FIFA successfully secured the transfer of ‘fifa-coins.com’ after demonstrating the domain was registered in bad faith to capitalize on FIFA’s legacy licensing terms. The respondent exploited the domain through dynamic browser-based redirects and PPC links, eventually triggering security blocking alerts. A WIPO panel ordered the immediate transfer of the domain to FIFA.
Case Snapshot
| Case Number | D2025-4768 |
|---|---|
| Complainant | Fédération Internationale de Football Association (FIFA) |
| Respondent | Domain Privacy, Domain Name Privacy Inc. |
| Disputed Domain | fifa-coins.com |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2025-12-23 |
| Panelist | Reyes Campello Estebaranz |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4768 |
Exploitation of Expired Licenses and the Risks of Dynamic Redirects
The registration of ‘fifa-coins.com’ highlights a distinct threat vector: the weaponization of expired licensing terms. After FIFA’s official ‘FIFA Coins’ licensing agreement concluded in 2022, the brand terminology remained highly recognizable to consumers seeking virtual assets, collectibles, or digital currency. By registering this exact keyword combination in August 2024, the unauthorized registrant capitalized on legacy consumer search behavior. This tactic poses a direct threat to brand equity, as users seeking official, historically licensed products are diverted to third-party portals, diluting the trademark and capturing commercial traffic that belongs in the brand’s legitimate ecosystem.
Furthermore, the technical implementation of dynamic routing on the disputed domain amplifies the operational risk for corporate IP teams. The domain resolved to different websites depending on variable user parameters, such as browser, device type, or operating system, while generating revenue through pay-per-click (PPC) networks. For brand owners, this multi-destinational redirect behavior complicates enforcement because automated detection tools may record a benign PPC page while actual consumers are routed to unpredictable and potentially harmful endpoints. This stealth routing makes it difficult to assess the full scope of abuse without deep-dive, multi-agent threat monitoring.
Finally, the ultimate resolution of the domain to a security alert page warning of potential malicious risks presents a severe reputational hazard. While the panel did not find confirmed evidence of active malware distribution or monetary fraud, the presence of security blocklists associated with a brand-attributive domain name directly compromises customer trust. When consumers encounter a blocked site bearing a famous trademark, the negative association can bleed into the brand’s core reputation. This demonstrates that even when third-party domains do not execute successful cyber attacks, their poor security posture and subsequent blocking by web browsers create an immediate and damaging association for the trademark owner.
WIPO Panel Analysis of Confusing Similarity, Rights, and Bad Faith
The panel’s assessment of confusing similarity establishes that the disputed domain name, ‘fifa-coins.com’, fully incorporates the well-known ‘FIFA’ trademark. The addition of the term ‘coins’ does not diminish or prevent a finding of confusing similarity. From a legal standpoint, the panel observed that ‘coins’ directly associates with FIFA’s commercial scope, which includes registered trademarks in Class 14 covering physical coins, such as sports collectibles or memorabilia, as well as virtual assets or cryptocurrencies that have garnered global media attention. Consequently, adding a descriptive term that reflects the brand’s own licensing history or industry presence strengthens, rather than mitigates, the likelihood of consumer confusion.
Regarding the second element of the UDRP, the panel determined that the Respondent lacks any rights or legitimate interests in the domain. The Respondent has no affiliation with the Complainant and received no authorization to utilize the trademark. Although a legitimate licensing agreement for ‘FIFA Coins’ did exist in the past, that agreement officially terminated in 2022, two years before the disputed domain’s registration on August 11, 2024. Instead of preparing a bona fide offering of goods or services, the Respondent used the domain to host pay-per-click (PPC) landing pages to generate commercial revenue, which fails to constitute legitimate non-commercial or fair use under established legal guidelines.
The determination of bad faith registration and use hinges on the Respondent’s clear intent to exploit the Complainant’s established reputation. Given FIFA’s extensive trademark history dating back to 1995 and its prominent global profile, the Respondent is presumed to have registered the domain with prior knowledge of the brand. This bad faith is further demonstrated by the deployment of dynamic routing, where the domain resolved to different target websites based on user parameters like browser, operating system, or device. The commercial exploitation of the trademark to divert traffic, combined with the domain’s eventual resolution to a security alert page warning of potential malicious risks, confirms that the domain was operated in bad faith to capture traffic through false association.
