Decision for dispute CAC-UDRP-108241

The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain names.

The Complainant is the registered owner of multiple trademarks containing the word elements “MOL” and “MOL GROUP”, including in particular the following trademarks:

- MOL (figurative), EU Trademark, trademark no. 007085152, registration date 16 March 2021, application (priority date) 5 June 2008, registered for goods and services in the international classes 4, 35 and 43;

- MOLGROUP (figurative), EU Trademark, trademark no. 007085152, registration date 3 March 2023, application (priority date) 20 July 2022, registered for goods and services in the international classes 4, 39 and 40.

The Complainant is also the owner of numerous national trademark registrations for MOL and MOL GROUP in various jurisdictions worldwide.

Collectively, the above trademarks are referred to as the “Complainant’s Trademarks.”

The Complainant, MOL Magyar Olaj- és Gázipari Nyilvánosan Működő Részvénytársaság, a Hungarian multinational oil and gas company headquartered in Budapest, Hungary. It is a leading energy company in Central and Eastern Europe, operating across the full energy value chain, including exploration and production, refining, distribution and marketing, petrochemicals, power generation, trading, and retail. MOL Group operates in more than 50 countries, employs approximately 25,000 people worldwide, and has over 80 years of experience in the hydrocarbon sector. The Complainant was ranked among the world’s largest companies on the Fortune Global 500 list.

The Complainant has a long-standing and significant online presence. It operates its principal corporate websites at <mol.hu>, registered in 1996, and <molgroup.hu>, registered in 2006, as well as the international corporate website at “molgroup.info”. The Complainant is also active on social media, including a LinkedIn account with a substantial following, further evidencing the widespread recognition of the MOL and MOL GROUP names and marks.

The disputed domain names were registered as follows:

<molgroup-eu.com> was registered on 2 October 2025;

<molgroup-chain.com> was registered on 27 January 2025;

<mol-service.info> was registered on 6 February 2025;

<molteam-procurement.info> was registered on 2 February 2025;

<molgroup-industries.com> was registered on 1 February 2025; and

<molgroup-supply.com> was registered on 31 January 2025.

All four disputed domain name websites (i.e. websites available under internet address containing the disputed domain names) are not active and does not resolve to any websites.

Although the disputed domain names do not resolve to active websites, the Complainant has demonstrated that they were configured with MX (e-mail) records and used to send phishing e-mails. The Respondents’ use of the disputed domain names for e-mail purposes falsely created the impression that the e-mails originated from the Complainant, thereby impersonating the Complainant’s e-mail infrastructure.

COMPLAINANT

A) CONFUSING SIMILARITY

The Complainant states that:

• All Complainant’s Trademarks pre-date the registration of the disputed domain names.
• For individual disputed domain names:
  • <molgroup-eu.com>: differs from the MOL GROUP mark only by a hyphen and the descriptive term “eu”; confusingly similar to the verbal element of the MOL GROUP mark;
  • <molgroup-chain.com>: differs from the MOL GROUP mark only by a hyphen and the descriptive term “chain”; confusingly similar to the verbal element of the MOL GROUP mark;
  • <mol-service.info>: differs from the MOL mark only by a hyphen and the descriptive term “service”; confusingly similar to the verbal element of the MOL mark;
  • <molteam-procurement.info>: replaces “group” with the closely related term “team” and adds the descriptive term “procurement”; confusingly similar to both the MOL GROUP and MOL marks;
  • <molgroup-industries.com>: differs from the MOL GROUP mark only by a hyphen and the descriptive term “industries”; confusingly similar to the verbal element of the MOL GROUP mark;
  • <molgroup-supply.com>: differs from the MOL GROUP mark only by a hyphen and the descriptive term “supply”; confusingly similar to the verbal element of the MOL GROUP mark.
    
    
• The disputed domain names give rise to initial interest confusion by incorporating the Complainant’s trademarks.
• Each domain differs from the Complainant’s marks only by the addition of descriptive terms (e.g., “eu”, “chain”, “service”, “procurement”, “industries”, “supply”).
• These descriptive additions do not dispel confusion and instead suggest an official connection with the Complainant’s business.
• The generic Top-Level Domains (“.com” and “.info”) are disregarded for the purpose of assessing confusing similarity.
• Accordingly, all disputed domain names are confusingly similar to trademarks in which the Complainant has rights under the Policy.
  
