Defamation campaigns orchestrated by competitors are nothing new in business. However, they are notoriously difficult to prove, while the reputational damage they cause is immediate and measurable. Once false information is published and indexed by search engines, it begins to erode trust, and the burden of reputational risk mitigation unfairly falls on the targeted business.
One of the industry’s leading ad networks recently found itself in precisely this position: defamatory content was hosted on a deceptive lookalike domain mimicking its brand identity.
ADEX moved swiftly to initiate a structured brand protection investigation – and what we uncovered went far beyond a simple case of negative PR.
Stage 1. Lookalike Domain Identification & Infrastructure Analysis
Key Events
-
2013Domain propelerads.com (with one “l”) registered
-
2025Defamatory content identified on the lookalike domain
-
October 2025Technical audit initiated
- WHOIS and registrar data analysis
- DNS and hosting infrastructure review
- Open-source intelligence (OSINT) investigation
The business targeted by the malicious website – the well-known multi-source platform PropellerAds – is no stranger to defamatory attacks. Over the years, the company has gained substantial experience dealing with bad actors attempting to disguise coordinated black-hat PR tactics as organic client feedback across review platforms and search results.
This time, however, it became clear that the domain propelerads.com (spelled with one “L” instead of two) was not merely poor PR practice. It constituted clear trademark infringement and required a formal enforcement response.
The domain propelerads.com was originally registered in 2013, at a time when the PropellerAds brand was gaining traction. For a while, the domain remained inactive and did not host substantive content. This pattern is consistent with domains that remain dormant and are later repurposed for reputational abuse.
At first glance, the website positioned itself as a technology blog under the name eTechlic. It contained generic tech articles designed to simulate a normal editorial structure.
But the homepage told a different story.
The page title included multiple deliberate brand misspellings: “Propelerads, Propelerad, propellerads, propellerad.”
This was a clear case of keyword stuffing combined with typosquatting – a tactic where a domain is registered with a slight variation of a well-known trademark to intercept traffic from typing errors.
Beneath the heading, the site linked to filler content to create structural legitimacy. At the same time, it prominently displayed an article titled: “Propeller Ads Scam Reveals [with proof].”
The structure was intentional:
- Brand mimicry
- SEO manipulation
- Reputational targeting
Additional credibility signals were layered in. The operators added an author profile with a photo in the footer and launched a corresponding Facebook page to simulate cross-platform legitimacy. However, ADEX specialists were unable to verify the existence of this individual or establish contact through publicly available sources.
Notably, those social media profiles have since been blocked and are no longer publicly accessible.
Another technical detail stood out: the website operated over HTTP rather than HTTPS. No TLS certificate. No encrypted connection. No browser trust indicators. For a site presenting itself as a tech resource, the absence of basic transport-layer security was a significant red flag.
The ADEX team conducted:
- WHOIS and registrar data review
- DNS and hosting environment analysis
- OSINT verification of contact details
- Content and metadata analysis
A formal cease-and-desist notice was sent to the contact details listed on the website.
No response was received.
Stage 2. Registrant Data Disclosure & Legal Escalation (UDRP)
UDRP Proceedings
-
Oct 17, 2025Formal complaint filed with WIPO under the UDRP procedure.
-
Oct 23, 2025Email received from the registrant’s disclosed contact requesting case details.
-
Oct 30, 2025Proceedings formally commenced by the WIPO Arbitration and Mediation Center.
-
Nov 19, 2025No formal response submitted by the Respondent.
By this stage, the situation had evolved beyond mere suspicion.
We were dealing with clear brand mimicry, deliberate SEO manipulation, and reputational targeting. The domain closely imitated the trademark, negative content was structured to capture search traffic, and the site operator remained unresponsive to formal communication in attempts to settle possible issues.
At the same time, the website’s presence began to raise concerns among PropellerAds clients and partners. Inbound alerts and complaints indicated that the domain was not merely a theoretical risk; it was actively affecting brand perception.
