Case number: CAC-UDRP-107301
Domain names: indiraivf.com
Complainant: Indira IVF Hospital Pvt. Ltd.
Complainant representative: Ankur Raheja (UDRPKing.com, Cylaw Solutions)
Respondent: Saurav Shinde
Comments: The disputed domain name, <indiraivf.com>, was stolen in October 2024 by an unknown party, although the website continued to operate normally. The loss of control over the domain was only discovered in January 2025 during audits related to an upcoming IPO. The registrant of the domain name was discovered to be an individual who self-identified as an “Ethical Hacker” on his LinkedIn profile. During the UDRP proceedings, the registrant claimed to have purchased the domain via Facebook for $20 along with another domain name, presenting related evidence. The website itself remained online throughout, apart from a two-day outage in March 2025.
This case highlights that a stolen domain name can be recovered using the summary procedure under the UDRP Policy. However, to proceed under the UDRP, the complainant must demonstrate ownership of a registered trademark or establish common law rights in the mark. If the stolen domain name consists of a common word and is not trademarked, the UDRP process may not be directly available. In such situations, the ICANN Transfer Dispute Resolution Policy (TDRP) offers an alternative method for recovering the domain name.
Identification Of Rights
Indira IVF Hospital Private Limited (“Indira IVF” or “Complainant”) is the owner of various registrations for the trademarks INDIRA and INDIRA IVF in the market of India. Trademarks were registered as both a word and figurative marks in class 44 (‘Medical Services’) in the Trade Marks Registry of the Government of India. All the trademark registrations of the Complainant significantly predate the start of the Respondent’s take-over of the disputed domain name (October to December of 2024), inter alia, Indian trademark INDIRA (Indian Intellectual Property Office Appl. No. 2566949) applied on July 19, 2013 and registered on April 26, 2018.
Factual Background
The Complainant is India’s largest fertility service provider, operating over 150 centers and performing around 40,000 IVF cycles annually, with plans to expand significantly due to rising infertility rates. Established in 1988, it offers advanced reproductive treatments and is known for ethical practices, innovation, and a strong network of experienced specialists. Backed by EQT since 2023, the company is preparing for a $400 million IPO in 2025, potentially valuing it at around $2.5 billion. The Complainant enjoys a strong presence online also via its official social media platforms.
One of the Complainant’s shareholders registered the disputed domain name on 19 October 2010 and linked it with an official website of the Complainant until this dispute has started. The Complainant last paid for the renewal of the Domain Name for 5 years on August 28, 2024 and it was renewed till October 18, 2029. However, it was discovered in January 2025 that the disputed domain name was missing from the Complainant’s domain name control panel. Consequently, the Complainant’s representative reported the matter to the domain name provider, Global IT Providers, Jaipur. They notified the Complainant that the Complainant’s domain name control panel was accessed from an unfamiliar location in October 2024, and the domain name <indiraivf.com> was transferred away on October 31, 2024, without the Complainant’s authorization. The Complainant informed about the cyber incident to the Indian enforcement authorities.
The domain name service provider confirmed that the transfer was initiated by an IP address, which belonged to an unknown person from India. The service provider also informed that a notification was sent to the Complainant’s email, however, it may have gone unnoticed due to the large volume of emails received at that address. As a consequence, the domain name registrar has been changed to Hostinger. Finally, the registrar disclosed the underlying WHOIS information on 25 February 2025. As per the WHOIS data, the domain name registrant is located in Pusad, Maharashtra, India and his LinkedIn profile further discloses that the Respondent is an Ethical Hacker by profession. Nevertheless, the Company’s official website remained hosted on the disputed domain name, posing a significant risk of web sabotage.
Parties Contentions
The Complainant
The Complainant submits that the requirements of the Policy have been met and that the disputed domain name should be transferred to it.
The Complainant submits that it owns valid and long-standing trademark rights in INDIRA and INDIRA IVF, with trademark registrations dating back to 1988 and 2015, respectively. These marks have been extensively and continuously used in India for fertility services, making them well-recognized. The disputed domain name <indiraivf.com> contains the entirety of the Complainant’s registered trademark and is therefore considered identical or confusingly similar. The mere addition of the “.com” gTLD does not remove the confusing similarity between the domain name and the trademark. Accordingly, the first element of the Policy is satisfied, as the domain name clearly incorporates the recognizable portion of the Complainant’s mark.
According to the Complainant, the Respondent has no rights or legitimate interests in the disputed domain name, as he is not affiliated with the Complainant and have never been authorized to use the trademark INDIRA or INDIRA IVF. The domain name was hijacked/stolen on October 31, 2024, through unauthorized transfer, and continues to host the Complainant’s original website content, creating a risk of misuse, phishing, and consumer deception. The Respondent, identified as an ethical hacker, is using the domain in a deceptive and unauthorized way, clearly not in connection with a bona fide offering of goods or services. The Respondent is not commonly known by the disputed domain name, nor has any legitimate commercial or non-commercial justification to use it.
The Complainant asserts that the Respondent registered or acquired the domain name in bad faith, fully aware of the Complainant’s business and trademarks. The Respondent, based in the same region as the Complainant, transferred the domain to a different registrar without authorization and continues to control it despite lacking any connection to the Complainant. Evidence from the registrar and other online sources confirms the Respondent’s identity and shows a clear link between him and the hacked domain. The registration of a domain name confusingly similar to a well-known trademark, particularly when the Respondent had actual or constructive knowledge of the trademark, supports a finding of bad faith under the Policy. The circumstances suggest that the domain was taken over with the intention to exploit the Complainant’s goodwill and interfere with its online presence.
