5 May, 2026

Unauthorized Luxury Brand Impersonation: The bvlgari.love Domain Dispute

UDRP Cases

Bulgari S.p.A. successfully recovered the domain bvlgari.love from respondent Hettinger Edgar. The domain, which previously featured a fraudulent login page using the BVLGARI trademark, was ordered to be transferred following a finding of bad faith impersonation.

Case Snapshot

Case Number D2025-5357
Complainant Bulgari S.p.A.
Respondent Hettinger Edgar
Disputed Domain
bvlgari.love
Threat Tactic Corporate Impersonation
Decision Date 2026-02-13
Panelist Enrique Bardales Mendoza
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5357

Credential Harvesting and Prestige Dilution via Strategic Impersonation

The deployment of a login interface at the disputed domain presents a high-level security threat to the Complainant’s internal data integrity and customer trust. By displaying the BVLGARI trademark on a page designed to capture credentials, the Respondent engaged in active impersonation that extends beyond mere traffic diversion. For a luxury entity with over 320 global retail locations, such unauthorized portals serve as primary vectors for harvesting sensitive employee or client information. This tactic leverages the heritage and reputation established by Bulgari S.p.A. since 1884 to create a false sense of security, potentially facilitating secondary financial fraud or unauthorized access to the Complainant’s proprietary systems.

The transition of the domain from an active impersonation site to a state of passive holding does not neutralize the commercial risk; rather, it suggests a tactical shift to avoid immediate detection while retaining control over a high-value brand asset. The use of the ‘.love’ gTLD, while technically irrelevant to the legal finding of identity, introduces a risk of brand dilution by associating a high-end jewellery and hotel mark with a non-traditional extension. Because the Respondent demonstrated an initial intent to deceive via a fraudulent login page, the domain remained a dormant threat that could be reactivated at any time for phishing or the distribution of deceptive content if the transfer were not secured through the UDRP process.

Evidentiary Anchors and the Impact of Documented Impersonation

Bulgari S.p.A. secured a transfer by prioritizing the documentation of the domain’s historical content rather than relying solely on its current passive state. The evidence demonstrating that bvlgari.love previously resolved to a login interface featuring the BVLGARI trademark was central to proving bad faith. This tactical move allowed the Complainant to categorize the Respondent’s actions as corporate impersonation, which carries significant weight in UDRP proceedings. By capturing this ephemeral evidence of a fraudulent login page, the Complainant established that the domain was not merely registered speculatively but was actively used to misappropriate the brand’s identity for potentially deceptive purposes.

The legal strategy also benefited from a precise focus on the technical irrelevance of the ‘.love’ gTLD in the identity assessment. By asserting that the gTLD is a technical requirement that does not distinguish the domain from the protected mark, the Complainant simplified the Panel’s analysis of confusing similarity. Furthermore, the Complainant successfully highlighted the absence of any legitimate connection or authorization, which, coupled with the Respondent’s failure to reply, allowed the Panel to accept the Complainant’s reasonable assertions as true. This case demonstrates that for luxury brands, the combination of trademark strength and proof of specific unauthorized use, such as a mock login portal, creates a high threshold for Respondents to overcome, even when the domain is later moved to passive holding.

Practical Recommendations

  • Expand trademark monitoring to include non-traditional gTLDs (like .love, .store, or .app) as luxury brands are increasingly targeted outside of standard .com/.net extensions for impersonation.
  • Capture high-fidelity, time-stamped screenshots of unauthorized login portals immediately upon discovery, as documenting active impersonation is critical for establishing bad faith use before a respondent pivots to a passive holding state.
  • Prioritize UDRP actions against domains that deploy credential-harvesting interfaces (e.g., login pages using brand logos), as these pose a higher operational risk than standard domain parking or typosquatting.
  • Simplify legal arguments regarding ‘confusing similarity’ by reinforcing that the gTLD is a technical requirement and irrelevant to the identity assessment, focusing the panel’s attention solely on the trademark used in the second-level domain.
  • Actively monitor for registrant data changes post-filing; since registrar verification often reveals contact information differing from WHOIS, teams must be ready to quickly amend complaints to ensure proper service of process.

Frequently Asked Questions (FAQ)

Why was the domain ‘bvlgari.love’ considered confusingly similar to the Complainant’s trademark?

The WIPO panel determined that the domain is identical to the BVLGARI trademark. It ruled that the ‘.love’ gTLD is merely a technical requirement for registration and does not distinguish the domain from the Complainant’s well-established luxury brand.

What evidence proved the Respondent lacked legitimate rights to the domain?

Bulgari S.p.A. demonstrated that the Respondent, Hettinger Edgar, had no authorization, license, or relationship with the brand. Furthermore, the Respondent was not commonly known by the name ‘BVLGARI’ and failed to provide any evidence of a bona fide offering of goods or services.

How did the panel establish that the domain was registered and used in bad faith?

Bad faith was confirmed by evidence showing the domain previously hosted a fraudulent login page that improperly utilized the BVLGARI trademark. This, coupled with the Respondent’s failure to respond to the complaint and the subsequent transition to a passive holding state, satisfied the panel that the domain was used for impersonation.

What is the practical risk posed by this type of domain registration?

The case highlights a significant risk of credential harvesting. By impersonating a luxury brand with an official-looking login interface, the Respondent created a mechanism to deceive users. The transfer of the domain ensures that Bulgari S.p.A. can mitigate the threat of future brand dilution and fraudulent activity.

Facing corporate impersonation through a domain?

The bvlgari.love case highlights the risks of fraudulent login pages designed to harvest credentials. If your organization is being targeted by similar domain-based impersonation, reach out for a professional UDRP assessment to secure your brand assets.

Assess impersonation threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.