With no viable contact and serious doubts regarding the authenticity of the listed administrator, the case was escalated under the Uniform Domain Name Dispute Resolution Policy (UDRP).
A formal complaint was filed with the WIPO Arbitration and Mediation Center.
Following WIPO’s registrar verification request, GoDaddy disclosed the registration details. The domain was formally listed under: Julia Nikitina, Julka Holdings Limited (Hong Kong).
Shortly thereafter, an email was received from the registrant’s disclosed address requesting case materials. WIPO provided the full documentation.
No further response or objections from the domain admin followed.
Stage 3. WIPO Determination & Trademark Enforcement Outcome
Panel Decision & Outcome
-
Dec 5, 2025WIPO Panel issued its decision ordering the transfer of propelerads.com.
-
OutcomeThe disputed domain was officially transferred to the client.
On December 5, 2025, the WIPO Panel issued its decision ordering the transfer of propelerads.com to PropellerAds (Adtech Holding Ltd).
The Panel Decision
In its reasoning, the Panel specifically addressed the issue of the registrant’s contact details and their relevance to control over the disputed domain name. It noted the coincidence between the disclosed email address and phone number and those associated with an individual linked to a competing company:
“The coinciding email address and telephone number (which are the only practicable means to communicate with the registrant of a domain name) of the registrant of the disputed domain name show that the disputed domain name is potentially under the control of this individual and his company that is a competitor to the Complainant.”
— WIPO Decision, Section 6.1
The Panel confirmed all three required UDRP elements:
1. Confusing Similarity
The domain was an intentional misspelling of the PROPELLERADS trademark – a classic typosquatting pattern.
2. No Rights or Legitimate Interests
The Respondent failed to demonstrate any legitimate entitlement to the domain. The Panel concluded that the website was not a genuine criticism but a setup designed to exploit and harm the trademark.
3. Bad Faith Registration and Use
The Panel found it more likely than not that the domain was registered and used to disrupt a competitor’s business and to attract users by creating trademark confusion.
“Considering that the disputed domain name appears as an intentional misspelling of the Complainant’s trademark that has been registered by a person related to a competitor of the Complainant, and that it is being used for a website that claims that the Complainant’s services are a “scam”, there is also support for a conclusion that it is more likely than not that the disputed domain name has been registered and used for the purpose of disrupting the business of a competitor.”
– WIPO Decision, Section 6.2(C)
The result was clear: the domain was transferred to the ADEX client. The registrant did not exercise his right to appeal the decision.
Post-Decision Registrant Data Analysis
During the proceedings, the registrar-disclosed data and publicly available sources indicated discrepancies in the registrant information. After the decision was published, we performed a structured post-case documentation review to consolidate these findings for the public record.
Specifically, the email address associated with the domain matched a publicly available contact attributed to an individual named Thomas Padovani.
Following this finding, we conducted a review of open sources to determine who this individual was. Publicly available information identifies Thomas Padovani as an Estonian entrepreneur who has served in senior roles, including board-level and executive positions, across multiple companies.
Among the entities publicly linked to him is Adcash, an online advertising platform and direct competitor of PropellerAds, where he was publicly associated with leadership and ownership roles from 2011 to 2022, including the years during which the disputed domain was registered and later activated.
Source: History records of Adcash OÜ shareholders, source – e-Business Register
Apart from that, the listed phone number carried the +372 country code (Estonia), aligning with Adcash’s registered jurisdiction in Tallinn rather than the Hong Kong-based registrant listed in the records. Thomas Padovani listed the same number in public sources as his contact phone number.
ADEX does not determine personal identity behind domain registrations and does not assign liability. We report objective correspondences found in registrar-disclosed data. The assessment of these facts was conducted independently by the WIPO Panel.
