Udemy, Inc. has secured the transfer of 24 typosquatting domain names, including pudemy.com and uademy.com, from johnVirtual Real Estate Limited. The domains, registered concurrently in May 2025, were used to redirect users to a blank page or what appeared to be a malicious website. WIPO Panelist Pablo A. Palazzi ruled that the bulk registration of these typographic variants constituted bad faith and ordered their immediate transfer.
Case Snapshot
| Case Number | D2025-4095 |
|---|---|
| Complainant | Udemy, Inc. |
| Respondent | johnVirtual Real Estate Limited |
| Disputed Domain | pudemy.comuademy.comuaudemy.comucadmy.comucdemy.comudemcy.comudemdy.comudemhy.comudemn.comudemp.comudemya.comudemyai.comudemyh.comudemyia.comudemy6.comudemy7.comudewmy.comudfemy.comudimey.comudmei.comudwemy.comufdemy.comundmy.comu8demy.com |
| Threat Tactic | Typo Domains |
| Decision Date | 2025-12-12 |
| Panelist | Pablo A. Palazzi |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4095 |
Exploitation of Brand Equity Through Coordinated Bulk Typosquatting
Coordinated bulk registration of typographical variants poses an acute threat to digital brand integrity and user trust. In this case, the registration of 24 highly similar domain names on a single day (May 14, 2025) demonstrates a structured attempt to capture and divert organic web traffic. By targeting common keyboard errors and spelling slips associated with the UDEMY trademark, the respondent sought to systematically siphon off users trying to access the legitimate educational platform. This method of traffic diversion directly capitalizes on the extensive brand recognition built by the complainant since its trademark registration in 2012.
The security posture of a brand is severely compromised when typosquatting domains redirect users to external, hostile environments. Ten of the disputed domains, including pudemy.com, u8demy.com, and udemyai.com, redirected unsuspecting visitors to what appeared to be a malicious website. Meanwhile, the remaining disputed domains redirected to the same target website but loaded as blank pages. This inconsistent backend configuration creates varying risk profiles for consumers, ranging from exposure to potential security threats on the active malicious sites to brand confusion and frustration on the blank target pages, thereby eroding overall customer trust.
From an operational standpoint, bad actors frequently use privacy shield services to prolong their campaigns and complicate brand enforcement efforts. The respondent initially utilized a proxy service, Super Privacy Services LTD, to conceal its identity as johnVirtual Real Estate Limited. This tactic forces brand owners to expend significant administrative and financial resources to initiate WIPO proceedings, verify the true registrant, and halt the abusive registrations. The scale of this 24-domain attack underscores the necessity for brand protection professionals to monitor for sudden, bulk registrations and execute swift, aggregate legal actions to mitigate ongoing exposure.
Panelist Analysis of Coordinated Bulk Typosquatting, Legitimate Interests, and Bad Faith Use
In analyzing the first element of the UDRP Policy, Panelist Pablo A. Palazzi focused on the structural characteristics of the 24 disputed domain names registered concurrently by johnVirtual Real Estate Limited on May 14, 2025. The panel found that each of these domains represented an obvious typographical variation of the Complainant’s UDEMY trademark, which has been registered in the European Union under registration No. 011006319 since November 2012. By incorporating common keyboard typos, adjacent key insertions, and minor alphanumeric modifications—such as adding letters or numbers in domains like pudemy.com, u8demy.com, and udemy6.com—the disputed domains maintained a close visual and phonetic resemblance to the protected mark. Consequently, the panel ruled that all 24 domains were confusingly similar, establishing the first element.
Regarding the second element, the panel determined that the Respondent lacked any rights or legitimate interests in the disputed domain names. Udemy, Inc. successfully established a prima facie case by showing that the Respondent had no association with the brand, was not commonly known by the disputed names, and possessed no authorization to utilize the UDEMY mark. Under established WIPO UDRP jurisprudence, registering typosquatting domains to capture redirected traffic does not constitute a bona fide offering of goods or services. The Respondent’s failure to submit a formal response or provide evidence of legitimate use left the Complainant’s prima facie showing unrebutted.
