In case D2025-4547, Carvana, LLC successfully challenged the registration of the domain carvanahrdpt.org by Jatori Smith. Carvana, a well-known online platform for buying and selling used cars, contended that the domain was registered to capitalize on their established brand identity. The company argued that the inclusion of their trademark alongside the abbreviation for a human resources department suggested a false affiliation with their corporate operations, likely intended to deceive employees or job seekers.
The Basis for the Transfer
The administrative proceeding resulted in a decision to transfer the domain because the registrant had no authorization to use the trademark and was not commonly known by the name. By combining a famous brand name with terms related to corporate infrastructure, the domain created a high risk of deception. There was no evidence of any legitimate noncommercial or fair use of the site. Furthermore, the circumstances indicated that the domain was chosen specifically to target the vehicle retailer’s reputation, likely for the purpose of creating a platform that mimicked an official company portal. Since the registrant provided no response or justification for the registration, the narrative provided by the brand owner remained uncontested, leading to the conclusion that the domain was registered with deceptive or misleading intent.
Indicators of Misleading Intent
The choice of “hrdpt” (an abbreviation for human resources department) appended to a global brand name is a common tactic used in phishing or credential harvesting schemes. By masquerading as an internal resource for Carvana, the domain posed a significant security risk to the company’s stakeholders and overall brand integrity.
Defending Internal Brand Infrastructure
This case highlights the importance of monitoring for domains that attempt to impersonate internal corporate functions. For digital-first businesses, brand protection extends beyond customer-facing URLs to include any terms that suggest official employment, payroll, or human resources departments. Proactive enforcement ensures that malicious actors cannot bridge the gap between public brand perception and private internal operations, preventing potential data breaches and maintaining trust with employees.
If your organization is targeted by deceptive domain registrations that mimic your internal departments, the ClaimOn team is available to assist you in launching effective enforcement actions and reclaiming your digital assets.
