Lennar Corporation successfully secured the transfer of five domains from respondent Jay Feldman after they were used for suspected phishing and unauthorized redirection. The domains leveraged the LENNAR mark alongside dictionary terms such as ‘get’, ‘hub’, and ‘connect’ to target real estate consumers. The WIPO panelist ruled the registration and use were in bad faith given the deceptive nature of the associated web pages.
Case Snapshot
| Case Number | D2025-5191 |
|---|---|
| Complainant | Lennar CorporationLennar Pacific Properties Management, LLC |
| Respondent | Jay Feldman |
| Disputed Domain | getlennar.comgolennar.comlennarconnect.comlennarhub.comtrylennar.com |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2026-01-23 |
| Panelist | Lorelei Ritchie |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5191 |
Fraudulent Infrastructure and Customer Trust Erosion
The registration of five brand-specific domains on a single day indicates a coordinated attempt to establish a deceptive digital infrastructure. By pairing the LENNAR mark with call-to-action prefixes such as ‘get’, ‘go’, and ‘try’, the respondent created a false sense of urgency and official brand engagement. This tactic is particularly dangerous in the real estate and financial services sectors, where consumers are conditioned to provide sensitive personal and financial data. The fact that four of these domains were flagged as suspected phishing environments demonstrates a direct threat to consumer safety and the brand’s reputation for secure transactions.
The use of ‘lennarconnect.com’ to redirect traffic to the Complainant’s legitimate corporate website introduces a subtle but harmful risk to the customer journey. Unauthorized redirection allows a bad actor to gain a foothold in the brand’s search ecosystem and potentially harvest traffic analytics or monitor user behavior before pivoting the domain to a more overtly malicious use. For IP professionals, this highlights a specific risk where a respondent uses the brand’s own content to validate a rogue domain, making it more difficult for less observant users to distinguish between authorized portals and unauthorized third-party registrations.
The inclusion of functional suffixes like ‘hub’ and ‘connect’ exploits modern consumer expectations for centralized digital service portals. These terms mimic the naming conventions often used for client login areas or internal communication platforms, increasing the likelihood that customers or employees would trust the sites with credentials. Because the respondent utilized a privacy service and failed to participate in the UDRP proceedings, the business risk remains high until the point of transfer, as the lack of transparency prevents the brand owner from identifying the scope of any data collection that may have occurred during the period of active phishing.
Analysis of Panel Reasoning: Trademark Exploitation and Phishing Indicators
The Panel’s finding on confusing similarity underscores the limited legal weight given to dictionary additions when a registered trademark is fully incorporated into a domain name. By utilizing a ‘brand-plus-keyword’ model, the Respondent combined the LENNAR mark with action-oriented prefixes such as ‘get’, ‘go’, and ‘try’, alongside infrastructure-related suffixes like ‘hub’ and ‘connect’. The reasoning applied follows the established UDRP threshold where such terms do not diminish the recognizable nature of the core mark. For IP professionals, this reinforces that the presence of common verbs or corporate-themed nouns does not provide a safe harbor for registrants when the primary intent is to leverage a complainant’s established market presence.
Regarding the second element, the Respondent’s failure to demonstrate any rights or legitimate interests was exacerbated by the deceptive nature of the associated web content. The Panel observed that the Respondent was not authorized to use the LENNAR mark and had no affiliation with the Complainant. More critically, the use of domains to resolve to ‘Suspected Phishing’ pages is inherently incompatible with a bona fide offering of goods or services. Because the Respondent defaulted and failed to offer any rebuttal, the Panel had no evidence to suggest that the registration of five highly similar domains in a single day was for any purpose other than exploiting the Complainant’s goodwill.
The bad faith determination was solidified by the specific tactical deployment of the domains. While four of the domains triggered phishing warnings, lennarconnect.com utilized a redirection strategy to the Complainant’s official lennar.com site. The Panel viewed this unauthorized redirection not as a helpful service, but as a method of creating initial consumer trust to facilitate a broader deceptive scheme. Registering multiple domains simultaneously through a privacy service further supported the finding that the Respondent intended to target the Complainant’s real estate and financial services consumers, likely to harvest data or disrupt legitimate business operations.
This case provides a clear example of how panels evaluate a multi-domain campaign as a collective bad-faith effort. Even if one domain—such as lennarconnect.com—appeared less overtly malicious by redirecting to the official site, its association with a cluster of phishing-related registrations informed the Panel’s view of the Respondent’s overall intent. For brand owners, this highlights the importance of presenting the totality of a respondent’s infrastructure during UDRP proceedings, as the existence of a phishing environment on related domains can provide the necessary evidence to secure the transfer of an entire portfolio.
