16 July, 2026

Corning Incorporated Wins Transfer of corning-login.live

UDRP Cases

Corning Incorporated successfully recovered the domain corning-login.live after the respondent failed to use the domain and ignored the UDRP complaint. The panel found the domain was confusingly similar and ruled for transfer to the complainant.

Case Snapshot

Case Number D2026-1991
Complainant Corning Incorporated
Respondent Anabelle Koepp
Disputed Domain
corning-login.live
Threat Tactic Phishing and Email Fraud
Decision Date 2026-06-24
Panelist Bradley A. Slutsky
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-1991

Credential Harvesting Risks and the Strategic Threat of Dormant Login-Themed Domains

The registration of ‘corning-login.live’ represents a specific class of proactive digital risk: the use of login-themed domains to facilitate future credential harvesting or phishing operations. By pairing a well-known corporate brand with high-intent terminology such as ‘login’ and a TLD that can sometimes evade legacy security filters, bad actors establish a foundation for deceptive infrastructure. Even in instances where the domain returns a DNS error or remains dormant, these assets present a clear business threat by occupying space that could be weaponized instantly against the brand’s employee or customer base.

For brand protection professionals, the lack of active content at the time of a UDRP filing does not mitigate the underlying risk, nor does it preclude a finding of bad faith. As seen in this case, the potential for consumer confusion remains a critical factor, even when the domain is not yet operational. The strategic adoption of ‘login’ suffixes effectively creates a high-risk vector for impersonation, necessitating that organizations monitor for such domain registrations as an early-warning signal of impending social engineering or account takeover campaigns, rather than waiting for evidence of active fraudulent use.

Strategic Enforcement Against Dormant Typosquatting and Login-Themed Domains

Corning Incorporated’s strategy centered on leveraging its extensive global intellectual property portfolio to secure a swift transfer despite the disputed domain being non-resolving. By documenting its massive annual revenue exceeding USD 15.6 billion and over 325 trademark registrations, Corning established clear standing and demonstrated that the registrant had constructive notice of the CORNING mark. The complainant’s argument effectively neutralized the respondent’s potential defense of non-use by emphasizing that the domain’s composition, specifically the inclusion of ‘login’ appended to the core mark, was inherently indicative of a predatory intent to create consumer confusion, even in the absence of active content.

The panel’s decision highlights a critical precedent for brand owners: the absence of an active website does not provide a safe harbor for registrants of infringing domains. Corning successfully argued that the domain was inherently confusing and lacked any potential for a legitimate, non-commercial, or fair use, thereby meeting the burden of proof required under the UDRP despite the respondent’s default. This case reinforces the value of proactive enforcement against ‘login’ or ‘portal’ style domains, demonstrating that such registration patterns are sufficient to establish bad faith under Paragraph 4(b)(iv) of the Policy, effectively curbing potential credential harvesting before deployment occurs.

Practical Recommendations

  • Implement proactive brand monitoring for domains using your mark combined with common portal suffixes like ‘-login’, ‘-portal’, or ‘-auth’ to identify threats before they become active phishing sites.
  • Do not wait for active phishing content to initiate a UDRP; document the registration and passive nature of suspicious domains to argue for ‘bad faith’ based on the high probability of future misuse.
  • Include evidence of your long-standing trademark presence and global revenue in complaints to establish that the respondent had constructive notice of your rights, even if the respondent defaults.
  • Utilize domain DNS record analysis in your filings to prove that a domain is not currently resolving, which reinforces the argument that the respondent has no bona fide intention of use.
  • Designate legal counsel to immediately file a UDRP for ‘login’ variations to prevent credential harvesting risks, citing that such additions do not dispel confusing similarity under established WIPO precedent.

Frequently Asked Questions (FAQ)

Why did the panel consider ‘corning-login.live’ to be confusingly similar to Corning Incorporated’s trademark?

The panel held that the disputed domain incorporates the ‘CORNING’ trademark in its entirety. The addition of the descriptive term ‘-login’ and the ‘.live’ gTLD was deemed insufficient to dispel the likelihood of confusion, as the term ‘login’ strongly implies a connection to the complainant’s official authentication portals.

How was bad faith established given that the domain ‘corning-login.live’ was not actively hosting a website?

Under UDRP policy, active use is not required to prove bad faith. The panel found that the domain’s composition—specifically the combination of the complainant’s well-known brand with the word ‘login’—suggested an intent to target Corning for consumer confusion, likely for future credential harvesting, establishing bad faith registration and use.

What evidence did the complainant provide to demonstrate the respondent lacked rights or legitimate interests?

Corning Incorporated established a prima facie case by showing that the respondent has no trademark rights, is not commonly known by the domain name, and has not used the domain in connection with a bona fide offering of goods or services. The respondent failed to provide a rebuttal or a formal response to these contentions.

What does this case suggest about the risk of ‘login-themed’ domains for corporate brand protection?

This case highlights the ongoing threat of registration of ‘login’ suffixes as a tactic for potential phishing or credential harvesting. The successful transfer of ‘corning-login.live’ confirms that panels will view the registration of domains mirroring an organization’s internal infrastructure as a bad-faith tactic, even before actual phishing attempts have occurred.

Concerned about fake email or credential harvesting fraud?

The Corning case demonstrates how domains using ‘login’ suffixes are weaponized for brand impersonation. Proactively identifying and recovering these high-risk registrations can prevent potential credential theft before an active attack begins. Learn how to secure your infrastructure against emerging domain-based threats.

Request phishing analysis

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.