We have helped dozens of businesses and individuals take down imposter websites — fake domains, copycat e-commerce stores, phishing pages, and fraudulent social media accounts that impersonate legitimate brands. If you have discovered that someone created a fake version of your website, you are dealing with one of the most frustrating problems in online business. These sites steal customers, damage trust, and can drag on for months if you do not know how to handle them.
The good news is that imposter websites can be taken down. Unlike negative press or bad reviews that require long-term suppression strategies, fraudulent websites violate registrar terms of service, hosting provider policies, and often multiple laws. With proper documentation and persistence, most imposter sites come down within two to four weeks. This guide covers everything we have learned from handling these cases — the complete playbook for identifying, reporting, and eliminating fake websites that target your business.
What Are Imposter Websites?
Imposter websites are fraudulent sites designed to mimic legitimate businesses for malicious purposes. According to the FBI's Internet Crime Complaint Center, phishing and spoofing attacks — which include imposter websites — resulted in over $52 million in reported losses in a single recent year. The actual figure is almost certainly much higher because most victims never file a report.
These sites take several forms. Fake e-commerce sites are the most common type we see. Scammers copy a legitimate retailer's branding, product images, and website layout, then either take payment without shipping anything or ship counterfeit goods. Customers believe they are buying from the real company. These sites often use lookalike domains — slight misspellings, different TLD extensions like .net instead of .com, or added words like "brandname-official.com."
Phishing sites take a different approach. They create fake login pages designed to harvest credentials, impersonating banks, email providers, social media platforms, or business applications. These are often distributed through deceptive emails or ads that direct victims to the fraudulent page. The goal is stealing usernames, passwords, and financial information rather than making a sale.
Investment and financial scams are particularly damaging. These professional-looking websites impersonate financial services firms, cryptocurrency exchanges, or investment platforms. They build credibility by copying legitimate company branding before convincing victims to transfer money for fake investment opportunities. By the time the victim realizes what happened, the money is gone.
Finally, there are counterfeit product sites. These actually ship products — just not authentic ones. They use brand imagery and marketing to sell knockoffs, often at prices slightly below retail to appear as "deals." The legitimate brand suffers reputation damage when customers receive low-quality counterfeits and blame the real company.
Types of Domain Squatting and Brand Impersonation
Domain squatting — also called cybersquatting — refers to registering domain names that exploit established brand names. Understanding these tactics helps you identify threats and take appropriate action. In our removal work, we encounter all of these regularly.
Typosquatting is probably the oldest trick in the book. Scammers register domains that are common misspellings of legitimate brands — amazom.com, gooogle.com, facebok.com. When users accidentally mistype a URL, they land on the fraudulent site instead of the legitimate one. This is particularly effective on mobile devices where typing errors happen more frequently and users may not notice the mistake before entering payment information.
Combosquatting is more sophisticated. Instead of relying on typos, scammers add words to a legitimate brand name: amazon-deals.com, paypal-secure.com, nike-outlet-store.com. These domains are actually more dangerous than typosquatting because they look intentional rather than accidental. A customer seeing "paypal-secure.com" might assume it is an official PayPal subdomain for secure transactions. Combosquatting has become increasingly common as the obvious typos have been snatched up.
Homograph attacks exploit Unicode characters that look identical to Latin letters. The Cyrillic "а" looks exactly like the Latin "a" but is technically a different character, allowing scammers to register what appears to be the exact same domain. Modern browsers have implemented some protections against this, but older systems and less vigilant users remain vulnerable.
Level squatting exploits how mobile browsers truncate long URLs. A domain like "amazon.com.secure-checkout.scammer.com" may display as just "amazon.com..." on a mobile screen. The actual domain is "scammer.com" with subdomains designed to fool truncated mobile displays. This technique has become more prevalent as mobile commerce has grown.
Soundsquatting targets voice search and verbal communication by registering domains that sound similar when spoken aloud. As voice assistants become more common, homophones and similar-sounding words create new opportunities for confusion.
TLD squatting involves registering a brand name with a different top-level domain — yourbrand.net when you own yourbrand.com, or yourbrand.co, yourbrand.org, yourbrand.shop. With hundreds of TLDs now available, defending against every possibility is impractical, making this a constant threat.
How to Identify an Imposter Website
Before you can take action, you need to confirm that a site is actually impersonating your business and gather evidence for takedown requests.
Proactive monitoring catches imposter sites before they cause significant damage. Set up Google Alerts for your business name, product names, and executive names. Use domain monitoring services that alert you when someone registers domains similar to yours. Watch social media for customer complaints about orders you have no record of — this is often the first sign that an imposter is operating. You can also run periodic reverse image searches on your product photos to find unauthorized usage across the web.
