Globant España S.A. successfully secured the transfer of the domain arglobant.com in a WIPO UDRP decision. The disputed domain, which targeted Globant’s brand and Argentinian history using the ‘ar’ prefix, was found to resolve to a dangerous browser warning indicating potential credential theft. Panelist Theda König Horowicz ordered the transfer due to the respondent’s clear bad faith and lack of legitimate interests.
Case Snapshot
| Case Number | D2025-4420 |
|---|---|
| Complainant | Globant España S.A. (sociedad unipersonal) |
| Respondent | tongliang li |
| Disputed Domain | arglobant.com |
| Threat Tactic | Geographic Mimicry |
| Decision Date | 2026-01-07 |
| Panelist | Theda König Horowicz |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4420 |
Geographic Mimicry and Browser Security Warnings: Exploiting Regional Brand Identity
The unauthorized registration of arglobant.com demonstrates how bad actors exploit regional brand associations to compromise customer trust and digital security. By combining the geographic prefix ‘ar’—which directly references Globant’s historical origin in Argentina—with the core ‘GLOBANT’ trademark, the registrant crafted a deceptive digital identity targeting localized corporate clients and regional staff. When unauthorized domains mimic specific national or regional hubs, users are far more vulnerable to deceptive interactions. This geographic mimicry presents a severe reputational threat, particularly as the domain was associated with automated security warnings that flagged potential credential harvesting and malicious software installation.
Although there is no documented evidence of actual financial losses or active phishing emails directly sent from this specific domain, its configuration triggered browser-level safety blocks that advised visitors against entering sensitive credentials. Such security warnings severely damage brand equity by associating the trusted ‘GLOBANT’ mark with hostile online threats. Furthermore, the dispute highlights the compounding risk of recidivist threat actors. The respondent, tongliang li, was previously implicated in another high-profile brand dispute, namely Carrefour SA v. tongliang li (WIPO Case No. D2024-3843). This history of targeting major corporate entities highlights the necessity for enterprise brand owners to maintain continuous registry monitoring to intercept repeat offenders before they can deploy active fraud campaigns.
Comprehensive Panel Analysis of Confusing Similarity, Legitimate Interests, and Bad Faith
Under the first element of the Policy, the Panelist, Theda König Horowicz, evaluated whether the disputed domain name arglobant.com was confusingly similar to the Complainant’s trademark. The Panel confirmed that the domain incorporates the GLOBANT mark in its entirety, merely appending the geographic prefix ‘ar’ to the front. Because ‘ar’ represents Argentina—the nation where Globant’s operations originally commenced in 2003—the addition does not prevent a finding of confusing similarity but rather enhances the risk of deception. The generic top-level domain ‘.com’ was disregarded as a standard technical requirement of domain name registration.
Regarding rights or legitimate interests, the Complainant, Globant España S.A. (sociedad unipersonal), established a prima facie case that the Respondent, tongliang li, possessed no association with or rights to the GLOBANT brand. The Respondent is not commonly known by the disputed domain name and has received no authorization or license to use the Complainant’s registered trademark. Because the Respondent failed to respond to the administrative proceeding or submit any evidence of a bona fide offering of goods or services, the Complainant’s assertions stood uncontradicted. The Panel concluded that no legitimate rights or interests existed under the second element.
In evaluating bad faith, the Panelist examined both the registration and active use of the domain name. The domain resolved to a page that generated severe security and browser warning alerts, warning visitors of potential exposure to malicious software installation and credential theft, including passwords and credit card details. The Panel observed that registering a domain matching a famous technology brand to operate a dangerous warning page indicates a clear intent to defraud users. Additionally, the Panel noted that the Respondent has a documented history of targeting major corporate trademarks, having previously been named as the respondent in Carrefour SA v. tongliang li, WIPO Case No. D2024-3843, further solidifying the finding of bad faith registration and use.
Strategy Breakdown: Leveraging Regional History and Recidivism Evidence
The Complainant’s strategy succeeded by linking the geographic prefix ‘ar’ directly to its historical corporate roots in Argentina, where the company was founded in 2003. By demonstrating that the disputed domain name incorporates the complete GLOBANT mark alongside this specific geographic indicator, Globant España S.A. established a strong case for confusing similarity under the first element. This localized mimicry presented a clear risk of deceiving regional clients and staff, as the domain appeared to represent an official Argentine branch of the technology and digital transformation firm.
To establish bad faith, the Complainant leveraged highly persuasive technical and behavioral evidence instead of relying solely on the passive holding of the domain. First, the Complainant submitted evidence of a security warning page that flagged the domain for credential harvesting and malicious software installation, demonstrating active online risks to consumers. Second, the Complainant highlighted the Respondent’s history of targeting major corporate marks by referencing a prior UDRP decision involving the same Respondent, Carrefour SA v. tongliang li, WIPO Case No. D2024-3843. This evidence of recidivism, combined with the Respondent’s failure to reply, convinced Panelist Theda König Horowicz that the registration was executed in bad faith.
Practical Recommendations
- Establish automated brand monitoring that flags registrations combining core trademarks with geographic prefixes (such as country codes like ‘ar’ or regional markers) to detect regional mimicry early.
- Document and submit technical browser security warnings (e.g., Google Safe Browsing warning pages for credential harvesting) as primary evidence of bad faith use in UDRP filings.
- Cross-reference registrant details against historical UDRP decision databases to identify known recidivists (such as tongliang li) and establish a pattern of bad faith targeting across industries.
- Defensively register key brand-plus-keyword and brand-plus-geographic combinations corresponding to your company’s historical origins or major operational regional hubs.
- Coordinate domain enforcement with active cyber threat intelligence to block malicious MX records and initiate hosting-level takedowns while UDRP proceedings are prepared.
Frequently Asked Questions (FAQ)
Why was the domain arglobant.com considered confusingly similar to the Globant trademark?
The panel determined that the domain incorporates the globally recognized ‘GLOBANT’ trademark in its entirety. The prefix ‘ar’ was identified as a geographic reference to Argentina—the country where Globant was founded—creating a high risk of consumer confusion by falsely implying a regional official presence.
What evidence confirmed the Respondent’s bad faith in this UDRP case?
Bad faith was demonstrated by the fact that the domain triggered active browser security warnings for phishing and malicious software. Furthermore, the Respondent—tongliang li—is a repeat offender previously involved in similar cyber-attack proceedings, and they provided no evidence of legitimate interest or activity.
What are the primary business risks associated with this type of geo-mimicry?
The use of geographic prefixes can deceive clients, regional staff, and partners into trusting a malicious domain, leading to credential harvesting, malware installation, and a direct erosion of digital trust in the brand’s localized operations.
What was the final outcome and why was it necessary?
The WIPO panel ordered the immediate transfer of the domain to Globant España S.A. This action was necessary to neutralize a clear security threat to the brand’s digital infrastructure and to prevent the continued exploitation of Globant’s corporate history for fraudulent purposes.
Seeing brand abuse in a regional domain zone?
The arglobant.com case highlights how bad actors weaponize geographic prefixes to target your regional reputation and customer trust. If you suspect similar unauthorized domain activity, our team can help you assess your UDRP eligibility and defend your brand against localized impersonation.
This case note is for informational purposes only and is not legal advice.



