Philip Morris International and Swedish Match North Europe successfully secured the transfer of zyn2.com from respondent Jun Zhao. The respondent used a third-level subdomain to host a cloned interface promoting ZYN nicotine pouches and harvesting user registration data. A WIPO panelist ruled the domain was registered and used in bad faith, ordering its immediate transfer.
Case Snapshot
| Case Number | D2025-4627 |
|---|---|
| Complainant | Philip Morris International, Inc.Swedish Match North Europe |
| Respondent | Jun Zhao |
| Disputed Domain | zyn2.com |
| Threat Tactic | Typo Domains |
| Decision Date | 2025-12-19 |
| Panelist | Alfred Meijboom |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4627 |
Geographic Impersonation and Credential-Harvesting Threats to Brand Integrity
The combination of numeric typosquatting in the primary domain ‘zyn2.com’ and the strategic deployment of the third-level subdomain ‘us.zyn2.com’ creates an immediate threat of geographic impersonation and customer-trust erosion. By utilizing a localized subdomain, the unauthorized site directly targets North American consumers seeking legitimate regional distribution channels. The prominent display of the registered ZYN trademark alongside authorized-style marketing copy—such as ‘fresh nicotine satisfaction, with ZYN Nicotine Pouches’—falsely implies official corporate backing or regional affiliation. This tactic misleads consumers, diverts legitimate traffic, and erodes trust in the official online presence of Philip Morris International and Swedish Match North Europe.
Furthermore, the deployment of a user registration portal on the cloned website introduces critical cybersecurity risks and potential corporate liability. By actively prompting visitors to register, the site functions as a credential-harvesting interface designed to collect sensitive personal information. Although the record contains no evidence confirming that the respondent successfully compromised specific user accounts, stole funds, or dispatched active phishing emails, the mere existence of a cloned login interface represents a severe brand threat. For brand owners and intellectual property professionals, this case demonstrates how quickly a domain can pivot from a passive ‘Coming soon’ parking page to an active, high-risk fraudulent portal, requiring swift legal intervention before active security breaches occur.
UDRP Panel Analysis: Distinctive Trademarks, Non-Distinctive Numbers, and Bad Faith Cloned Portals
In evaluating the first element of the UDRP Policy, Panelist Alfred Meijboom examined the structural composition of the disputed domain zyn2.com. The Complainant, Philip Morris International and Swedish Match North Europe, established prior rights through international trademark registrations for ZYN dating back to 2018. The panel determined that the disputed domain identically adopts the ZYN trademark, while the addition of the number ‘2’ is entirely non-distinctive. Under standard UDRP jurisprudence, the addition of a generic numerical character does not prevent a finding of confusing similarity when the complainant’s recognizable mark is incorporated in its entirety.
Regarding the second element, the Panel examined whether the respondent, Jun Zhao, possessed any rights or legitimate interests in the disputed domain. The Complainant asserted that it had not licensed, authorized, or otherwise permitted the Respondent to register the domain or utilize the ZYN trademark. The Respondent’s failure to submit a response allowed the Panel to accept the Complainant’s uncontested assertions. The record demonstrates that the Respondent was not using the domain for a legitimate noncommercial or fair use, but rather with the clear intent to obtain an unfair commercial gain by misleadingly diverting consumers who were seeking the Complainant’s authorized channels.
The bad faith registration and use analysis under the third element of the Policy was reinforced by the progression of the domain’s deployment. Following its registration on April 2, 2025, the domain initially resolved to a passive ‘Coming soon’ parking page before transitioning to an active host. By October 2025, the Respondent utilized the third-level subdomain ‘us.zyn2.com’ to display the Complainant’s trademark and promote ‘ZYN Nicotine Pouches’. The Panel found that the Respondent actively attempted to attract internet users for commercial gain by creating a likelihood of confusion as to the source, sponsorship, or affiliation of the website.
While the record contains no evidence confirming that the Respondent successfully compromised user accounts, dispatched active phishing emails, or sold counterfeit products, the deployment of a registration portal on the cloned website heavily supported the bad faith finding. The website’s interface, which prompted users to register, was identified as a deceptive cloning setup designed to collect sensitive personal information under the guise of an official regional brand channel. Because the Respondent failed to rebut these facts, the Panel concluded that the domain was registered and used in bad faith, resulting in a decision to transfer the domain.