The third element, bad faith registration and use, was demonstrated through multiple coordinated tactics. The Respondent executed a bulk registration of 24 highly targeted domain variations on a single day, May 14, 2025, while initially concealing its identity behind a privacy proxy service, Super Privacy Services LTD. Following registration, ten of the domains redirected users to what appeared to be a malicious website, whereas the remaining domains pointed to the same target server but loaded a blank page. The panel recognized this pattern of systematic bulk registration and malicious redirection as clear evidence of bad faith, ultimately ordering the transfer of all 24 disputed domains.
Strategic Consolidation and Coordinated Bad Faith Evidence
Udemy’s strategy succeeded by presenting a consolidated case against a coordinated, single-day bulk registration of 24 typographical variations of its mark. The Respondent, johnVirtual Real Estate Limited, registered all 24 disputed domains on May 14, 2025, which pointed to a systematic typosquatting campaign designed to intercept traffic from common typing mistakes. The Complainant anchored its arguments on its European Union trademark registration No. 011006319, which dates back to November 28, 2012, and detailed its global digital reach. By treating this network of domains as a single, unified threat rather than filing separate, isolated complaints, Udemy established a clear pattern of targeted targeting that simplified the WIPO Panelist’s finding of confusing similarity across the entire domain portfolio.
The evidentiary weight of the complaint was reinforced by the detailed profiling of how the domains were used. The Complainant proved that ten of the domains, including pudemy.com, u8demy.com, and uademy.com, redirected users to what appeared to be a malicious website, while the remaining fourteen domains, such as udimey.com and udmei.com, redirected to the exact same target web server but loaded a blank page. Documenting this shared redirection behavior undercuts any claim of accidental similarity or independent registration. Coupled with the Respondent’s initial concealment behind Super Privacy Services LTD and their subsequent failure to file a formal response, this evidence allowed the Panel to easily find that the bulk registrations were executed in bad faith without any legitimate commercial interests.
Practical Recommendations
- Aggregate multiple domain variants into a single consolidated UDRP filing when facing coordinated bulk registrations (such as the 24 domains registered on a single day in this case) to minimize administrative costs and establish a clear pattern of bad-faith registration.
- Deploy automated domain monitoring systems configured to specifically flag keyboard-adjacent typos, character omissions, and alphanumeric suffix additions (like ‘udemy6.com’ or ‘udwemy.com’) immediately upon registration.
- Document and preserve active redirection evidence, capturing destination URLs, screenshots, and server-side headers even if some domains resolve to blank pages, to substantiate claims of malicious traffic diversion and bad faith.
- Do not hesitate to initiate UDRP actions against privacy-shielded registrants; filing the formal complaint triggers the registrar verification process, which unmasks the true underlying registrant and exposes coordinated networks.
Frequently Asked Questions (FAQ)
Why were the 24 domain names like ‘pudemy.com’ and ‘u8demy.com’ found to be confusingly similar to the Udemy brand?
The Panel determined that the disputed domains are clear typographical variations of the ‘UDEMY’ trademark, incorporating minor misspellings or character substitutions designed to catch users making common keyboard entry errors when attempting to reach the official Udemy website.
What evidence did the Panel use to establish that the Respondent acted in bad faith?
Bad faith was proven by the coordinated bulk registration of 24 domain names on a single date, combined with their use to redirect traffic either to what appeared to be malicious websites or to blank pages, demonstrating a clear intent to disrupt the Complainant’s business and exploit its trademark.
How did the Respondent attempt to conceal their identity, and did it impact the UDRP outcome?
The Respondent initially used a privacy proxy service, Super Privacy Services LTD, to shield their identity. This attempt did not prevent the WIPO Center from identifying the registrant through registrar verification, and the lack of a formal response or any proof of legitimate interest ultimately favored the Complainant’s request for transfer.
What is the practical takeaway for brands facing similar multi-domain typosquatting campaigns?
This case demonstrates that bulk, coordinated registrations of typosquatting variants can be effectively addressed through a single UDRP filing when they share a common ownership and pattern of use, such as diverting traffic to malicious endpoints.
Detecting and Disarming Bulk Typosquatting Campaigns
Coordinated registrations of look-alike domains often precede malicious activity. Protect your brand by identifying and addressing typosquatting clusters before they impact your users.
This case note is for informational purposes only and is not legal advice.