Outcome Overview
Preventing Typosquatting: What Proactive Defense Requires
Preventing this kind of threat requires continuous oversight at the domain level. ADEX recommends the following:
1. Defensive domain registration
Your primary domain is not enough. Register predictable variations before someone else does:
- Common misspellings (missing letters, doubled letters, swapped characters)
- Key alternative TLDs (.net, .org, .co, .io, relevant country domains)
- Singular and plural versions
- Hyphenated variations
You won’t capture every possible typo, but you can eliminate the obvious attack surface.
2. Always use HTTPS and make it visible
Your official domain must use a valid SSL/TLS certificate.
Why it matters:
Typosquatting domains often lack proper encryption or use low-trust certificates. Educate users, both internally and externally, that your legitimate site always displays secure connection indicators.
Security signals reduce the effectiveness of impersonation.
3. Register your trademark early
Trademark registration is not optional – it is leverage.
Without a registered trademark, your ability to initiate UDRP proceedings is significantly weaker. With it, you have a clear legal foundation to reclaim infringing domains.
In competitive industries, delay equals vulnerability.
4. Monitor search signals, not just domains
You cannot realistically monitor every new registration manually.
Instead:
- Set up Google Alerts for your brand + high-risk keywords (“scam,” “fraud,” “review”)
- Regularly review branded search results
- Use Google Search Console data to identify real-world misspellings used by actual users
These real query patterns reveal which typo variations matter, and which ones attackers may exploit.
For high-value brands, domain intelligence tools (DomainTools, MarkMonitor, Recorded Future) can provide automated alerts for suspicious registrations.
5. Watch for IDN homograph attacks
Some domains look identical but use different character sets (for example, Cyrillic characters replacing Latin ones).
If your brand has significant traffic or international exposure:
- Monitor Punycode domains
- or Pre-register high-risk visual lookalikes
These attacks are subtle and often go unnoticed until damage occurs.
6. Lock your own domain
Request registrar-level protection (ICANN lock/transfer lock).
This prevents unauthorized transfers or modifications. Defensive strategy is not only about external threats, but it’s also about protecting control over your own assets.
7. Secure your email infrastructure
Typosquatting domains are frequently used for phishing.
Configure and enforce:
- SPF (authorized senders)
- DKIM (email signing)
- DMARC (policy enforcement and reporting)
Proper DNS-based email authentication reduces attackers’ ability to impersonate your brand in outbound communication.
8. Be ready to escalate
If a domain is actively harming your reputation or targeting users:
- File a UDRP complaint for a domain transfer
- Escalate through formal dispute resolution mechanisms
- Document evidence from day one
- The earlier the action, the stronger the position
Reducing Typosquatting Risk
- Register defensive domains — secure common misspellings, key TLDs, plural/singular and hyphen variants.
- Use HTTPS everywhere — maintain valid SSL/TLS and make security indicators visible to users.
- Trademark your brand early — establish clear legal standing for UDRP enforcement.
- Monitor search signals — track brand + “scam/review/fraud” queries and real typo patterns via Search Console.
- Watch for IDN homographs — monitor visually similar (Punycode) domains.
- Lock your domain — enable registrar-level transfer protection.
- Secure email authentication — enforce SPF, DKIM, and DMARC.
- Be ready to escalate — document evidence and act quickly through formal dispute mechanisms.
Why Brand Protection Matters
This case shows how a single-character domain variation can evolve into a structured reputational attack:
- Typo-based registration
- SEO manipulation
- Defamatory content
- Offshore nominal registrant
- Inconsistent contact data
At first glance, it looked like “just another negative site.”
Under technical scrutiny, it revealed coordinated infrastructure-level abuse.
Brand protection today is not limited to monitoring mentions or tracking reviews. It requires domain intelligence, registrar data analysis, OSINT capabilities, and the ability to escalate through formal dispute mechanisms, such as the UDRP, when necessary.
For ADEX, brand protection means detecting threats early – at the DNS and domain layer – before reputational damage compounds.
In highly competitive industries such as adtech, reputation is a strategic asset. And protecting it requires both technical expertise and decisive action.
For any questions regarding this case, please contact us at contact.us@adex.com
