5 May, 2026

How Registrar Inaction and a Failed Reseller Defense Forced Skyscanner’s UDRP Decision

UDRP Cases

Skyscanner Limited successfully secured the transfer of four domain names, including flightbooksky.com, that resolved to identical phishing login portals mimicking the official platform. Although a settlement was reached with a domain reseller on one of the domains, registrar inaction by Cosmotown, Inc. forced the dispute to a full UDRP panel decision. Panelist William Lobelson ordered all four domains transferred due to clear evidence of bad faith targeting.

Case Snapshot

Case Number D2025-2663
Complainant Skyscanner Limited
Respondent Jubayer Hossain, Cyber Planet BDMamun Sardar, Web PlusRakibul Hasan
Disputed Domain
flightbooksky.comskyscanner-flightbook.comskyscannerflightbook.comskyscanner-flightbooking.com
Threat Tactic Brand Plus Keyword
Decision Date 2025-10-10
Panelist William Lobelson
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-2663

Customer Trust and Operational Exposure: Brand Abuse and Registrar Bottlenecks

Skyscanner’s massive market presence, highlighted by 41.6 million unique visits in March 2025 alone, makes it a highly attractive target for digital impersonation and traffic diversion. The registration of descriptive brand-plus-keyword variations—such as skyscanner-flightbooking.com, skyscannerflightbook.com, and flightbooksky.com—directly leverages this high volume of consumer traffic. By routing users to identical, highly deceptive login portals to harvest sensitive personal data, bad actors exploit the consumer trust established by Skyscanner’s longstanding trademark registrations, including United Kingdom Registration No. UK00002313916. This form of credential theft poses severe reputational risks, as users rarely distinguish between a brand’s official platform and a sophisticated phishing replication.

The dispute also demonstrates the limits of the ‘reseller defense’ in UDRP proceedings. The recorded owner of skyscanner-flightbook.com attempted to avoid liability by asserting he was simply a domain reseller acting in good faith on behalf of a downstream customer whom he identified, subsequently offering to return the domain. However, the actual identity and motives of this downstream client were never verified or proven. For brand protection professionals, this underscores how bad actors utilize administrative layers and intermediaries to mask malicious activity. The panelist, William Lobelson, disregarded this defense because the domain hosted an identical phishing template targeting the complainant’s famous mark. This confirms that resellers remain legally and operationally accountable for the deceptive content published under their registered domains.

Finally, this case highlights a critical operational vulnerability during the settlement phase of domain recovery. Although Skyscanner and the respondent signed a formal settlement agreement on July 24, 2025, to transfer the disputed domain, the registrar, Cosmotown, Inc., failed to execute the transfer. This administrative failure forced Skyscanner to proceed to a full panel decision on October 10, 2025. This delay demonstrates that even when a brand owner successfully negotiates a voluntary transfer, registrar inaction can create unexpected legal costs and prolong the window of exposure, necessitating fallback strategies in corporate brand enforcement.

Deceptive Phishing Portals and the Limits of the Domain Reseller Defense

Skyscanner Limited’s enforcement strategy succeeded by combining clear evidence of its long-established trademark rights with proof of active credential harvesting. By documenting its United Kingdom Registration No. UK00002313916 from April 30, 2004, and showcasing its massive digital footprint—including 41.6 million unique visits in March 2025 alone—the Complainant established that the trademark SKYSCANNER was highly recognizable. This strong brand equity made the unauthorized registration of the disputed domains, which incorporated the trademark alongside travel-related terms, a clear case of confusing similarity. Skyscanner further solidified its bad faith argument by demonstrating that the domains resolved to identical web pages containing deceptive login screens designed to collect sensitive personal data.

The case highlights the limitations of a passive reseller defense and the operational risks associated with registrar inaction. One of the recorded owners tried to deflect liability by claiming to be a domain reseller acting on behalf of an unnamed customer, offering to return the domain ‘skyscanner-flightbook.com’ and signing a settlement agreement on July 24, 2025. However, because the registrar, Cosmotown, Inc., failed to execute the agreed-upon transfer, the case was forced to proceed to a full decision. Skyscanner’s decision to file a comprehensive consolidated complaint ensured that despite the registrar’s failure to process the voluntary settlement, the Panelist William Lobelson could still order a complete transfer of all four disputed domains based on the undeniable bad faith usage.

Practical Recommendations

  • Closely monitor registrar compliance during settlement windows; if a registrar (such as Cosmotown) fails to execute a signed settlement transfer, immediately request the UDRP provider to reinstate the suspended proceedings to secure an enforceable panel decision.
  • Defeat the ‘innocent reseller’ defense by reminding the panel that a reseller remains legally responsible for the bad-faith registration and use of a domain, and cannot escape liability for hosting deceptive phishing portals by blaming an unnamed downstream customer.
  • Consolidate multiple domain disputes into a single UDRP complaint when they utilize identical phishing templates or credential-harvesting structures, establishing a clear pattern of coordinated, bad-faith targeting.
  • Expand proactive domain monitoring programs to flag high-risk brand-plus-keyword combinations (such as ‘brand + flight’ or ‘brand + booking’) to intercept deceptive travel-portal impersonations before they can compromise customer credentials.

Frequently Asked Questions (FAQ)

Why did the Panel find the domains confusingly similar to the Skyscanner brand?

The Panel determined that the disputed domains—such as skyscanner-flightbook.com—directly incorporated the SKYSCANNER trademark in its entirety. By appending descriptive terms like ‘flightbook’ or ‘flightbooking,’ the domains created a false association with the Complainant’s well-known global travel service.

Did the reseller’s claim of ‘good faith’ on behalf of a client successfully defend the case?

No. While the respondent claimed to be a reseller acting for a third party and offered to return the domain, the Panel rejected this as a valid defense. The active use of the domains to host deceptive phishing login portals to harvest user credentials clearly negated any claims of legitimate interest or good faith.

How did registrar inaction impact the recovery of the domain names?

Despite a signed settlement agreement reached on July 24, 2025, between Skyscanner and the respondent, the registrar, Cosmotown, Inc., failed to execute the transfer. This administrative failure left the dispute unresolved, forcing the Complainant to proceed to a full UDRP panel decision to secure the forced transfer of all four domains.

What evidence established the bad faith registration and use of these domains?

Bad faith was proven by the respondent’s decision to resolve all four domains to identical replica login pages. These portals were specifically designed to mimic the official Skyscanner platform, demonstrating an intent to target the Complainant’s brand to intercept and harvest sensitive personal user credentials.

Found a brand-plus-keyword impersonation domain?

Protect your brand from deceptive domains using your trademarks alongside descriptive terms. Learn how to mitigate risks when settlements fail and registrars become a bottleneck in your enforcement strategy.

Assess brand threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.