5 May, 2026

WIPO Orders Transfer of airbusmanual.app Targeting Airbus Brand with Fake AI Assistant

UDRP Cases

Airbus SAS has successfully obtained the disputed domain airbusmanual.app through a WIPO UDRP administrative proceeding. Registered by Cho-lin Yang, the domain resolved to an unauthorized site featuring a login portal under the name ‘Airbus AI Assistant.’ Panelist Rodrigo Azevedo ordered the domain transferred due to clear evidence of trademark targeting and bad faith credential harvesting risks.

Case Snapshot

Case Number D2025-4854
Complainant Airbus SAS
Respondent Cho-lin Yang
Disputed Domain
airbusmanual.app
Threat Tactic Brand Plus Keyword
Decision Date 2026-01-15
Panelist Rodrigo Azevedo
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4854

Deceptive AI Assistant Portals and Credential Harvesting Risks

The registration of airbusmanual.app by Cho-lin Yang illustrates a highly targeted brand-plus-keyword tactic designed to exploit corporate interest in automated helper tools. By configuring the browser tab to read ‘Airbus AI Assistant – Chat with Aircraft Models,’ the respondent created a deceptive environment that falsely suggested a direct association with Airbus SAS. Because the unauthorized website resolved exclusively to a login portal, the primary operational threat is the potential collection of sensitive user credentials under the guise of an authorized utility. Although the administrative record contains no proof that employee or partner credentials were successfully stolen, the deployment of a bare login interface under a famous brand name creates a clear vector for credential harvesting.

From a strategic risk standpoint, combining a primary brand name with descriptive software terms like ‘manual’ and the ‘.app’ TLD creates a highly plausible web address for external partners, maintenance crews, or technical staff seeking documentation. This specific targeting threatens to divert legitimate user and client web traffic to an unauthorized, third-party-controlled asset. Operating a deceptive ‘Airbus AI Assistant’ interface not only risks the unauthorized collection of personal and financial information but also dilutes the brand equity and trust Airbus SAS has cultivated since registering its international trademark in 2011. For brand protection professionals, this case demonstrates how bad-faith actors are shifting from generic parked pages to specialized, application-themed portals designed to exploit corporate trust.

Strategic Alignment of Functional Keywords and Phishing Evidence

The Complainant’s legal strategy succeeded by presenting direct evidence of targeted infringement that paired the protected trademark with highly relevant functional terms. By securing a domain combining ‘airbus’, ‘manual’, and the ‘.app’ extension, the Respondent engineered an explicit association with the Complainant’s technical operations. Airbus SAS leveraged its international trademark registration No. 1112012, established in 2011, to demonstrate prior rights that predated the August 2, 2025 domain registration by more than a decade. The strategy focused on showing that the addition of the descriptive term ‘manual’ did not diminish the confusing similarity of the domain, but instead heightened the risk of user confusion by implying an official corporate portal.

From an evidentiary perspective, the Complainain’s case was made persuasive by documenting the specific malicious use of the resolving website rather than relying solely on trademark identity. Highlighting that the site featured a browser tab titled ‘Airbus AI Assistant – Chat with Aircraft Models’ alongside an isolated login portal provided the panel with concrete proof of potential credential harvesting. This tactical presentation of the website’s infrastructure convinced Panelist Rodrigo Azevedo that the Respondent, Cho-lin Yang, was actively exploiting the aerospace company’s brand equity to harvest credentials. For brand owners, this case illustrates that demonstrating how descriptive helper keywords are paired with malicious login interfaces is highly effective in securing domain transfers under the UDRP.

Practical Recommendations

  • Expand domain monitoring parameters to actively capture core trademarks combined with high-risk technical, software, and emerging tech keywords (such as ‘manual’, ‘AI’, ‘assistant’, and ‘app’) across all major gTLDs to detect deceptive look-alike setups early.
  • Preserve critical forensic evidence of bad faith immediately upon discovery, including full-page screenshots of unauthorized login portals, copycat branding, and specific browser tab titles (e.g., ‘AI Assistant’) to establish a clear intent of credential harvesting in WIPO filings.
  • Incorporate newly registered and suspicious ‘brand + keyword’ domains into corporate DNS blacklists and security information and event management (SIEM) systems to block employee access and prevent potential credential leakage.
  • Utilize fast-tracked registrar and CDN abuse reporting mechanisms to seek immediate suspension of active phishing interfaces or fake login portals while simultaneously drafting and filing a formal UDRP complaint.
  • Avoid prolonged negotiation or cease-and-desist cycles when a domain hosts an unauthorized, brand-mimicking login screen, as the high risk of phishing and immediate business disruption justifies proceeding directly to a UDRP action.

Frequently Asked Questions (FAQ)

Why was the domain ‘airbusmanual.app’ considered confusingly similar to the AIRBUS trademark?

The WIPO panel determined that the inclusion of the term ‘manual’ alongside the famous AIRBUS mark does not distinguish the domain from the complainant’s brand. Because the trademark remains clearly recognizable within the domain string, it creates a sufficient likelihood of confusion for internet users.

What evidence established that the registrant lacked legitimate rights to the domain?

The panel found that the respondent had no rights or legitimate interests because Airbus SAS had not authorized or licensed the use of its trademark in any capacity. Additionally, the respondent was not commonly known by the name ‘airbusmanual’ and failed to provide any evidence of a legitimate non-commercial or fair use of the domain.

How did the panel conclude that the domain was registered and used in bad faith?

The panel cited the respondent’s use of a privacy service and the creation of an ‘Airbus AI Assistant’ login portal as evidence of bad faith. By mimicking an official service to solicit user credentials, the respondent clearly intended to profit from the fame of the AIRBUS brand through deceptive impersonation.

What is the strategic takeaway from this case regarding AI-themed domain threats?

This case underscores the importance of proactive UDRP filings against domains that leverage ‘helper’ or ‘AI assistant’ terminology combined with major brand names. The decision affirms that using a domain for a deceptive login interface designed for potential credential harvesting is a clear violation of the policy, justifying a transfer order.

Detected an unauthorized ‘Brand + Keyword’ domain?

Cybercriminals often pair established trademarks with keywords like ‘manual,’ ‘support,’ or ‘AI’ to host deceptive credential-harvesting portals. If you’ve identified a domain misusing your intellectual property, schedule a brief consultation to discuss your UDRP eligibility and enforcement options.

Assess brand threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.