Build-A-Bear Workshop, Inc. successfully secured the transfer of buildabearsale.com after a WIPO panel ruled against a recidivist squatter. The respondent, operating under the name ‘no lar frank’, had configured the domain to host an unauthorized shop displaying Build-A-Bear’s official logo. The sole panelist ordered an immediate transfer of the domain due to bad faith impersonation and lack of legitimate rights.
Case Snapshot
| Case Number | D2026-1070 |
|---|---|
| Complainant | Build-A-Bear Workshop, Inc. |
| Respondent | no lar frank |
| Disputed Domain | buildabearsale.com |
| Threat Tactic | Fake Stores |
| Decision Date | 2026-04-28 |
| Panelist | Saisunder Nedungal Vidhya Bhaskar |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1070 |
Commercial Impersonation and the Tactical Evasion Strategies of Serial Infringers
The registration of buildabearsale.com highlights a targeted digital exploit that directly threatens consumer trust and brand equity. By combining the distinctive BUILD-A-BEAR trademark with the transactional modifier ‘sale’—and omitting the trademark’s standard hyphens—the registrant specifically targeted high-intent retail traffic. Hosting an unauthorized store featuring the Complainant’s official logo to pass off illegitimate services as authorized channels compromises customer relationships. For brand owners, this tactic creates an immediate risk of traffic diversion, where consumers seeking genuine promotional opportunities are intercepted by unauthorized retail interfaces using misappropriated brand assets.
The operational threat in this dispute is compounded by the fact that the Respondent, operating under the name ‘no lar frank’ out of Manila, Philippines, is a documented repeat offender. This individual has been named as a respondent in at least five other UDRP proceedings involving major global brands, including Valentino, IBM, and Huda Beauty. This pattern of recidivism shows that corporate brands are frequently targeted by coordinated, professionalized operators who exploit commercial terms at scale. To mitigate this threat, intellectual property professionals must look beyond isolated enforcement actions and maintain comprehensive intelligence on repeat actors who programmatically exploit global corporate marks.
Furthermore, the transition of the disputed domain from an active retail counterfeit portal to an inactive ‘DNS address unable to be found’ page following a takedown notice demonstrates a calculated evasion tactic. Threat actors frequently suspend active operations temporarily when confronted with preliminary brand enforcement actions in order to avoid further legal scrutiny or domain transfer. This behavior underscores why administrative hosting-level takedowns are often insufficient on their own. Securing a formal transfer of the underlying domain through the UDRP is necessary to permanently strip serial threat actors of their digital assets and prevent them from reactivating the deceptive site at a later date.
Panel Analysis: Confusing Similarity, Rights, and Bad Faith in E-Commerce Impersonation
Under the first element of the UDRP, the Panel determined that the disputed domain name, buildabearsale.com, is confusingly similar to the Complainant’s registered BUILD-A-BEAR trademark. The domain incorporates the mark in its entirety, merely removing the hyphens and appending the descriptive commercial term "sale." This addition does not mitigate confusing similarity; instead, it amplifies customer deception by directly targeting consumers looking for the brand’s authorized discounted merchandise.
Regarding rights or legitimate interests, the Complainant established that the Respondent has never been authorized or licensed to use the BUILD-A-BEAR trademark. The Respondent, identified as "no lar frank" of Manila, Philippines, has no legitimate connection to the brand and is not commonly known by the domain. The Panel held that deploying a domain to host an unauthorized retail storefront that displayed Build-A-Bear’s official logo to mimic its commercial activities does not represent a bona fide offering of goods or services, but rather constitutes a clear case of commercial passing off.
The bad faith registration and use were demonstrated by the global recognition of the Complainant’s brand dating back to 1997, making it inconceivable that the Respondent was unaware of the trademark when registering the domain on February 2, 2026. This intent to exploit the trademark is reinforced by the Respondent’s history as a recidivist squatter, having been named in at least five prior UDRP proceedings involving major global brands. The Panel noted that targeting a highly recognizable mark to divert consumer traffic to an imitation retail store constitutes classic bad faith.