When you discover a potential imposter, document everything systematically. Start with domain analysis: check the registration date via WHOIS, because recently registered domains impersonating established businesses are almost certainly fraudulent. Note the registrar and any available registrant information. Then do a thorough content comparison, documenting copied elements including logos, product photos, marketing copy, and website layouts. Take side-by-side screenshots that clearly show the copying.
Look at the contact information on the suspicious site. Fraudulent sites often have missing contact details, generic email addresses, or physical addresses that do not actually exist. Check what payment methods they accept — scam sites often push customers toward wire transfers, cryptocurrency, or other payment methods with weak fraud protection. Finally, search for reviews or complaints about the domain on sites like ScamAdviser, Trustpilot, and the Better Business Bureau.
Use IP lookup tools to identify where the site is actually hosted. This is separate from the domain registrar and equally important for takedown requests. Hosting providers are often faster to act than registrars because they face more direct liability for hosting fraudulent content.
The Six Steps to Take Down an Imposter Website
- Document the imposter website thoroughly. Take timestamped screenshots of every page, especially those showing copied branding, product images, and fraudulent claims. This documentation is essential for every complaint you file.
- Identify the domain registrar and hosting provider. Use WHOIS lookup for the registrar and IP lookup for the host. These are the two parties with direct power to take down the site.
- File abuse complaints with both the registrar and hosting provider. Include all documentation and clearly explain how the site violates their terms of service through fraud or trademark infringement.
- Submit DMCA takedown notices if the imposter copies any of your original content — photos, product descriptions, logos, or marketing materials.
- Report to Google Safe Browsing and relevant authorities. Getting the site flagged as dangerous reduces traffic immediately, even before full takedown.
- Escalate to UDRP or legal action if standard channels fail or if you want to gain control of the fraudulent domain for your own protection.
Step 1: Document Everything
Thorough documentation is the foundation of successful takedown requests. Before filing any complaints, you need timestamped screenshots of every page on the imposter site — especially those showing your branding. Create side-by-side comparisons showing your legitimate site next to the fraudulent one. Pull the WHOIS records including registrar name, registration date, and any visible registrant information. Grab hosting information from IP lookup tools. Collect evidence of fraud like customer complaints, payment disputes, or reports of non-delivery. Gather proof of your legitimate business including business registration, trademark certificates, and domain ownership records for your authentic site.
Use the Wayback Machine to check if the site has been archived. This can provide evidence of how long the fraud has been operating and what content they have displayed over time.
Step 2: File Registrar Abuse Complaints
The domain registrar controls whether the fraudulent domain continues to function. All ICANN-accredited registrars are required to maintain abuse contact information and have policies against fraudulent domain use.
To find the registrar, look up the domain using a WHOIS service like ICANN WHOIS, who.is, or whois.domaintools.com. The registrar name and abuse contact should be listed. Common registrars include GoDaddy, Namecheap, Cloudflare, Google Domains, and Tucows.
Your complaint should include the fraudulent domain name, a clear statement that the domain is being used for fraud or trademark infringement, evidence of your legitimate business and ownership of the brand being impersonated, screenshots showing copied branding or content, any evidence of consumer harm, your contact information for follow-up, and a request for immediate domain suspension.
Most US and European registrars respond within 5-10 business days. If you do not receive a response within two weeks, follow up and consider escalating to ICANN.
Step 3: File Hosting Provider Abuse Complaints
While the registrar controls the domain, the hosting provider controls the actual website content. Hosting providers often act faster than registrars because they face more direct legal exposure for hosting fraudulent content.
To find the host, use IP lookup tools like whatismyip.com/ip-lookup or iplocation.net to find the server IP address, then use WHOIS lookup on that IP to identify the hosting company. If the site uses a CDN like Cloudflare, you may see the CDN's IP rather than the actual host — file complaints with both the CDN and the underlying host if you can identify it.
Include the same documentation as your registrar complaint, but emphasize the specific URLs hosting fraudulent content and evidence of terms of service violations. Major providers like AWS, Google Cloud, Microsoft Azure, DigitalOcean, and OVH all have abuse reporting processes and typically respond within 24-72 hours for clear fraud cases.
DMCA Takedowns: Your Most Powerful Tool
If the imposter website copies any of your original content — product photos, marketing copy, website design, or logos — you have powerful leverage through the Digital Millennium Copyright Act. We use DMCA takedowns in the majority of our removal cases because they are fast, free, and legally enforceable.
DMCA takedowns work because hosting providers face legal liability if they ignore valid notices. Under the DMCA safe harbor provisions, hosts must act "expeditiously" to remove infringing content after receiving proper notice, or they lose their protection from copyright infringement claims. This legal requirement creates strong incentive for quick action — typically within 3-5 business days.