Evidentiary Precision and Procedural Agility Deliver Clear Transfer Ruling
The Complainants’ legal strategy succeeded by demonstrating that the addition of the single digit "2" to the registered "ZYN" trademark was entirely non-distinctive, establishing clear confusing similarity under the first element of the UDRP. Rather than relying solely on the trademark registrations dating back to 2018, the Complainants provided concrete evidence showing how the disputed domain transitioned from a "Coming soon" parking page after its registration in April 2025 to an active entity by October 2025. By documenting the deployment of the regional third-level subdomain "us.zyn2.com" which featured the ZYN trademark and promoted "ZYN Nicotine Pouches," the Complainants clearly demonstrated a calculated effort to mimic legitimate localized market channels. This evidence of subdomain manipulation and brand impersonation left the Panel with clear grounds to find that the Respondent had no rights or legitimate interests.
Crucial to the resolution of the dispute was the Complainants’ swift procedural response after the registrar, GoDaddy, unmasked the registrant behind the proxy service "Domains By Proxy, LLC/ZYN2" as Jun Zhao. The Complainants filed an amended complaint shortly after receiving the registrar verification, maintaining momentum and securing a default holding when the Respondent failed to reply. By documenting the presence of deceptive registration forms on the cloned interface, the Complainants successfully argued that the domain was actively deployed to target the brand’s customer base for unauthorized personal data harvesting. While there was no evidence confirming active phishing emails or completed financial theft, establishing the presence of a cloned credential-collection portal was sufficient for Panelist Alfred Meijboom to find bad faith registration and use under the Policy.
Practical Recommendations
- Expand defensive domain registration and monitoring strategies to systematically include numeric typosquatting variations, such as the core brand mark appended with non-distinctive single digits (e.g., [Brand]2.com).
- Implement subdomain-level DNS and SSL certificate monitoring to detect unauthorized regional indicators (e.g., ‘us.brand.com’ structures) that mimic localized market channels.
- Establish automated tracking alerts for newly registered domains containing the brand mark that initially resolve to passive ‘Coming Soon’ or parking pages, ensuring immediate escalation when they transition to active hosting.
- Document and archive unauthorized user registration forms or credential-harvesting portals immediately upon discovery to secure clear evidence of deceptive bad faith use for UDRP filings, even before active phishing email campaigns are verified.
- Consolidate brand enforcement protocols between parent organizations and subsidiaries to allow coordinated, joint UDRP actions using combined international trademark portfolios against offshore entities.
Frequently Asked Questions (FAQ)
Why was the domain zyn2.com considered confusingly similar to the ZYN trademark?
The WIPO panel found the domain name confusingly similar because it fully incorporated the ZYN trademark, while the addition of the number ‘2’ was deemed non-distinctive and insufficient to prevent consumer confusion.
How did the respondent demonstrate a lack of rights or legitimate interests in the domain?
The respondent had no authorization or license to use the ZYN trademark. Furthermore, the respondent failed to provide any evidence of legitimate noncommercial or fair use, choosing instead to default and remain silent during the proceedings.
What evidence proved the respondent acted in bad faith?
Bad faith was established by the respondent’s use of the domain to host a cloned, phishing-style website. By mimicking the ZYN brand and prompting users to register through an unofficial ‘us.zyn2.com’ portal, the respondent clearly intended to deceive users into harvesting their personal data for commercial gain.
What was the specific tactical danger posed by this phishing site?
The site utilized a deceptive third-level subdomain (‘us.zyn2.com’) to create a false appearance of a legitimate regional branch. This tactic sought to lower user defenses, tricking them into providing sensitive personal information under the guise of an authorized ZYN nicotine product portal.
Detecting Look-Alike Domains Before They Target Your Customers
As seen in the ZYN case, attackers use subtle typosquatting and subdomain manipulation to host credential-harvesting portals. If you are concerned about look-alike domains exploiting your brand to capture user data, we can help you assess your exposure and take decisive action.
This case note is for informational purposes only and is not legal advice.



