Lennar Corporation successfully recovered the domain lennarvisual.com from a respondent who used the mark to host pop-up scams and malware. The panel found that the respondent had no rights and acted in bad faith by targeting a famous mark. The domain was ordered transferred to the Complainant.
Case Snapshot
| Case Number | D2025-5286 |
|---|---|
| Complainant | Lennar CorporationLennar Pacific Properties Management, LLC |
| Respondent | Jan Everno, Name Management Group |
| Disputed Domain | lennarvisual.com |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2026-01-27 |
| Panelist | Richard W. Page |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-5286 |
Fraudulent Association with Malware and Reputation Damage
The registration of lennarvisual.com creates a severe commercial risk by leveraging the LENNAR trademark, which has been established in the United States since at least 1973. By appending the descriptive term ‘visual’ to the famous mark, the Respondent engineered a high probability of consumer confusion, misleading users into believing the domain hosted official digital or visual media assets related to Lennar’s real estate and financial services. The business threat is significantly escalated by the domain’s deployment to host pop-up scams, illegal streaming content, and virus sites. Associating a reputable corporate brand with malware directly erodes consumer trust and presents a tangible security risk to customers who may mistakenly believe they are interacting with an authorized service provider.
The Respondent’s operational tactics further underscore the intent to facilitate fraud while evading accountability. The use of a privacy service and the provision of contact information that differed from the actual registrant during the verification process reflect a deliberate attempt to conceal identity. This lack of transparency, coupled with the failure to respond to a cease-and-desist letter sent on December 1, 2025, forced the Complainant to pursue formal UDRP proceedings to mitigate ongoing reputational harm. The Respondent’s attempt to offer services similar to the Complainant’s regular business operations demonstrates a fraudulent effort to capitalize on the brand’s goodwill for illicit gain.
From a brand protection perspective, this case highlights the persistent risk of ‘brand-plus-keyword’ tactics where even descriptive suffixes do not prevent a finding of confusing similarity. For IP professionals, the use of the domain for virus scams and illegal activity serves as a definitive bar to any claim of legitimate interest. The combination of passive holding and active malicious redirects complicates monitoring efforts, as a domain may appear dormant while intermittently being used for credential harvesting or malware distribution. Failure to aggressively recover such domains allows unauthorized third parties to exploit corporate visual identity, resulting in long-term brand equity devaluation and increased cybersecurity liability.
Legal Reasoning and Panel Findings on Malicious Domain Use
The Panel determined that the disputed domain lennarvisual.com is confusingly similar to the protected LENNAR mark, fulfilling the first requirement of the UDRP. The Complainant established robust rights through US Trademark Registration Nos. 3,108,401 and 3,477,143, with documented use in the real estate and financial sectors since 1973. Consistent with WIPO Overview 3.0, section 1.2.1, the Panel concluded that the addition of the descriptive suffix ‘visual’ does not prevent a finding of confusing similarity. For brand owners, this confirms that appending common terms to a core mark remains an ineffective strategy for registrants seeking to avoid the first element of a UDRP filing.
In evaluating rights or legitimate interests, the Panel gave significant weight to the evidence of illegal activity hosted at the domain. The site was utilized for pop-up scams involving virus-related alerts and illegal streaming content. Under WIPO Overview 3.0, section 2.13.1, the use of a domain for illegal activities—such as malware distribution or fraudulent scams—cannot confer rights or legitimate interests on a respondent. Because the Respondent failed to provide any evidence of a bona fide offering of goods or services, and the nature of the site was inherently deceptive, the Panel found the Respondent lacked any legitimate claim to the domain.
The finding of bad faith registration and use was substantiated by the Respondent’s evasive conduct and the fame of the LENNAR mark. Specifically, the Respondent failed to reply to a cease-and-desist letter sent on December 1, 2025, and provided contact information during the registrar verification process that differed from the data used with the privacy service. Such concealment of identity, combined with the targeting of a well-known brand, supports a finding of bad faith. Furthermore, the Panel noted that even if the domain had been subject to periods of passive holding, bad faith would still be found given the high degree of distinctiveness of the Complainant’s mark and the lack of any plausible good-faith explanation for the registration.