For a DMCA notice to be legally valid, it must contain specific elements. You need to identify the copyrighted work being infringed — your original photos, text, or designs. List the specific URLs where the infringing content appears on the imposter site. Include your contact information: name, address, phone number, and email. Add a statement that you have a good faith belief that the use is not authorized by you, your agent, or the law. Include a statement, made under penalty of perjury, that you are the copyright owner or authorized to act on their behalf. Finally, sign the notice physically or electronically.
Most hosting providers have designated DMCA agents and online submission forms. Find the host using IP lookup tools, then search for their DMCA or legal contact information. Be specific about which URLs contain infringing content — vague complaints get slower responses.
You should also file DMCA notices with Google to remove infringing URLs from search results. Use Google's Legal Removal Request form. While this does not take down the actual site, it prevents people from finding it through search — often reducing the imposter's traffic by 90% or more. Combined with the hosting provider takedown, this is a powerful combination.
UDRP and Legal Escalation
For cases where standard takedown channels are slow or ineffective, or when you want to gain control of the fraudulent domain rather than just having it suspended, UDRP and legal action become relevant options.
UDRP — the Uniform Domain-Name Dispute-Resolution Policy — is an arbitration process for domain disputes administered by ICANN. It is faster and cheaper than litigation, typically costing $1,500-5,000 in filing fees with decisions arriving in 60-90 days. To win a UDRP case, you must demonstrate three things: the domain is identical or confusingly similar to your trademark, the registrant has no legitimate interest in the domain, and the domain was registered and is being used in bad faith. For imposter websites, all three elements are usually straightforward to prove.
The key advantage of UDRP is that winning results in either domain cancellation or transfer to you. This means you can take control of the fraudulent domain to prevent future abuse. File UDRP when you want the domain itself, not just a takedown.
The Anticybersquatting Consumer Protection Act (ACPA) provides a legal cause of action against domain squatters. Unlike UDRP, civil litigation can result in monetary damages — up to $100,000 per domain in statutory damages — plus injunctions and domain forfeiture. The challenge is identifying and serving the defendant, since scammers typically hide behind privacy protection and fake registration information. Litigation makes sense when significant financial harm has occurred, you need monetary damages beyond just the domain, the operator can be identified, or you want to set a precedent to deter future squatters. For most cases, UDRP is faster and more cost-effective.
Handling Offshore and Uncooperative Hosts
Some imposter websites are deliberately hosted with "bulletproof" hosts in jurisdictions that ignore takedown requests. When standard channels fail, you need to escalate.
Even bulletproof hosts rely on upstream network providers and data centers. Identify the network providers in the hosting chain and file abuse complaints with them. Pressure from upstream providers can force even uncooperative hosts to act. This takes more research but can be effective when direct complaints fail.
If a registrar ignores valid abuse complaints, file a formal complaint with ICANN's complaint portal. ICANN can apply pressure on accredited registrars and, in extreme cases, revoke their accreditation. This is a slow process but creates accountability that registrars want to avoid.
If the imposter site accepts credit cards, report it to Visa, Mastercard, PayPal, Stripe, and any other processors you can identify. Payment processors can freeze the scammer's ability to accept payments, often within days. This is one of the fastest ways to cripple an active scam operation, even when the site itself remains online.
For fraud affecting consumers in multiple countries, consider reporting to cybercrime authorities in the hosting country. Many countries have mutual legal assistance treaties, and law enforcement cooperation can succeed where private complaints fail.
Protecting Customers Who Were Scammed
When customers contact you about orders they placed with an imposter site, handle the situation carefully to protect both them and your reputation.
Respond with empathy — these people are victims of fraud, and they are confused and frustrated. Acknowledge their frustration and confirm clearly that the site is fraudulent and not affiliated with your business. Direct them to file chargebacks with their bank or credit card company, and recommend reporting to the FTC and FBI's Internet Crime Complaint Center (IC3). Provide your official website URL so they know where to find legitimate products in the future. Ask them to share order confirmations and screenshots — this evidence helps strengthen your takedown case.
Consider posting a scam alert prominently on your official website with information about the fraudulent site and guidance for affected customers. This demonstrates that you take the issue seriously, provides a central resource for victims, and may even help you rank for searches combining your brand name with "scam" — capturing traffic that might otherwise go to complaint sites.
Preventing Future Imposter Websites
After successfully taking down an imposter, put protections in place to prevent recurrence.
Defensive domain registration is your first line of defense. Register common misspellings and variations of your domain name before scammers do. Secure your brand across major TLDs — .com, .net, .org, .co — and country-code extensions for markets you serve. This is far cheaper than fighting imposter sites after the fact. Consider registering the top 5-10 typos that users most commonly make when typing your domain.
Trademark registration significantly strengthens your position in DMCA notices, UDRP complaints, and legal action. Register with the Trademark Clearinghouse for additional protections during new TLD launches — this notifies you when someone tries to register your trademark as a domain in a new extension.