Strategic Use of Consolidated Evidence and Pattern Analysis
The Complainant’s strategy succeeded by leveraging its long-standing federal trademark registrations, dating back to 2006, to establish clear priority over the Respondent’s 2025 registrations. By grouping five distinct domains registered on the same day—November 12, 2025—the Complainant effectively demonstrated a systematic pattern of targeting rather than coincidental registration. The legal argument centered on the fact that the LENNAR mark was incorporated in its entirety across all disputed domains. The inclusion of call-to-action prefixes like ‘get’ and ‘try,’ or infrastructure-themed suffixes like ‘hub’ and ‘connect,’ failed to distinguish the domains from the corporate brand. For IP professionals, this reinforces that dictionary terms added to a recognizable mark do not provide a safe harbor for registrants, particularly when those terms mimic official corporate portals or customer acquisition funnels.
Persuasive evidence of bad faith was established by documenting the disparate but equally deceptive uses of the domains. While lennarconnect.com redirected users to the official corporate website, the other four domains resolved to pages flagged as ‘Suspected Phishing.’ This dual-use tactic—combining unauthorized traffic redirection with deceptive landing pages—supported the finding that the Respondent intended to exploit the trust associated with the LENNAR brand for fraudulent purposes. The Panel accepted that such infrastructure creates a high risk of consumer confusion and data vulnerability, even without evidence of specific financial loss. From a business risk perspective, the recovery of these assets was essential to prevent the potential collection of sensitive customer data through deceptive calls to action on domains like trylennar.com and lennarhub.com.
Practical Recommendations
- Monitor for ‘Call-to-Action’ prefixes (e.g., ‘get’, ‘go’, ‘try’) and ‘Infrastructure’ suffixes (e.g., ‘hub’, ‘connect’) combined with your brand name, as these are frequently used to create deceptive phishing portals that mimic official login or service points.
- Actively document browser-based ‘Suspected Phishing’ warnings and third-party security blacklists as primary evidence of bad faith; UDRP panels accept these flags as proof of malicious use even without evidence of specific financial harm to customers.
- Include domains that redirect to your official website in consolidated UDRP filings; the panel in this case ruled that unauthorized redirection to the Complainant’s own site (e.g., lennarconnect.com to lennar.com) does not confer rights or legitimate interests.
- Consolidate multiple domain disputes into a single UDRP filing when domains are registered on the same day (as seen with all five Lennar domains), as this demonstrates a coordinated ‘pattern of conduct’ that simplifies the proof of bad faith.
- Cross-reference privacy service provider details (e.g., Super Privacy Service LTD) and registration dates to identify bulk-targeted attacks, allowing for a more aggressive legal strategy against professional bad actors who use anonymity to shield multiple deceptive assets.
Frequently Asked Questions (FAQ)
Why did the panel consider domains like ‘getlennar.com’ and ‘trylennar.com’ to be confusingly similar to the LENNAR trademark?
The panel found that each of the disputed domains incorporated the LENNAR mark in its entirety. Adding common dictionary terms such as ‘get’, ‘go’, ‘hub’, and ‘try’ does not sufficiently distinguish the domains from the registered trademark, thereby creating a high likelihood of confusion for consumers.
How did the Complainant demonstrate that the Respondent lacked rights or legitimate interests in the disputed domains?
The Complainant proved it holds established trademark rights dating back to 2006. The Respondent provided no evidence of authorization to use the LENNAR mark and failed to respond to the Complainant’s contentions, failing to rebut the lack of legitimate interests.
What evidence established that the Respondent acted in bad faith?
Bad faith was evidenced by the deceptive use of the domains: one domain, ‘lennarconnect.com’, was used for unauthorized traffic redirection to the official site, while the others, including ‘getlennar.com’ and ‘trylennar.com’, resolved to pages flagged as ‘Suspected Phishing’, indicating an intent to deceive users.
What was the tactical outcome of this UDRP filing for Lennar Corporation?
The WIPO panel ordered the immediate transfer of all five disputed domains to Lennar Corporation. This action successfully neutralized the phishing infrastructure and prevented further unauthorized impersonation of the brand’s digital service portals.
Detecting Brand-Plus-Keyword Impersonation
Bad actors are increasingly using deceptive ‘action’ prefixes like ‘get’, ‘go’, or ‘try’ combined with your trademark to build phishing hubs. If you have identified suspicious domains mimicking your brand, perform a UDRP eligibility assessment to protect your infrastructure and consumer trust.
This case note is for informational purposes only and is not legal advice.