  

B) NO RIGHTS OR LEGITIMATE INTERESTS

The Complainant states that:

• The disputed domain names were registered in 2025 by registrants using false, unverifiable, or anonymized identities, including fabricated personal names and privacy services, with no evidence of any real underlying rights holder.
• There is no evidence that the Respondents are commonly known by any of the disputed domain names or by the terms “MOL” or “MOL GROUP”.
• The Respondents hold no trademark or service mark rights in “MOL” or “MOL GROUP” and have never traded legitimately under those names.
• The Respondents are not licensees of the Complainant and have received no authorization, consent, or acquiescence to use the Complainant’s trademarks.
• Although the disputed domain names do not resolve to active websites, they were configured with MX records and actively used for phishing e-mails, impersonating the Complainant and its former employees.
• Such use falsely suggests association with the Complainant and cannot constitute a bona fide offering of goods or services or any legitimate noncommercial or fair use.
• The Complainant has made out a prima facie case that the Respondents lack rights or legitimate interests under section 2.1 of the WIPO Overview 3.0.
• The Respondents have failed to rebut this prima facie case by providing any evidence of rights or legitimate interests. Therefore, the Respondent’s actions do not qualify as legitimate non-commercial or fair use under the Policy.

C) BAD FAITH REGISTRATION AND USE

The Complainant states that:

• The disputed domain names were registered in 2025 with the deliberate intent to target the Complainant and its well-known MOL and MOL GROUP trademarks, as evidenced by their use in phishing and fraud schemes.
• Given the distinctiveness and reputation of the MOL and MOL GROUP marks, the Respondents must have had knowledge of the Complainant at the time of registration.
• The disputed domain names are confusingly similar to the Complainant’s trademarks and were not registered for any conceivable good-faith purpose.
• The Respondents have not used the disputed domain names for a bona fide offering of goods or services, nor for legitimate non-commercial or fair use (Policy, paragraphs 4(c)(i) and 4(c)(iii)).
• The disputed domain names carry a high risk of implied affiliation with the Complainant, falsely suggesting sponsorship or endorsement.
• MX and SPF records were configured for all disputed domain names, enabling e-mail functionality and demonstrating preparation for, and actual use in, fraudulent e-mail communications.
• The Complainant has provided evidence of phishing e-mails sent from addresses associated with the disputed domain names, impersonating the Complainant and its former employees.
• Several disputed domain names are listed on known e-mail blacklists, further confirming their abusive use.
• Panels have consistently found that configuring MX and SPF records on confusingly similar domain names supports a finding of bad faith, even independently of proven phishing activity.
• The Respondents’ use of privacy/proxy services and false or incomplete WhoIs information further indicates an intent to conceal identity and supports a finding of bad faith.
• Although the disputed domain names do not resolve to active websites, their passive holding, combined with other indicia of bad faith, does not prevent a finding of bad faith use under the Policy.
• Taken cumulatively, the evidence demonstrates that the disputed domain names were registered and are being used in bad faith, including under paragraph 4(b)(iv) of the Policy

RESPONDENT:

The Respondents have not provided any response to the Complaint.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain names are identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the Respondents to have no rights or legitimate interests in respect of the disputed domain names (within the meaning of paragraph 4(a)(ii) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the disputed domain names have been registered and are being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

The Complainant has filed a request for consolidation.

Pursuant to paragraph 10(e) of the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), the Panel has discretion to decide a request by a party to consolidate multiple domain name disputes in accordance with the Policy and the Rules. Paragraph 3(c) of the Rules further provides that a complaint may relate to more than one domain name, provided that the domain names are registered by the same domain name holder.

Where, as here, multiple domain names appear to be registered in the names of different respondents, consolidation may nevertheless be appropriate where the complainant establishes that (i) the disputed domain names are subject to common control, and (ii) consolidation would be fair and equitable to all parties (see WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 4.11.2).

Common Control

The Panel finds that the Complainant has provided substantial and persuasive evidence demonstrating that all six disputed domain names are subject to common control, notwithstanding the use of different registrant names, contact details, registrars, and privacy or proxy services.

First, the registrant data itself strongly suggests the use of fabricated or false identities. The Respondent identified for <molgroup-industries.com> is listed as “Putad Smith” with an address in the Northern Territory of Australia. The Complainant has credibly demonstrated that neither the name nor the specific street-level address appears to correspond to any identifiable real person or verifiable address in publicly available records, and that the postcode provided (0871) is inconsistent with standard population postcodes in the Northern Territory.

Similar anomalies appear with respect to <molteam-procurement.info>, which is registered to a nearly identical name (“Putadyu smith”) using another implausible address in the same region and postcode. These minor variations in spelling are indicative of deliberate obfuscation rather than distinct, independent registrants.

Second, other disputed domain names rely on privacy or proxy services or registrant names that similarly lack credibility. The domain name <molgroup-eu.com> is registered in the name of “Host Master” of Njalla Okta LLC, a privacy service that has been identified in numerous prior UDRP decisions as facilitating abusive domain name registrations. Panels have consistently recognized that the use of such services, particularly when combined with other indicia of abuse, may support a finding of common control. Likewise, the registrant details associated with the name “Educan Michala” and a purported address in Nairobi, Kenya, have been shown to be inconsistent with publicly indexed address and postcode data, further reinforcing the conclusion that these details are fictitious.