Strategic Alignment of Legacy Licensing and Technical Abuse Evidence
FIFA’s enforcement strategy succeeded by directly linking the descriptive suffix ‘coins’ to both its trademark registrations and its historical commercial operations. By presenting international trademark registrations dating back to 1995—which specifically cover ‘coins’ in Class 14—the Complainant established that the disputed domain ‘fifa-coins.com’ directly targets its IP. Crucially, FIFA provided evidence of a legacy licensing program for ‘FIFA Coins’ that officially terminated in 2022. This historical context proved highly persuasive to the panel, as it demonstrated that the Respondent was deliberately exploiting an expired, highly recognizable brand extension to mislead internet users who might search for authorized collectibles or virtual assets associated with the governing body.
The Complainant further solidified its bad faith argument by presenting detailed technical evidence regarding the domain’s dynamic resolution behavior. FIFA documented that the disputed domain resolved to various destination sites based on unknown visitor parameters, such as browser type, operating system, or device, whilst capitalizing on pay-per-click (PPC) revenue. Proving that the domain subsequently triggered browser security alerts and malicious risk blocklists further highlighted the severe reputational threat to FIFA’s brand. This technical analysis, combined with the scale of FIFA’s global presence and its USD 7.6 billion revenue during the 2019-2022 period, left no doubt that the Respondent registered the domain to exploit FIFA’s public-facing trademark for unauthorized commercial gain.
Practical Recommendations
- Audit and secure legacy licensing terms: Implement a systematic post-termination protocol to defensively register or closely monitor domains associated with expired commercial licenses, partnerships, or discontinued virtual assets (such as ‘brand + coins’ or ‘brand + tokens’) to prevent third-party exploitation of residual brand equity.
- Deploy multi-parameter user-agent emulation: Configure domain monitoring and enforcement tools to scan resolving content using diverse browser, OS, and geographic parameters. This ensures the detection of dynamic routing and cloaked redirects that serve different content (such as dynamic PPC pages) depending on the visitor’s device.
- Leverage security blocklist alerts in UDRP filings: Monitor third-party infringing domains for security blocklist entries and malware alerts. Use active browser warnings and security blocklist evidence in UDRP complaints to substantiate arguments of bad faith use and immediate business/reputational risk.
- Formulate a proactive virtual asset defensive registry: Conduct a gap analysis of the brand portfolio against high-risk digital currency, collectible, and gaming terms (e.g., ‘[brand]-coins.com’, ‘[brand]-crypto.com’) and execute targeted defensive registrations to block bad-faith registrations before they occur.
Frequently Asked Questions (FAQ)
Why was the domain ‘fifa-coins.com’ considered confusingly similar to FIFA’s trademarks?
The WIPO panel determined that ‘fifa-coins.com’ incorporates the well-known ‘FIFA’ trademark in its entirety. The addition of the descriptive term ‘coins’ failed to avoid confusion, as it directly mirrors terms associated with official memorabilia, collectibles, or potential virtual assets, which are categories covered under FIFA’s existing trademark registrations.
What evidence proved the respondent lacked rights or legitimate interests in the domain?
The panel found that the respondent had no authorization to use the FIFA mark and was not affiliated with the organization. Furthermore, the respondent failed to provide a bona fide offering of goods or services, instead using the domain to host pay-per-click (PPC) advertising pages and dynamic redirects, confirming a lack of legitimate interest.
How did FIFA establish bad faith in the registration and use of the domain?
Bad faith was proven by the respondent’s attempt to exploit legacy licensing terms that expired in 2022. The respondent utilized dynamic redirects based on a user’s browser, device, or OS to generate unauthorized revenue, and the site eventually triggered security alerts for malicious risk, demonstrating a clear intent to capitalize on FIFA’s reputation for commercial gain through deception.
What is the primary business takeaway from the transfer of ‘fifa-coins.com’?
The case highlights the risk of third parties hijacking expired or legacy licensing keywords (e.g., ‘FIFA Coins’) to create false associations. Organizations should actively monitor domains using their brand in combination with descriptive terms related to virtual assets or past product lines to prevent traffic diversion and reputational damage from security-blocked sites.
Detected brand-plus-keyword abuse?
Unauthorized domains leveraging your brand alongside product or service keywords—like the ‘fifa-coins.com’ case—can drive traffic to malicious sites and dilute your digital equity. Learn how to identify and recover these deceptive assets.
This case note is for informational purposes only and is not legal advice.



