Bulgari S.p.A. successfully recovered the domain bvlgari.love from respondent Hettinger Edgar. The domain, which previously featured a fraudulent login page using the BVLGARI trademark, was ordered to be transferred following a finding of bad faith impersonation.
Case Snapshot
| Case Number | D2025-5357 |
|---|---|
| Complainant | Bulgari S.p.A. |
| Respondent | Hettinger Edgar |
| Disputed Domain | bvlgari.love |
| Threat Tactic | Corporate Impersonation |
| Decision Date | 2026-02-13 |
| Panelist | Enrique Bardales Mendoza |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5357 |
Credential Harvesting and Prestige Dilution via Strategic Impersonation
The deployment of a login interface at the disputed domain presents a high-level security threat to the Complainant’s internal data integrity and customer trust. By displaying the BVLGARI trademark on a page designed to capture credentials, the Respondent engaged in active impersonation that extends beyond mere traffic diversion. For a luxury entity with over 320 global retail locations, such unauthorized portals serve as primary vectors for harvesting sensitive employee or client information. This tactic leverages the heritage and reputation established by Bulgari S.p.A. since 1884 to create a false sense of security, potentially facilitating secondary financial fraud or unauthorized access to the Complainant’s proprietary systems.
The transition of the domain from an active impersonation site to a state of passive holding does not neutralize the commercial risk; rather, it suggests a tactical shift to avoid immediate detection while retaining control over a high-value brand asset. The use of the ‘.love’ gTLD, while technically irrelevant to the legal finding of identity, introduces a risk of brand dilution by associating a high-end jewellery and hotel mark with a non-traditional extension. Because the Respondent demonstrated an initial intent to deceive via a fraudulent login page, the domain remained a dormant threat that could be reactivated at any time for phishing or the distribution of deceptive content if the transfer were not secured through the UDRP process.
Panel Reasoning: Analysis of Identity, Legitimate Interests, and Deceptive Use
In evaluating the first element of the Policy, the Panelist determined that the ‘.love’ generic Top-Level Domain (gTLD) serves as a technical registration requirement and is therefore irrelevant for assessing confusing similarity. By disregarding the gTLD, the Panel found that the disputed domain name is identical to the BVLGARI trademark. This finding is supported by the Complainant’s extensive portfolio of trademark registrations and its long-standing reputation in the luxury jewelry and hotel sectors, which date back to its founding in 1884. The complete incorporation of the mark into the domain structure facilitates a finding of identity under paragraph 4(a)(i) of the UDRP.
The Respondent, Hettinger Edgar, failed to establish any rights or legitimate interests in the domain. The Panel noted that there is no relationship, license, or authorization between the Complainant and the Respondent that would permit the use of the BVLGARI trademark. Evidence showed the Respondent was not commonly known by the name ‘BVLGARI’ and held no registered rights to the term. Most significantly, the Respondent’s prior use of the domain to host a login page featuring the Complainant’s trademark was deemed inconsistent with a bona fide offering of goods or services. Such impersonation tactics are legally viewed as a lack of legitimate interest, as they seek to capitalize on the goodwill of an established brand.
Bad faith registration and use were confirmed based on the Respondent’s intentional attempt to create a likelihood of confusion with the Complainant’s mark. The Panelist, Enrique Bardales Mendoza, highlighted that the domain previously resolved to an unauthorized login webpage, which is a clear indicator of brand impersonation. Even though the domain transitioned to a passive holding state by the time of the decision, the Panel applied established UDRP jurisprudence to conclude that the prior active misuse—combined with the distinctiveness of the BVLGARI mark—demonstrated a bad faith intent to disrupt the Complainant’s business or deceive its clientele.
The legal conclusion was further solidified by the Respondent’s failure to submit a formal response to the UDRP complaint. Under paragraph 14(b) of the Rules, the Panel is permitted to draw adverse inferences from such a default. For brand protection professionals, this case demonstrates that even if a respondent ceases active impersonation and retreats to a passive holding strategy, the initial act of deploying a fraudulent login interface remains a primary factor in establishing bad faith. The order for transfer reflects the Panel’s view that unauthorized association with a luxury mark, especially via a deceptive technical interface, warrants immediate remediation.