Third, and most compellingly, all disputed domain names have been used in an identical or highly coordinated manner as part of a single phishing scheme impersonating the Complainant, MOL Group. The evidence shows that all domains were used exclusively for sending fraudulent procurement-related e-mails, typically inviting recipients to submit bids or quotations for urgently needed industrial pumps. These e-mails consistently impersonate MOL Group, reproduce its legitimate corporate address, telephone number, and logo, and purport to be sent by the same former MOL Group Chief Procurement Officer or other fabricated former employees.

The phishing e-mails are not merely similar in theme; several are textually identical, despite being sent from different disputed domain names and on different dates. In some instances, e-mails sent from one disputed domain name explicitly instruct recipients to reply to e-mail addresses associated with another disputed domain name (e.g., e-mails sent from @mol-service.info directing responses to @molgroup-industries.com, or e-mails from @molteam-procurement.info directing responses to @molgroup-supply.com). This cross-referencing of domain names is a strong indicator that the same person or entity controls all of them.

The evidence further demonstrates a clear temporal and operational pattern. The first group of disputed domain names was registered within a short time frame between late January and early February 2025, followed almost immediately by phishing e-mails using those domains. A second wave of registrations occurred in October 2025, again followed by phishing emails using substantially the same wording, templates, product descriptions, and impersonated personnel. The repetition of the same fraudulent content, combined with the coordinated timing of registrations and use, points decisively to a single ongoing scheme operated by the same or closely related actors.

Additionally, all disputed domain names follow the same naming convention: the Complainant’s trademark “MOL” or “MOL Group” combined with generic procurement- or industry-related terms such as “service”, “supply”, “chain”, “industries”, or “procurement”, often separated by a hyphen. Panels have consistently recognized that such a consistent domain naming strategy supports a finding of common control.

Finally, none of the disputed domain names resolves to an active website. All are passively held in an identical manner and used solely for e-mail-based phishing. This uniform pattern of passive holding, combined with identical abusive use, further supports the conclusion that the domain names are under common control.

Taking all of these factors together—false or implausible registrant identities, the use of privacy services, identical phishing content, cross-referencing between domains, consistent naming patterns, synchronized registration and use, and uniform passive holding—the Panel is satisfied that the disputed domain names are more likely than not controlled by the same person or by a single coordinated group acting in concert.

Fairness and Equity

The Panel further finds that consolidation in this case is fair and equitable to all parties. The Respondent(s) have not come forward with any evidence to rebut the Complainant’s assertions of common control, nor have they demonstrated that they would suffer any prejudice as a result of consolidation. On the contrary, consolidation promotes procedural efficiency, avoids the risk of inconsistent decisions, and reflects the reality that the disputed domain names form part of a single abusive scheme.

Panels in prior cases have granted consolidation in similar circumstances where multiple domain names, registered under different names and with different registrars, were shown to be part of a unified phishing or impersonation campaign (see, e.g., WIPO Case Nos. D2025-3144, D2025-3862, and D2025-3435).

Conclusion on Consolidation

Accordingly, the Panel concludes that the requirements for consolidation under paragraph 10(e) of the Rules and section 4.11.2 of WIPO Overview 3.0 are satisfied. The Panel therefore grants the Complainant’s request to consolidate the disputes relating to all disputed domain names, i.e. <mol-service.info>, <molgroup-chain.com>, <molgroup-supply.com>, <molteam-procurement.info>, <molgroup-eu.com>, and <molgroup-industries.com> into a single proceeding.

Accordingly, the Complainant’s request for consolidation is granted.

This proceeding shall continue on a consolidated basis with respect to all disputed domain names. For case management purposes, the Panel will refer to the respondent as the underlying registrant(s) operating through the identified privacy (proxy service), collectively “the Respondent(s).”

A) COMPLAINANT’S RIGHTS AND CONFUSING SIMILARITY

Since the disputed domain names and the Complainants' trademark are not identical, the key element investigated and considered by the Panel is whether the disputed domain names are confusingly similar to the Complainants' trademark under the UDRP first element.

The first element functions primarily as a standing requirement. The standing (or threshold) test for confusing similarity involves a reasoned but relatively straightforward comparison between the complainant’s trademark and the disputed domain name(s).

This test typically involves a side-by-side comparison of the domain name and the textual components of the relevant trademark to assess whether the trademark is recognizable within the disputed domain name. 

In cases where a disputed domain name incorporates the entirety of a trademark, or where at least a dominant feature of the relevant mark is recognizable in such domain name, the disputed domain name will normally be considered confusingly similar to that trademark for purposes of UDRP standing.

Where the relevant trademark is recognizable within the disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) would not prevent a finding of confusing similarity under the first element.