Leveraging Malicious Use and Procedural Defaults to Prove Bad Faith
The Complainant’s strategy succeeded by directly linking the domain’s technical use to a lack of legitimate interests. By providing evidence that lennarvisual.com was utilized to host pop-up scams, virus sites, and illegal streaming content, the Complainant triggered the principle that illegal activity can never confer rights or legitimate interests under UDRP standards. This factual demonstration was critical because it moved the argument beyond a simple lack of affiliation, positioning the Respondent’s actions as inherently illegitimate. This approach is particularly effective for brand owners when a domain incorporates a descriptive suffix like ‘visual’ which might otherwise be argued as having a generic application, as the malicious content removed any doubt regarding the Respondent’s intent.
The Complainant further strengthened the case by documenting the Respondent’s evasive procedural behavior as cumulative evidence of bad faith. The Panelist noted that the Respondent used a privacy service and provided contact information during the verification process that differed from the actual registrant data. When combined with the Respondent’s failure to reply to the initial cease-and-desist letter sent on December 1, 2025, these factors created an inference of bad faith registration and use. For IP professionals, this highlights the importance of sending a formal notice prior to filing a complaint, as the subsequent silence of the domain holder, especially when targeting a famous mark like LENNAR used since 1973, serves as a persuasive indicator of a lack of good-faith intent.
Practical Recommendations
- Prioritize monitoring for ‘brand + keyword’ variations involving terms like ‘visual’, ‘media’, or ‘digital’ which bad-faith actors use to mimic legitimate corporate marketing or creative divisions.
- Issue formal cease-and-desist letters to establish a paper trail; the respondent’s failure to reply serves as vital evidence for a finding of bad faith under UDRP precedents.
- Deploy forensic snapshots of redirect chains and pop-up content immediately upon detection, as evidence of malware distribution or illegal streaming precludes the respondent from claiming legitimate interests.
- Analyze registrar verification data for discrepancies between privacy service details and actual registrant info, using any ‘false contact information’ found to reinforce the argument for bad faith registration.
- Pursue UDRP filings for famous marks even if the domain is currently in ‘passive holding’, as panels consistently find bad faith when the mark’s reputation makes a good-faith registration unlikely.
Frequently Asked Questions (FAQ)
Why was the domain ‘lennarvisual.com’ found to be confusingly similar to the Lennar trademark?
The panel determined that the inclusion of the descriptive term ‘visual’ does not diminish the distinctiveness of the Lennar mark. Because the mark is famous and strong, the addition of such a term is insufficient to prevent consumer confusion regarding the source of the services.
How did the respondent attempt to hide their activity, and what impact did this have on the UDRP panel’s decision?
The respondent utilized a privacy service and provided contact information that did not match the actual registrant details identified during verification. The panel found that this concealment of identity, alongside a failure to respond to a cease-and-desist letter, provided clear evidence of bad faith.
Does using a domain for ‘passive holding’ prevent a finding of bad faith?
No. The panel held that passive holding of a domain name does not preclude a finding of bad faith, especially when the disputed domain incorporates a famous trademark. In this case, the domain was further associated with malicious activity, such as pop-up scams and virus sites, which effectively ruled out any potential for a legitimate interest.
What practical lessons does this case offer regarding the use of ‘brand plus keyword’ tactics?
The case demonstrates that unauthorized domains combining a brand name with descriptive keywords (e.g., ‘visual’) to facilitate scams are highly susceptible to UDRP recovery. Using a domain for illegal activities—such as malware hosting or fraudulent streaming—cannot establish rights or legitimate interests and will result in a transfer of the domain.
Found a brand-plus-keyword impersonation domain?
Like the lennarvisual.com case, bad actors often append descriptive terms to your trademark to host scams or malware. If you have identified a domain that mimics your brand identity to confuse your customers, we can help you assess your UDRP eligibility and strategy for recovery.
This case note is for informational purposes only and is not legal advice.



