How to Recover a Stolen or Infringing Domain Name

How to recover a domain name: tell infringement from a hijack, gather evidence, file a UDRP or URS, sue under the ACPA, or use the registrar/TDRP transfer process.

By Lidiia Levitska  ·  June 21, 2026
Person at a laptop securing a website domain login
Recovering a domain starts with correctly diagnosing whether the problem is trademark infringement or an account hijack — the two follow completely different paths. Shutterstock
Educational guide, not legal advice. This article explains general legal concepts and is not a substitute for advice from an attorney licensed in your jurisdiction. Reading it does not create an attorney–client relationship.
Quick answer: First figure out which problem you actually have. If someone else registered a domain that copies your brand, that is a trademark/cybersquatting issue — you gather evidence, try contact, then file a UDRP complaint (with WIPO or Forum) or, if you want damages, sue under the federal ACPA. If a domain you owned was stolen or transferred away without your permission, that is a hijack — you contact your registrar's abuse team immediately and, if needed, use ICANN's Transfer Dispute Resolution Policy (TDRP). These are different tracks; using the wrong one wastes time and money. This guide is general education, not legal advice — have an attorney licensed in your jurisdiction review your specific facts.

Losing a domain — or finding your brand on one you never registered — feels like an emergency, and sometimes it is. But the single most important step costs nothing: correctly diagnosing the problem. The recovery paths for “someone copied my name” and “someone stole the name I owned” share almost nothing in common. This guide walks through both, in the order an experienced practitioner would.

Step one: which problem do you actually have?

Almost every domain dispute falls into one of two categories.

Infringement / cybersquatting. Someone else registered a domain that is identical or confusingly similar to your trademark — for example, a misspelling of your brand, your brand plus a generic word, or your exact name in a different extension. You never owned this domain. Your goal is to take it from its current holder. (For background on what counts, see what is cybersquatting.)

Hijacking / theft. You owned the domain and lost control of it — through a stolen registrar password, a phishing attack, social engineering of support staff, or a fraudulent transfer to another registrar. Here the dispute is not about trademark rights at all; it is about an unauthorized change to an account or registration that was rightfully yours.

The tell is simple: did you ever own and control this exact domain? If no, you are in the infringement track (UDRP/ACPA). If yes, you are in the hijack track (registrar/TDRP). Picking the wrong one is the most common and costly mistake — the UDRP, for instance, is built around trademark bad faith and is the wrong tool for an account theft.

Step two: gather evidence now, before anything changes

Whichever track you are on, build a record immediately, because infringers and thieves change things fast.

  • Screenshot the live site and the WHOIS/RDAP record, with visible timestamps. Registration data and content can change overnight.
  • Save the full registration history if you can — services that archive WHOIS and the Internet Archive’s Wayback Machine can show how the domain was used and when.
  • Document your trademark rights: your USPTO registration certificate (or proof of first use in commerce for common-law rights), and the dates you began using the mark.
  • For a hijack, collect your old registrar invoices, renewal receipts, DNS records, account emails, and any login or transfer-confirmation messages — anything proving prior ownership and the moment control was lost.
  • Preserve communications with the other party, and note any demands for payment, which can be powerful evidence of bad faith.

A clean, dated evidence file is what makes every later step faster and stronger.

Step three: try contact and negotiation (when appropriate)

For an infringing domain, a measured outreach or a formal cease-and-desist letter sometimes resolves things without a filing — especially against a registrant who did not realize the name was protected. Be careful, though: a clumsy threat can tip off a sophisticated cybersquatter to lock things down or demand a higher price. Many practitioners send a demand only after the evidence file is complete. (A related approach is covered in our trademark cease-and-desist guide.)

For a hijack, skip negotiation with the thief entirely and contact your registrar — this is a security incident, addressed below.

A word of caution on buying it back: paying a squatter can be the fastest route, but it rewards the conduct and may invite repeat targeting. Weigh it against the formal options below.

Step four: file a UDRP (or URS) for an infringing domain

The Uniform Domain Name Dispute Resolution Policy (UDRP) is the workhorse remedy for cybersquatting. Every ICANN-accredited registrar requires registrants to submit to it, so you do not need the squatter’s agreement to use it. To win, you must prove all three elements:

  1. The domain is identical or confusingly similar to a trademark in which you have rights;
  2. The registrant has no rights or legitimate interests in the domain; and
  3. The domain was registered and is being used in bad faith.

You file with an approved dispute-resolution provider — most commonly the World Intellectual Property Organization (WIPO) or the Forum (formerly the National Arbitration Forum); the Czech Arbitration Court is another option. A panelist (or three-member panel) reviews the complaint and response and issues a decision. The process is fast and paper-only — typically about two months start to finish — and the respondent generally has 20 days to answer. The only outcomes are transfer or cancellation of the domain; the UDRP awards no money damages. Provider fees for a single-panelist case commonly run in the four figures, plus any attorney fees.

A lighter-weight cousin, the Uniform Rapid Suspension (URS) system, exists for the newer generic top-level domains (like .shop or .xyz). It is cheaper and faster but applies a higher “clear and convincing” standard, and a win only suspends the domain for the remainder of its registration — it does not transfer ownership to you. URS suits the most clear-cut abuses where you mainly want the bad site dark. For a fuller comparison of when each tool fits, see UDRP vs URS vs ACPA.

