5 May, 2026

WIPO Orders Transfer of cn-zoho.com After Impersonation of Zoho Books App

UDRP Cases

Zoho Corporation Private Limited successfully secured the transfer of the disputed domain cn-zoho.com in a WIPO UDRP proceeding. The respondent, feng xiao, used the domain to host a site mimicking the official Zoho Books app and displaying an identical corporate logo. Panelist Willem J. H. Leppink ordered the immediate transfer of the domain due to clear corporate impersonation and bad faith registration.

Case Snapshot

Case Number D2026-0577
Complainant Zoho Corporation Private Limited
Respondent feng xiao
Disputed Domain
cn-zoho.com
Threat Tactic Geographic Mimicry
Decision Date 2026-03-26
Panelist Willem J. H. Leppink
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-0577

Exploitation of Geographic Prefixes and Core Software Assets

The deployment of geographic mimicry via the "cn-" prefix in cn-zoho.com represents a highly targeted threat to regional enterprise operations. By prepending a country-specific identifier to a recognized corporate brand, the registrant exploits the natural tendency of localized users to seek out regional offices or dedicated country-specific support portals. For a global provider like Zoho Corporation Private Limited, which commands a user base exceeding 130 million, such localized domain variations are highly effective at diverting legitimate traffic. Unsuspecting regional customers seeking local portals are easily deceived, particularly when the resolving site displays visual assets identical to the brand’s registered trademarks.

The specific targeting of the "ZOHO BOOKS" application amplifies the business risk from simple brand confusion to severe security exposure. Because Zoho Books is a proprietary financial application designed to manage sensitive corporate accounting, invoice processing, tax compliance, and business records, any unauthorized replica site threatens the confidentiality of client operations. By displaying a logo identical to the Complainant’s Chinese trademark registration (No. 17690899) alongside references to this financial tool, the deceptive site constructs a high-fidelity replica that can be used to harvest credentials or manipulate financial interactions, directly compromising customer trust and brand reputation.

Furthermore, the operational window for this deceptive campaign was deliberately extended through the strategic use of domain privacy services. The registrant utilized NameSilo, LLC, and masked their identity under PrivacyGuardian.org, concealing the true owner behind a generic privacy handle. This administrative obfuscation prevents immediate out-of-court resolution and forces brand owners to initiate formal UDRP proceedings simply to unmask the respondent, who was eventually revealed to be feng xiao. This delay prolongs the duration of the active threat online, giving bad actors more time to exploit regional users before enforcement actions can be executed.

Strategic Application of Geographic and Visual Evidence to Establish Impersonation

The Complainant’s strategy succeeded by systematically dissecting the technical construction of the disputed domain name to establish geographic mimicry. By demonstrating that the domain ‘cn-zoho.com’ incorporated the ‘ZOHO’ trademark in its entirety, preceded only by a hyphenated geographic prefix (‘cn-‘), the Complainant met the threshold of confusing similarity under the first element. For brand protection professionals, this highlights the efficacy of mapping localized prefixes—such as regional or country-code abbreviations—directly to the core trademark. The strategy successfully illustrated that adding geographic designators to a highly distinctive brand name does not diminish confusion, but rather exacerbates the threat by implying an authorized regional office or local portal to unsuspecting users.

Furthermore, the Complainant presented persuasive evidence of corporate impersonation on the resolving website to satisfy the second and third elements of the UDRP. Specifically, the submission documented that the website resolved to a landing page referencing the proprietary ‘ZOHO BOOKS’ application and featured an identical copy of Zoho’s registered Chinese device mark (No. 17690899). This precise replication of corporate design assets proved that the Respondent, feng xiao, had direct knowledge of the brand at the time of registration. Because the unauthorized use of identical logos to mimic corporate software cannot confer rights or legitimate interests, the Panel easily concluded that the domain was registered and used in bad faith. This evidentiary approach demonstrates that capturing high-resolution visual evidence of a resolving page’s layout is critical in establishing malicious intent.

Practical Recommendations

  • Implement proactive domain registration defenses for high-risk geographic prefix and suffix variations (such as ‘cn-[brand]’ or ‘[brand].com.cn’) in regional markets where the brand has an active customer base or holds local trademark registrations.
  • Deploy visual brand monitoring and logo detection tools to scan newly registered domains for unauthorized reproduction of identical registered word/device marks, which serves as critical evidence of bad faith and impersonation under the UDRP.
  • Establish automated monitoring systems targeting key corporate product names combined with trademarks (e.g., ‘brand + software name’ such as ‘ZOHO BOOKS’) to identify and shut down targeted SaaS/application-themed phishing and data harvesting operations early.
  • Formulate streamlined protocols for rapid registrar verification requests to uncover the true registrant details behind privacy proxies (such as PrivacyGuardian.org) used by bad actors to delay enforcement or hide identity.
  • In corporate trademark portfolios, register and maintain both standard word marks and distinct device/logo marks globally, ensuring both are cited in UDRP complaints to solidify evidence of intentional consumer confusion and malicious intent.

Frequently Asked Questions (FAQ)

Why was the domain ‘cn-zoho.com’ considered confusingly similar to the Zoho trademark?

The Panel determined that the domain is confusingly similar because it incorporates the ZOHO trademark in its entirety, merely prefixing it with the geographic indicator ‘cn-‘, which misleads users into associating the domain with an official regional branch of the Complainant.

What evidence did the Panel use to prove the Respondent lacked rights to the domain?

The Panel noted that the Respondent attempted to impersonate Zoho by using an identical corporate logo on a website referencing the ‘ZOHO BOOKS’ application. Such unauthorized use of proprietary brand assets for illegitimate activity fails to establish any legitimate rights or interests under UDRP policy.

How did the Panel establish that the Respondent acted in bad faith?

Bad faith was proven by the Respondent’s active use of the domain to host a site that mimicked the Complainant’s software branding, specifically the Zoho Books interface, to attract users for potentially fraudulent purposes, combined with the fact that the Respondent offered no defense or response to the claims.

What tactical lesson does this case offer regarding domain registration and privacy?

The case highlights the risk of geographic mimicry where attackers use regional prefixes to gain false credibility. Additionally, the use of privacy services like ‘PrivacyGuardian.org’ served to mask the identity of the respondent, demonstrating how attackers utilize such tools to delay brand enforcement and visibility.

Seeing brand abuse in a regional domain zone?

The cn-zoho.com case demonstrates how attackers use geographic prefixes to create unauthorized regional portals. If you are seeing similar regional domain squatting, let’s assess your brand’s vulnerability and UDRP eligibility.

Request regional audit

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.