right that precluded any plausible claim of good faith registration by the Respondent. The strategy successfully characterized the ‘brand plus keyword’ tactic not as a generic use, but as a deliberate attempt to impersonate official financial data portals. This established that the domain reportsequifax.info was inherently misleading and designed to capitalize on the EQUIFAX mark’s well-documented reputation and distinctiveness, as recognized in previous UDRP proceedings.
The core of the evidentiary success rested on the Complainant’s documentation of the domain’s active involvement in a phishing scheme. By submitting evidence of a ‘White Label QR Platfom’ page featuring a login form for credential harvesting, Equifax provided the Panel with concrete proof of bad faith use that moved beyond mere registration similarity. The collection of sensitive usernames and passwords effectively disqualified the Respondent from claiming any bona fide offering of goods or services. Furthermore, the absence of any disclaimer or accurate identification of the operator on the site supported the legal finding of deceptive intent. Even though the domain resolved to an error page at the time of the filing, the Complainant’s prior capture of the fraudulent landing page was the decisive factor in overcoming the Respondent’s use of a privacy service and subsequent default.
Practical Recommendations
- Implement automated monitoring for ‘Brand + High-Risk Keyword’ combinations (e.g., [Brand] + ‘reports’, ‘login’, or ‘secure’) to detect impersonation portals before they are widely distributed in phishing campaigns.
- Prioritize immediate forensic preservation of phishing content, such as screenshots of login forms or credential harvesting fields, as threat actors often transition sites to error pages once they detect enforcement activity.
- Utilize evidence of ‘White Label’ or generic platform templates used by respondents to demonstrate a lack of rights or legitimate interests, especially when no prominent disclaimer of non-affiliation is present.
- Establish a rapid-response enforcement timeline (targeting filing within 30 days of registration) to minimize the window for credential theft, as demonstrated by the Complainant’s swift action following the October 9 registration.
- Incorporate the historical longevity of trademarks (e.g., Equifax’s 50-year-old registration) in UDRP filings to establish that any subsequent registration of a confusingly similar domain is an opportunistic attempt to exploit brand fame.
Frequently Asked Questions (FAQ)
Why did the WIPO panel rule that ‘reportsequifax.info’ is confusingly similar to the Complainant’s brand?
The panel determined that the domain incorporated the well-known ‘EQUIFAX’ trademark in its entirety. The addition of the descriptive word ‘reports’ was insufficient to distinguish the domain from the Complainant’s brand or reduce the potential for consumer confusion.
What evidence proved the Respondent lacked a legitimate interest in the disputed domain?
The Respondent used the domain to host a ‘White Label QR Platform’ featuring a deceptive login form designed to harvest usernames and passwords. The panel ruled that using a domain for credential phishing does not constitute a bona fide offering of goods or services.
How did the Complainant establish that the domain was registered and used in bad faith?
Bad faith was evidenced by the fame of the EQUIFAX mark, which has been registered for over 50 years, and the Respondent’s use of the site to impersonate Equifax for phishing. The lack of any disclaimer or clear identification of the site’s owner further confirmed an intent to mislead users.
What was the tactical outcome of this case despite the domain resolving to an error page by the time of filing?
Although the site resolved to an error page by November 1, 2025, the Complainant provided historical evidence of the site’s prior fraudulent use. The panel found this sufficient to order a full transfer of the domain, successfully neutralizing the threat to customer data and brand integrity.
Concerned about fake email or credential harvesting fraud?
Protect your brand from unauthorized login portals and credential theft. Learn how UDRP actions can effectively reclaim domains being used for fraudulent impersonation schemes.
This case note is for informational purposes only and is not legal advice.