Applying the principles described above, the Panel finds that incorporation of a dominant “MOL” element of Complainant’s trademarks into the disputed domain names constitutes confusing similarity between Complainant’s trademarks and the disputed domain names.

Addition of non-distinctive elements – generic words or abbreviations “eu”, “chain”, “service”, “procurement”, “industries”, and “supply” - cannot prevent the confusing similarity in the eyes of internet consumers between the disputed domain names and the Complainant’s trademarks.

For the sake of completeness, the Panel asserts that the top-level suffix in the disputed domain name (i.e. the “.com” and “.info”) must be disregarded under the identity and confusing similarity tests as it is a necessary technical requirement of registration.

Consequently, the disputed domain names are confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

B) NO RIGHTS OR LEGITIMATE INTERESTS

The Complainant has established a prima facie case that the Respondent lacks rights or legitimate interests in the disputed domain names. The Complainant shows that the Respondent is not commonly known by the disputed names and has never been affiliated with or authorized by the Complainant. The burden therefore shifts to the Respondent to demonstrate rights or legitimate interests under Paragraph 4(c) of the Policy.

In the present case, the Panel finds that the Complainant has established a prima facie case. The disputed domain names were registered in 2025 by registrants using false, unverifiable, or anonymized identities, including fabricated personal names and privacy services, with no evidence identifying any genuine underlying rights holder. There is no evidence that the Respondents have been commonly known by the disputed domain names, or by the terms “MOL” or “MOL GROUP”, within the meaning of paragraph 4(c)(ii) of the Policy. Nor is there any evidence that the Respondents hold any trademark or service mark rights in “MOL” or “MOL GROUP”, or that they have ever traded legitimately under those names.

The Panel further notes that the Respondents are not licensees of the Complainant and have received no authorization, consent, or acquiescence to use the Complainant’s trademarks in any manner, including as part of the disputed domain names.

Although the disputed domain names do not resolve to active websites, the evidence shows that they were configured with MX records and actively used for sending phishing e-mails impersonating the Complainant and its former employees. Such use falsely suggests an association with the Complainant and cannot constitute a bona fide offering of goods or services under paragraph 4(c)(i) of the Policy, nor a legitimate noncommercial or fair use under paragraph 4(c)(iii) of the Policy. On the contrary, the use of confusingly similar domain names for phishing purposes is inherently illegitimate.

The Respondents have failed to submit any response or otherwise provide evidence to rebut the Complainant’s prima facie case or to demonstrate any rights or legitimate interests in the disputed domain names.

Accordingly, the Panel finds that the Respondents have no rights or legitimate interests in the disputed domain names within the meaning of paragraph 4(a)(ii) of the Policy.

C) BAD FAITH

The Policy requires a finding of bad faith where a domain name is both registered and used in bad faith (paragraph 4(a)(iii)). The Panel considers the totality of circumstances in this case and finds that the disputed domain names were registered and are being used in bad faith.

(i) Bad Faith Registration

The disputed domain names were registered in 2025 with the clear intent to target the Complainant’s well-known trademarks. The Respondents chose domain names that are confusingly similar to the Complainant’s marks, incorporating the identical verbal elements of those marks and adding only descriptive terms. Given the high distinctiveness and global reputation of the Complainant’s marks, it is inconceivable that the Respondents were unaware of the Complainant at the time of registration.

Moreover, the disputed domain names were registered using false, unverifiable, or anonymized identities and privacy/proxy services. This indicates an intent to conceal identity and avoid accountability, which is a recognized indicator of bad faith. The lack of any legitimate connection to the Complainant, combined with the deliberate choice of confusingly similar domain names, demonstrates that the registrations were made in bad faith.

(ii) Bad Faith Use

The Panel also finds bad faith use of the disputed domain names. The disputed domain names are configured with MX and SPF records, enabling email functionality and demonstrating preparation for fraudulent e-mail communications. The Complainant has produced evidence of phishing e-mails sent from e-mail addresses associated with the disputed domain names, which impersonate the Complainant and its former employees. Such use is inherently deceptive and indicates an intent to mislead recipients into believing that the e-mails originate from the Complainant.

Additionally, several disputed domain names are listed on known e-mail blacklists, which further confirms their abusive and fraudulent use. Panels have consistently found that the presence of MX and SPF records, particularly where the domain is confusingly similar to a trademark, supports an inference of bad faith even where phishing activity is not otherwise proven.

Finally, although the disputed domain names do not resolve to active websites, the passive holding of these domains does not prevent a finding of bad faith. The combined evidence of fraudulent e-mail use, deliberate anonymity, and clear association with the Complainant’s marks establishes that the disputed domain names are being used in bad faith.

Conclusion

Accordingly, the Panel concludes that the disputed domain names have been both registered and used in bad faith within the meaning of paragraph 4(a)(iii) of the Policy.