How to take down a fake domain (abuse reports, ICANN, registrars)?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

You've found a domain impersonating your brand. Maybe it's yourcompany-login.com or a Unicode lookalike that your customers could genuinely mistake for the real thing. Whatever the case, you want it gone. Here's how to actually go about that, in order.

Step 1: Look up who owns it

Before you file anything, run a WHOIS lookup on the fake domain. WHOIS is a public directory that shows who registered a domain, which registrar they used, and in many cases an abuse contact email. Tools like ICANN WHOIS give you this in seconds. Screenshot everything you find before the registrant has any reason to update or hide it.

Step 2: Hit the registrar's abuse contact first

The registrar (think GoDaddy, Namecheap, Cloudflare, etc.) is your fastest path to a takedown. Every ICANN-accredited registrar is required to publish an abuse contact and to act on legitimate complaints. Send them an email with:

  • The domain in question
  • Screenshots showing the impersonation (fake login page, copied branding, lookalike email sending)
  • A link to your legitimate domain and any trademark registration or brand evidence you have
  • The specific policy violation (most registrars prohibit phishing and brand impersonation in their terms)

Clear-cut phishing domains often get suspended within 24 to 72 hours. The more evidence you include upfront, the faster this moves. If you have a registered trademark, say so explicitly. It carries more weight than a common law claim, even though common law claims are still valid.

Step 3: Report to anti-phishing bodies in parallel

Don't wait on the registrar before filing these. They run on separate tracks and can result in the domain getting flagged in browsers even before the registrar acts.

  • Google Safe Browsing (safebrowsing.google.com/safebrowsing/report_phish/) to get the domain flagged in Chrome and other browsers
  • PhishTank (phishtank.org) for community-verified phishing reports
  • APWG (Anti-Phishing Working Group at apwg.org) which aggregates reports and works with registrars
  • Your country's cybercrime unit if users are being actively defrauded

Step 4: Escalate to ICANN if the registrar ignores you

ICANN doesn't remove domains directly. What they do is enforce registrar accountability. If the registrar has ignored a legitimate, documented complaint, you can file with ICANN's Contractual Compliance team. ICANN can pressure the registrar to respond and can ultimately revoke a registrar's accreditation for repeated failures to act. It's slower (think weeks, not days), but it matters when the registrar is unresponsive or appears to be in a non-cooperative jurisdiction.

File via ICANN's complaint portal at icann.org/resources/pages/submit-complaint-2012-02-08-en.

Step 5: UDRP for trademark-based disputes

Still if the registrar route stalls and you have a registered trademark, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) gives you a formal legal path. It's arbitration run through ICANN-approved providers like WIPO or the National Arbitration Forum. You file a complaint showing three things: the domain is identical or confusingly similar to your mark, the registrant has no legitimate interest in it, and it was registered and used in bad faith.

UDRP isn't cheap. Expect to spend $1,500 to $4,000+ depending on the provider and whether the respondent files a defense. But it produces a binding decision, usually within 60 days. If you win, the domain gets transferred or deleted. You don't need to go to court.

Note: UDRP is for trademark holders. If you don't have a registered trademark, you can still pursue the registrar and ICANN routes, but UDRP will be harder to win on a common law claim alone.

What about domains that just redirect?

And some redirection attacks are designed to look harmless (the domain itself shows no content, just a redirect). That doesn't make them less reportable. Document the redirect chain and include that in your registrar complaint. Registrars can still act on clear bad faith registration even without a live phishing page.

Realistic timelines

  • Registrar suspension for active phishing: 24 to 72 hours in most cases
  • Browser flagging via Safe Browsing: 24 to 48 hours after report
  • ICANN complaint response: 2 to 4 weeks
  • UDRP decision: 45 to 60 days from filing

If you're seeing active fraud happening right now (customers getting phished, money being lost), contact your country's cybercrime unit alongside all of the above. That adds law enforcement pressure that registrars take seriously.

Want to understand the mechanics of what makes these domains dangerous in the first place? Start with what a lookalike domain actually is and how typosquatting works. And if you're in the middle of a live brand impersonation incident and not sure where to start, our SOS hotline is free.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get a step-by-step takedown plan for your situation

I need to take down a domain impersonating my brand. Tell me: (1) which route to start with based on urgency, (2) what documentation to include in a registrar abuse report, (3) whether I need a registered trademark for UDRP, and (4) realistic timelines for each path. My situation: describe the fake domain and what it's doing

Edit the yellow boxes, then send to the AI of your choice.