The continued use of the domain name by the Respondent amounts to bad faith, as it creates a false impression of affiliation with the Complainant. The Respondent has deliberately used the disputed domain to attract and mislead Internet users for commercial gain, by creating confusion regarding the source and legitimacy of the website. The website hosted at the disputed domain still displays the Complainant’s content, indicating an intention to impersonate the Complainant and benefit from its established reputation. This deceptive conduct poses a serious risk of reputational harm, customer diversion, and phishing attacks. The use of privacy protection services by the Respondent further indicates bad faith by attempting to conceal identity and evade accountability. Such opportunistic exploitation and impersonation demonstrate a clear intent to profit from confusion and fulfil the criteria of bad faith use under the Policy.
After the Response was filed by the Respondent, the Complainant provided its additional contentions. Therein, the Complainant argues that the Respondent’s explanation for acquiring the domain <indiraivf.com> is unconvincing, as the sale via Telegram lacks credibility and the Respondent is suspected to be the hacker or affiliated with the hacking group. The Complainant highlights that the Respondent paid a suspiciously low price for two domains, one of which was linked to the original registrar of the Complainant’s domain, suggesting unauthorized access at the reseller level. Despite the Respondent’s claim of ignorance, the Complainant asserts that the Respondent had actual knowledge of the brand’s strong reputation, given its public online presence and celebrity association. The disputed domain name was suspended due to abuse reports, indicating malicious use, and the Complainant had to intervene to restore access to their official website to prevent reputational and business damage. These additional submissions aim to reinforce the claims of bad faith registration and use, and to support the request for the domain name to be transferred back to the Complainant.
The Respondent
The Respondent provided the Response in which he claims that on October 26, 2024, he purchased the disputed domain name through a peer-to-peer (P2P) transaction after finding a post in a Facebook group. He expressed interest in buying this domain name due to its high traffic and proceeded with the deal via Telegram. He states that he transferred the payment to the seller, who then provided the authorization code to transfer the domain. The Respondent asserts that he has all the proof of the transaction, including details of the person from whom he bought the domain and where the money was sent. He adds that he is now unsure about what is happening and does not know what to do next.
Rights
The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).
No Rights or Legitimate Interests
The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).
Bad Faith
The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).
Procedural Factors
The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
Principal Reasons for the Decision
The Panel agrees with the Complainant that the disputed domain name is identical to the Complainant’s trademark INDIRA IVF.
The Panel acknowledges that the Complainant presented prima facie evidence that the Respondent is not sponsored by or affiliated with Complainant in any way. Furthermore, the Complainant has not licensed, authorized, or permitted Respondent to use Complainant’s trademarks in any manner, including in domain names. The Respondent’s name does not resemble the disputed domain name in any manner. Respondent’s use of the disputed domain names does not constitute a bona fide offering of goods or services or a legitimate non-commercial or fair use.
The Respondent did not challenge in his response the evidence that was presented by the Complainant, therefore, the Panel concludes that the Respondent meant Complainant’s trademarks INDIRA IVF when he took over the registration of the disputed domain name (see WIPO Overview 3.0, para. 3.1.1). Previous UDRP panels categorically held that the use of a domain name for illegal activity, including the unauthorized account access/hacking, impersonation/passing off, or other types of fraud, can never confer rights or legitimate interests on a respondent (see WIPO Overview 3.0, para. 2.13.1). The Respondent’s claim that the disputed domain name was allegedly purchased via a Facebook group does not negate the fact that this domain name was acquired as a result of the Complainant’s domain names‘ management account being previously hacked. Based on the general legal principle that no right can arise from illegality (ex injuria jus non oritur), the Respondent’s explanation cannot absolve him of liability for the unlawful acquisition of the disputed domain name.
Previous UDRP panels have already established that redirecting the disputed domain name back to the Complainant’s website is also the evidence that supports a finding that a respondent has registered a domain name to attract, for commercial gain, Internet users to its website by creating a likelihood of confusion with the Complainant’s mark (section 3.1.4 of WIPO Overview 3.0). In addition, the Respondent himself has confirmed in his response that the reason he was interested in buying the disputed domain name was in its high traffic. Previous UDRP Panels have also found that a respondent redirecting a domain name to the complainant’s website can establish bad faith insofar as the respondent retains control over the redirection thus creating a real or implied ongoing threat to the complainant (section 3.1.4 of WIPO Overview 3.0). This threat finally turned into real damages for the Complainant when the take-over of the disputed domain name resulted in the short suspension of the Complainant‘s website for several hours which forced the Complainant to intervene and restore access to its official website in order to prevent reputational and business damage.
Therefore, the Panel came to the conclusion that the Respondent both registered (i.e. took-over the registration) and used the disputed domain name in bad faith.
For all the reasons stated above, the Complaint is Accepted
and the disputed domain name(s) is (are) to be
indiraivf.com: Transferred
PANELLISTS
Name Darius Sauliūnas
Date of Panel Decision
2025-04-24
Decision Online at: https://udrp.adr.eu/decisions/detail?id=680f3dd84481433a9c0ea212