Step five: when to go to federal court (the ACPA)

The Anticybersquatting Consumer Protection Act (ACPA), part of U.S. federal trademark law, is the litigation path. You would consider it when the administrative route falls short — for example, when you want money damages, when the registrant is a serial or sophisticated bad actor, when there are related claims (broader infringement, fraud), or when a UDRP loss needs to be challenged in court.

Under the ACPA, a plaintiff must generally show the defendant registered, trafficked in, or used a domain that is identical or confusingly similar to a distinctive or famous mark, with a bad-faith intent to profit. Unlike the UDRP, a court can order transfer of the domain and award statutory damages of 1,000 to 100,000 US dollars per domain at its discretion — a meaningful deterrent. The ACPA even allows certain in rem actions against the domain itself when the registrant cannot be located or is overseas. The trade-off is that litigation is slower and far more expensive than a UDRP, so it is usually reserved for higher-stakes situations. An attorney licensed in your jurisdiction can tell you whether your facts justify it.

Step six: recovering a hijacked domain (registrar and TDRP)

A hijack is a security and ownership problem, not a trademark one, and speed matters enormously.

  1. Contact your registrar’s abuse/security team within hours. Report the unauthorized access or transfer and ask them to lock the account and reverse changes. Registrars can often act quickly if the domain has not yet left.
  2. If it was transferred to a different registrar, contact that “gaining” registrar too, with your proof of prior ownership. Many will cooperate to undo a clearly fraudulent transfer.
  3. Reset and secure everything: change passwords, enable two-factor authentication, and regain control of the email account tied to the domain (often the real entry point).
  4. Escalate to ICANN’s Transfer Dispute Resolution Policy (TDRP) if the registrars will not resolve it. The TDRP is the formal mechanism for disputes over inter-registrar transfers — it is designed precisely for unauthorized or fraudulent transfers, and it operates between registrars and the registry rather than as a trademark proceeding. Timelines run from about a week (if registrars cooperate at once) to a few months through a full TDRP process.
  5. Consider law enforcement and counsel for outright theft, especially where fraud or large losses are involved; a court order is sometimes the fastest way to compel a transfer back.

Note the dividing line again: the TDRP targets the transfer, while the UDRP targets trademark bad faith. If you owned the domain and it was stolen, the TDRP and your registrar — not the UDRP — are your tools.

The bottom line

Recovering a domain is mostly a matter of diagnosis. Ask first whether someone registered a name that copies your brand (infringement) or whether a name you owned was taken (hijack). For infringement, gather evidence, weigh a demand letter, then file a UDRP (or URS for a quick suspension), and escalate to an ACPA suit when you need damages or face a serial offender. For a hijack, move fast through your registrar’s abuse team and ICANN’s TDRP, and lock down the email and account that made the theft possible. Start with the lightest step that actually solves your problem, keep a dated evidence file from day one, and read the deeper Domain & cybersquatting pillar and our other trademark guides for context.

This guide is general educational information about U.S. intellectual property and domain dispute processes. It is not legal advice, does not create an attorney-client relationship, and is not a solicitation. Domain and trademark disputes turn on specific facts and deadlines — consult an attorney licensed in your jurisdiction before acting.

Frequently asked questions

What is the difference between a domain that infringes my trademark and a hijacked domain?

An infringing domain is one someone else registered that copies your brand — you never owned it, and you recover it through a UDRP complaint or an ACPA lawsuit. A hijacked domain is one you owned and lost control of through theft, fraud, or an unauthorized transfer — you recover it through your registrar's abuse team or ICANN's Transfer Dispute Resolution Policy (TDRP), not the UDRP.

How long does a UDRP case take and what does it cost?

A typical UDRP proceeding concludes in about two months. Provider filing fees commonly run around 1,500 US dollars for a single-member panel, and attorney fees often add a few thousand more. The only remedies are transfer or cancellation of the domain — the UDRP does not award money damages.

Can I get money damages from a cybersquatter?

Not through the UDRP or URS. To seek damages you generally must file suit in federal court under the Anticybersquatting Consumer Protection Act (ACPA), which allows transfer of the domain plus statutory damages of 1,000 to 100,000 US dollars per domain at the court's discretion. An attorney licensed in your jurisdiction can assess whether your facts support an ACPA claim.

Lidiia Levitska
About the Author

Lidiia Levitska

International Intellectual Property Attorney

Lidiia Levitska focuses on intellectual property dispute resolution, policy, and advisory work across international institutions and government bodies. From 2021 to 2025 she served at the World Intellectual Property Organization (WIPO), managing arbitration cases and overseeing compliance with the Uniform Domain-Name Dispute-Resolution Policy (UDRP), and earlier led IP policy research as a Senior Policy Officer at the American Chamber of Commerce in Ukraine. She holds an LL.M. in International Intellectual Property Law from Chicago-Kent College of Law and an M.A. in Information Technology Law from the University of Tartu, and was admitted to the Ukrainian Bar in 2019.

More about Lidiia →