Evidentiary Anchors and the Impact of Documented Impersonation
Bulgari S.p.A. secured a transfer by prioritizing the documentation of the domain’s historical content rather than relying solely on its current passive state. The evidence demonstrating that bvlgari.love previously resolved to a login interface featuring the BVLGARI trademark was central to proving bad faith. This tactical move allowed the Complainant to categorize the Respondent’s actions as corporate impersonation, which carries significant weight in UDRP proceedings. By capturing this ephemeral evidence of a fraudulent login page, the Complainant established that the domain was not merely registered speculatively but was actively used to misappropriate the brand’s identity for potentially deceptive purposes.
The legal strategy also benefited from a precise focus on the technical irrelevance of the ‘.love’ gTLD in the identity assessment. By asserting that the gTLD is a technical requirement that does not distinguish the domain from the protected mark, the Complainant simplified the Panel’s analysis of confusing similarity. Furthermore, the Complainant successfully highlighted the absence of any legitimate connection or authorization, which, coupled with the Respondent’s failure to reply, allowed the Panel to accept the Complainant’s reasonable assertions as true. This case demonstrates that for luxury brands, the combination of trademark strength and proof of specific unauthorized use, such as a mock login portal, creates a high threshold for Respondents to overcome, even when the domain is later moved to passive holding.
Practical Recommendations
- Expand trademark monitoring to include non-traditional gTLDs (like .love, .store, or .app) as luxury brands are increasingly targeted outside of standard .com/.net extensions for impersonation.
- Capture high-fidelity, time-stamped screenshots of unauthorized login portals immediately upon discovery, as documenting active impersonation is critical for establishing bad faith use before a respondent pivots to a passive holding state.
- Prioritize UDRP actions against domains that deploy credential-harvesting interfaces (e.g., login pages using brand logos), as these pose a higher operational risk than standard domain parking or typosquatting.
- Simplify legal arguments regarding ‘confusing similarity’ by reinforcing that the gTLD is a technical requirement and irrelevant to the identity assessment, focusing the panel’s attention solely on the trademark used in the second-level domain.
- Actively monitor for registrant data changes post-filing; since registrar verification often reveals contact information differing from WHOIS, teams must be ready to quickly amend complaints to ensure proper service of process.
Frequently Asked Questions (FAQ)
Why was the domain ‘bvlgari.love’ considered confusingly similar to the Complainant’s trademark?
The WIPO panel determined that the domain is identical to the BVLGARI trademark. It ruled that the ‘.love’ gTLD is merely a technical requirement for registration and does not distinguish the domain from the Complainant’s well-established luxury brand.
What evidence proved the Respondent lacked legitimate rights to the domain?
Bulgari S.p.A. demonstrated that the Respondent, Hettinger Edgar, had no authorization, license, or relationship with the brand. Furthermore, the Respondent was not commonly known by the name ‘BVLGARI’ and failed to provide any evidence of a bona fide offering of goods or services.
How did the panel establish that the domain was registered and used in bad faith?
Bad faith was confirmed by evidence showing the domain previously hosted a fraudulent login page that improperly utilized the BVLGARI trademark. This, coupled with the Respondent’s failure to respond to the complaint and the subsequent transition to a passive holding state, satisfied the panel that the domain was used for impersonation.
What is the practical risk posed by this type of domain registration?
The case highlights a significant risk of credential harvesting. By impersonating a luxury brand with an official-looking login interface, the Respondent created a mechanism to deceive users. The transfer of the domain ensures that Bulgari S.p.A. can mitigate the threat of future brand dilution and fraudulent activity.
Facing corporate impersonation through a domain?
The bvlgari.love case highlights the risks of fraudulent login pages designed to harvest credentials. If your organization is being targeted by similar domain-based impersonation, reach out for a professional UDRP assessment to secure your brand assets.
This case note is for informational purposes only and is not legal advice.