Finally, the tactical shift where the disputed domain became inactive—resolving to a "DNS address unable to be found" error page following the Complainant’s preliminary takedown action—did not prevent a finding of bad faith. For brand protection professionals, this pattern illustrates how threat actors seek to evade liability by disabling active storefronts once enforcement begins. The Panel’s willingness to evaluate historical screenshots of the active fake shop confirms that temporary or defensive inactivation of a domain does not absolve a respondent of bad faith under the Policy.
Strategic Evidence and Recidivism Proof Secure Transfer in buildabearsale.com Dispute
Build-A-Bear Workshop, Inc. executed a highly effective evidentiary strategy by meticulously documenting the disputed domain’s active state before issuing a takedown request. Prior to the site’s transition to an inactive status resolving to a DNS error page, the complainant captured evidence of the website’s unauthorized commercial passing off, which displayed the official BUILD-A-BEAR logo and purported to sell the brand’s products. By preserving this critical historical proof of corporate impersonation, the complainant successfully established that the omission of trademark hyphens combined with the commercial modifier ‘sale’ was designed to exploit consumers, rendering the subsequent inactivity of the domain irrelevant to the bad faith determination.
A cornerstone of the complainant’s persuasive case was the exposure of the respondent’s history as a serial cybersquatter. After unmasking the privacy proxy service to identify the registrant as ‘no lar frank’ of Manila, Philippines, the complainant introduced evidence of the respondent’s involvement in at least five prior UDRP proceedings involving major global brands such as Valentino, IBM, Huda Beauty, and Buck Mason. Presenting this clear pattern of abusive registration and trademark targeting built an unassailable case of bad faith, demonstrating to the sole panelist that the registration of buildabearsale.com was part of a systemic, unauthorized domain-squatting operation.
Practical Recommendations
- Secure comprehensive, time-stamped digital evidence of fraudulent storefronts—including screenshots of official logo misuse and unauthorized product listings—prior to issuing preliminary takedown notices, ensuring bad-faith use remains fully documented even if the respondent subsequently takes the domain inactive.
- Perform exhaustive background searches on identified registrants during the preparation of a UDRP complaint to identify and cite prior adverse decisions, establishing a clear pattern of abusive registration and recidivism (such as referencing the respondent’s history in disputes involving brands like Valentino, IBM, and Huda Beauty).
- Establish automated monitoring systems to detect new registrations combining core brand trademarks with high-risk retail modifiers (such as ‘sale’, ‘shop’, or ‘store’) and common typographical variations, including the omission of hyphens from multi-word marks.
- Incorporate the presence of privacy proxy services (like PrivacyGuardian.org) into risk-scoring models for domain enforcement, prioritizing quick escalation to registrar verification requests when combined with unauthorized brand name usage.
Frequently Asked Questions (FAQ)
Why was the domain buildabearsale.com considered confusingly similar to the official brand?
The WIPO panel determined that the domain was confusingly similar because it incorporates the ‘BUILD-A-BEAR’ trademark in its entirety, merely removing the hyphens and adding the descriptive term ‘sale’ to create a deceptive association with the Complainant’s actual retail activities.
How did the panel determine that the respondent had no legitimate rights or interests in the domain?
The panel found no evidence that the respondent was commonly known by the name or authorized to use the trademark. Furthermore, the respondent’s use of the site to impersonate the brand via logo misuse and unauthorized product offerings constitutes passing off, which cannot establish a bona fide offering of goods or services.
What factors were cited to prove the respondent acted in bad faith?
Bad faith was established by the respondent’s decision to target a globally recognized brand while having a documented history of recidivism, specifically being named as a respondent in at least five previous UDRP proceedings involving other major global companies.
What is the practical outcome and tactical takeaway from this case?
The panel ordered the transfer of the domain to Build-A-Bear Workshop. The case highlights a common tactic where bad actors register trademark-plus-keyword domains to host fake shops, often switching the site to an inactive or ‘DNS not found’ state as a defensive measure following initial enforcement outreach.
Found a fake shop using your brand?
Deceptive storefronts misusing your logos and trade names can erode customer trust and brand equity. Learn how to identify, monitor, and recover domains used for unauthorized e-commerce impersonation.
This case note is for informational purposes only and is not legal advice.



