Brixmor Property Group successfully secured the transfer of three domains used by a repeat bad actor to impersonate its authentication systems. The panel ruled that the registration of these domains constituted bad faith use, citing their similarity to the BRIXMOR trademark and active phishing activity.
Case Snapshot
| Case Number | D2026-1947 |
|---|---|
| Complainant | Brixmor Property Group, Inc. |
| Respondent | Host Master, Njalla Okta LLC |
| Disputed Domain | brixmorsso.commybrixmorsfso.commybrixmorsso.com |
| Threat Tactic | Corporate Impersonation |
| Decision Date | 2026-06-22 |
| Panelist | Willem J. H. Leppink |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1947 |
Threat Assessment: SSO-Themed Impersonation and Credential Fraud
The registration of domains such as ‘brixmorsso.com’, ‘mybrixmorsso.com’, and ‘mybrixmorsfso.com’ represents a sophisticated attempt to weaponize corporate authentication workflows. By incorporating terms like ‘sso’ (Single Sign-On) alongside the BRIXMOR trademark, the Respondent aimed to deceive users into believing these domains were authentic entry points for the Complainant’s secure systems. This tactic exploits the inherent trust employees and customers place in standard enterprise login processes, significantly increasing the probability of successful credential theft and subsequent unauthorized access to sensitive corporate data.
The strategic use of these domains underscores a severe risk to customer trust and brand integrity. The identification of ‘brixmorsso.com’ as an unsafe and disguised phishing website by Google Safe Browsing serves as an indicator of the active harm posed by the Respondent’s campaign. Furthermore, the presence of inactive domains among the disputed set suggests a broader, opportunistic strategy where the Respondent maintains a reservoir of future attack vectors. Given the Respondent’s history as a named party in 67 prior UDRP proceedings, these tactics reflect a deliberate, recidivist pattern of abusive registration designed to facilitate fraud and undermine the Complainant’s established goodwill in the real estate sector.
Legal Analysis: Establishing Bad Faith Through SSO Impersonation and Procedural History
The Panel addressed the first element of the UDRP by confirming that the disputed domains—brixmorsso.com, mybrixmorsfso.com, and mybrixmorsso.com—are confusingly similar to the BRIXMOR trademark. The inclusion of ‘sso’ and ‘mybrixmorsfso’ directly misappropriates the brand to mimic the Complainant’s Single Sign-On authentication flows. This finding establishes the necessary standing for the Complainant, as the threshold for similarity is satisfied when the trademark is clearly recognizable within the contested domain names, irrespective of the suffix or misspelling.
Regarding rights or legitimate interests, the Panel affirmed that the Respondent failed to provide any evidence to support a claim of authorization or legitimate use. Given the domain names were specifically crafted to deceive users into believing they were interacting with the Complainant’s secure authentication systems, the Respondent could not plausibly claim a bona fide offering of goods or services. The absence of any response from the Respondent further weakened any potential defense, allowing the Panel to conclude that no such rights existed.
The Panel’s finding of bad faith was heavily reinforced by the Respondent’s documented history of 67 prior UDRP proceedings. By systematically registering domains that mirror brand owners’ trademarks, the Respondent demonstrated a clear pattern of abusive registration intended to trade on the goodwill of established entities. Furthermore, the active use of brixmorsso.com for phishing, as corroborated by Google Safe Browsing warnings, provided concrete evidence of malicious intent to defraud customers. The combination of historical recidivism and active phishing served as definitive proof that the registration and use of the domains were conducted in bad faith, mandating the transfer of all disputed domains to the Complainant.
Strategic Leverage of Patterned Misconduct and External Threat Intelligence
The Complainant successfully navigated the burden of proof by integrating empirical evidence of active phishing with a broader narrative of the Respondent’s documented pattern of abusive registrations. By leveraging third-party data from Google Safe Browsing, the Complainant provided the Panel with objective, verifiable proof that the disputed domain brixmorsso.com was being used for malicious, disguised phishing activities. This technical evidence, coupled with the linguistic analysis showing how the incorporation of ‘sso’ and ‘my’ prefixing sought to impersonate corporate authentication flows, established a clear trajectory of bad faith registration and use that transcended mere opportunistic domain squatting.
Furthermore, the strategy relied heavily on highlighting the Respondent’s extensive history as a repeat offender in 67 prior UDRP proceedings. By documenting this systematic behavior, the Complainant effectively neutralized potential defense claims, demonstrating that the Respondent’s primary intent was to trade on established brand goodwill through serial intellectual property infringement. This evidence of serial conduct allowed the Panel to confidently infer bad faith even regarding the remaining domains that were inactive at the time of filing, effectively treating them as a defensive stockpile for future fraud. This approach underscores the value for brand owners of maintaining granular records of external threat warnings and prior legal enforcement actions when challenging sophisticated impersonation campaigns.
Practical Recommendations
- Proactively register defensive variations of your brand incorporating common enterprise service suffixes (e.g., ‘sso’, ‘login’, ‘portal’, ‘auth’) to prevent attackers from establishing perceived legitimacy.
- Monitor security reputation databases like Google Safe Browsing and VirusTotal to capture real-time evidence of phishing site activity, which significantly strengthens UDRP complaints regarding bad faith use.
- Perform automated ‘whois’ lookups and domain registration monitoring for new domains containing your trademark combined with technical terms to identify and act on passive holdings before they transition into active phishing campaigns.
- Maintain a log of prior UDRP proceedings involving known bad actors to demonstrate a consistent ‘pattern of conduct’ when filing new complaints, as this evidence is highly persuasive to panels in establishing bad faith.
Frequently Asked Questions (FAQ)
Why were the disputed domains (e.g., brixmorsso.com) considered confusingly similar to the BRIXMOR trademark?
The panel found the domains confusingly similar because they incorporated the BRIXMOR trademark in its entirety. The addition of terms like ‘sso’ (Single Sign-On) and ‘my’ was clearly designed to deceive users into believing the domains were official Brixmor authentication portals.
How did the panel determine that the Respondent lacked legitimate rights or interests in these domains?
The Respondent failed to file a response to the Complaint. Furthermore, the evidence indicated the Respondent was using the domains for phishing or holding them as a deceptive infrastructure, which does not constitute a legitimate non-commercial or fair use under UDRP policy.
What evidence was most critical in proving the Respondent acted in bad faith?
The panel cited the active phishing warnings provided by Google Safe Browsing as direct evidence of bad faith use. Additionally, the Panel highlighted the Respondent’s history of being named in 67 prior UDRP proceedings, establishing a clear pattern of abusive domain registration.
Does the fact that some domains were inactive at the time of the filing impact the outcome?
No. Despite two of the domains (mybrixmorsfso.com and mybrixmorsso.com) being inactive at the time of filing, the Panel found the registration was still made in bad faith, particularly given the Respondent’s established history of trademark-abusive domain registrations and the simultaneous active phishing use of the related brixmorsso.com domain.
Facing corporate impersonation through a domain?
Protect your brand and user data from sophisticated SSO-themed phishing and credential theft tactics. Learn how to identify and mitigate domain-based impersonation risks through proactive UDRP strategies.
This case note is for informational purposes only and is not legal advice.



