ZipRecruiter, Inc. successfully recovered ziprecuiter.store, a typosquatted domain targeting its global recruitment platform. The domain utilized active MX records and industry-related PPC links, posing a direct threat to the trust of 157 million job seekers. The WIPO panel ordered a full transfer, finding the registration was made in bad faith to exploit the Complainant’s trademark.
Case Snapshot
| Case Number | D2025-4910 |
|---|---|
| Complainant | ZipRecruiter, Inc. |
| Respondent | Mehedi Hasan, Gap TEE |
| Disputed Domain | ziprecuiter.store |
| Threat Tactic | Typo Domains |
| Decision Date | 2026-01-13 |
| Panelist | Harini Narayanswamy |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4910 |
Escalated Phishing and Data Privacy Risks in the Recruitment Sector
The registration of ziprecuiter.store—a clear instance of typosquatting through the omission of the letter ‘r’—directly targets a user base of approximately 157 million global job seekers and 4.3 million employers. By resolving to a parked page featuring pay-per-click (PPC) links specifically related to recruitment services, the Respondent capitalized on common user input errors to divert traffic for commercial gain. This tactic exploits the goodwill associated with the ZIPRECRUITER mark, misleading job seekers who expect a secure professional environment and instead encounter third-party advertisements. The failure of the Respondent to respond to two cease-and-desist notices sent in October 2025 further highlights the persistent nature of this commercial exploitation and the necessity of formal UDRP intervention.
Beyond traffic diversion, the technical configuration of the disputed domain introduces severe security risks through active mail exchanger (MX) records. For a company managing over 40 million job alert email subscribers, a typosquatted domain with email capabilities represents a high-probability vector for sophisticated phishing or fraudulent job offers. Such infrastructure allows unauthorized parties to mimic official correspondence to harvest sensitive personal data, resumes, and contact information from unsuspecting candidates. While the source evidence does not prove that specific phishing campaigns were initiated, the technical readiness of the domain to send and receive email remains a substantial threat to the integrity of the Complainant’s primary communication channels and user safety.
The broader business implication of this typosquatting involves brand dilution and the potential for long-term erosion of customer trust. In the recruitment industry, where the secure exchange of personal identifiable information is a core business requirement, any encounter with a misleading or fraudulent platform can damage a brand’s reputation for security. Misdirected users who inadvertently share data with unauthorized parties expose themselves to identity theft risks, which in turn creates a liability and support burden for the legitimate brand owner. This case demonstrates how the combination of typosquatted registration, PPC monetization, and active MX records creates a multi-layered risk profile that threatens both commercial revenue and consumer confidence.
UDRP Panel Analysis: Typosquatting and Technical Threat Vectors
The Panel’s determination on confusing similarity centered on the Respondent’s use of a classic typosquatting technique. By registering ziprecuiter.store—omitting the single ‘r’ from the ZIPRECRUITER trademark—the Respondent created a domain that is visually and phonetically nearly identical to the Complainant’s mark. Given ZipRecruiter’s established global presence, serving 157 million job seekers and 4.3 million employers, the ZIPRECRUITER mark possesses significant distinctiveness and secondary meaning. The Panel noted that such a character omission in a well-known mark is a clear instance of typosquatting designed to capture traffic from users making typographical errors, satisfying the first element of the UDRP policy.
Regarding rights or legitimate interests, the Complainant established that the Respondent was never authorized to use the mark and was not commonly known by the disputed name. The Respondent’s failure to respond to two separate cease-and-desist notices sent on October 21 and October 28, 2025, supported the inference that no legitimate justification for the registration existed. Instead of a bona fide offering of services, the Respondent utilized a parked page featuring pay-per-click (PPC) links. These links specifically targeted the recruitment sector, leveraging ZipRecruiter’s goodwill to generate commercial gain, which the Panel found to be a non-legitimate use of the domain name.
The finding of bad faith was reinforced by both the commercial exploitation of the mark and the specific technical configuration of the domain. Beyond the diversionary PPC links, the presence of active mail exchanger (MX) records indicated a high risk of the domain being used for email-based fraud or phishing. For a company managing 40 million job alert subscribers, the existence of active MX records on a typosquatted domain presents a direct threat to consumer trust. The Panel concluded that the Respondent registered and used the domain with the intent to trade on the Complainant’s reputation, particularly by creating a likelihood of confusion among job seekers who might inadvertently share sensitive personal data with an unauthorized party.
Strategic Evidence: Typosquatting and Technical Indicators of Bad Faith
ZipRecruiter’s successful recovery of the disputed domain relied on demonstrating how the omission of a single letter—the ‘r’ in the ZIPRECRUITER mark—constituted a deliberate attempt to capture misdirected traffic. The strategy was reinforced by evidence that the Respondent resolved the domain to a parked page featuring pay-per-click (PPC) links specifically related to recruitment services. This technical use proved that the Respondent was leveraging the Complainant’s established reputation, which serves 157 million job seekers globally, to generate commercial gain through consumer confusion and traffic diversion.
The inclusion of technical data regarding active mail exchanger (MX) records provided a persuasive argument for the domain’s potential for fraud. Given that ZipRecruiter maintains over 40 million job alert email subscribers, the existence of active MX records on a typosquatted domain presented a quantifiable risk of phishing or deceptive communications. Furthermore, the Complainant’s documentation of two unanswered cease-and-desist notices sent in October 2025 supported the panel’s finding of bad faith. This lack of response, combined with the absence of any rights or legitimate interests, solidified the case for a full transfer under the UDRP.
Practical Recommendations
- Prioritize enforcement actions against typosquatted domains that possess active Mail Exchanger (MX) records, as these indicate an immediate risk of phishing campaigns or fraudulent job offers targeting your user base.
- Document and present specific evidence of pay-per-click (PPC) links on parked pages that resolve to competitors’ services to demonstrate that the respondent is trading on your brand’s goodwill for commercial gain.
- Brief customer support and social media teams on specific typo variations, such as character omissions like ‘ziprecuiter,’ to help them identify and mitigate reports of ‘ghost’ job listings or resume harvesting early.
- Integrate DNS monitoring for common gTLDs like .store or .online into your brand protection strategy, as these are frequently used for low-cost, high-impact impersonation of established service platforms.
- Utilize a lack of response to formal cease-and-desist notices as supplementary evidence in UDRP filings to help establish the respondent’s lack of rights or legitimate interests in the disputed domain.
Frequently Asked Questions (FAQ)
How did the respondent attempt to deceive job seekers using the ziprecuiter.store domain?
The respondent engaged in typosquatting by omitting a single ‘r’ from the ZIPRECRUITER mark. By utilizing a parked page with pay-per-click (PPC) links related to recruitment services, the respondent attempted to divert traffic and capitalize on the goodwill of the ZipRecruiter brand.
Why did the presence of active MX records raise significant business concerns?
Active mail exchanger (MX) records allow for the configuration of email services. In the context of a typosquatted domain, this poses a high risk of sophisticated phishing or fraudulent job offers, potentially deceiving job seekers into sharing sensitive personal data or resumes with unauthorized parties.
On what grounds did the WIPO panel rule in favor of the transfer?
The panel found that the domain was confusingly similar to the Complainant’s trademark, the Respondent lacked any legitimate rights or interests, and the domain was registered and used in bad faith. The Respondent’s failure to respond to multiple cease-and-desist notices further supported the finding of bad faith.
Is a look-alike domain threatening your users?
Typo-domains often host active MX records designed to intercept your corporate communications and deceive your customers. Learn how to secure your brand against deceptive registration patterns and proactively recover high-risk assets.
This case note is for informational purposes only and is not legal advice.