Set up ongoing monitoring for new domain registrations similar to yours, brand mentions that could indicate scam activity, social media ads using your brand without authorization, and unauthorized use of your product images. Early detection means faster takedowns and less customer harm.
Help customers identify your official presence. Clearly communicate your legitimate domain, verified social media accounts, and approved retailers. Some brands add verification information to official communications or create dedicated pages explaining how customers can confirm they are dealing with the real company.
When Professional Help Makes Sense
Many imposter website takedowns can be handled directly using the process outlined in this guide. But let's be honest: this process is tedious, time-consuming, and frustrating. If you have a business to run, spending weeks going back and forth with registrars and hosting providers is not the best use of your time.
That is where we come in. At The Discoverability Company, we handle imposter website takedowns for a flat fee of around $2,600. That covers everything: initial documentation, registrar and hosting complaints, DMCA filings with hosts and Google, follow-up with unresponsive providers, escalation when needed, and confirmation that the site is actually down. Most straightforward cases resolve within two to four weeks. For complex cases involving offshore hosting or persistent scammers, we have the experience and persistence to see them through — we do not stop until the job is done.
Professional help makes sense when you are dealing with multiple imposter sites simultaneously, when the scam operation is sophisticated and keeps reappearing after takedowns, when offshore hosting makes the DIY process a nightmare, when you simply do not have time to manage this yourself, or when the financial or reputational stakes are too high to risk a slow or incomplete resolution.
Get started with our removal services and let us handle the frustrating parts while you focus on your business. We will keep you updated on progress and will not consider the job done until the imposter site is gone.
Frequently Asked Questions
What is an imposter website?
An imposter website is a fraudulent site that mimics the appearance of a legitimate business to deceive customers. These sites typically copy logos, branding, product images, and sometimes entire website layouts to appear authentic. Scammers use imposter websites to steal money through fake purchases, harvest personal and financial information, or damage the reputation of legitimate businesses. Common targets include e-commerce brands, financial services, healthcare providers, and any business with established customer trust.
How do I know if someone created a fake version of my website?
Set up Google Alerts for your business name, product names, and key executives to catch mentions of imposter sites. Regularly search for your business name in quotes along with terms like "scam" or "fake" to surface complaints. Monitor domain registrations similar to yours using WHOIS alerts or domain monitoring services. Pay attention to customer complaints about orders they never received or products that look different than expected — these often indicate they purchased from an imposter. You can also use reverse image search on your product photos to find unauthorized usage across the web.
Can I get an imposter website taken down?
Yes, most imposter websites can be taken down through proper channels, though the process requires persistence and documentation. The most effective approach is filing abuse complaints with the domain registrar and hosting provider, who have terms of service prohibiting fraudulent activity. For sites using your copyrighted content, DMCA takedown notices are highly effective. Success rates vary depending on where the site is hosted — US and European providers typically respond within days, while offshore hosting may require escalation to ICANN or legal action. Most imposter sites can be taken down within 2-4 weeks with proper documentation.
How long does it take to remove an imposter website?
Removal timelines vary based on the hosting location and registrar responsiveness. Domain registrars typically respond to abuse complaints within 5-10 business days, with suspension occurring shortly after if the complaint is validated. Hosting providers often act faster, sometimes within 24-48 hours for clear-cut fraud cases. DMCA takedowns through hosting providers usually see action within 3-5 business days. The entire process from discovery to complete takedown typically takes 2-4 weeks for cooperative registrars, though offshore or bulletproof hosting situations can take longer and may require legal escalation.
What information do I need to file an imposter website complaint?
Gather comprehensive documentation before filing complaints: screenshots of the imposter site showing copied branding, logos, and content; side-by-side comparisons with your legitimate website; WHOIS data for the fraudulent domain; evidence of consumer harm such as customer complaints or scam reports; proof of your trademark or business registration; URLs and timestamps of all fraudulent content. The stronger your documentation, the faster registrars and hosting providers will act. Include your contact information and a clear statement that the site is fraudulent and infringes on your intellectual property.
What is a DMCA takedown and how do I file one?
A DMCA (Digital Millennium Copyright Act) takedown is a legal notice demanding removal of content that infringes your copyright. If an imposter site copies your photos, product descriptions, logos, or marketing materials, you can file a DMCA notice with their hosting provider. The notice must include: identification of your copyrighted work, the infringing URLs, your contact information, a good faith statement that the use is unauthorized, a statement of accuracy under penalty of perjury, and your signature. Hosting providers must act "expeditiously" to remove infringing content or lose their safe harbor protection — this legal requirement makes DMCA one of the most effective takedown methods.
Where do I report an imposter website?
Report to multiple channels for maximum effectiveness: the domain registrar (find via WHOIS lookup) for domain suspension; the hosting provider (find via IP lookup) for site takedown; Google Safe Browsing to get the site flagged as dangerous; the FTC and FBI IC3 if US customers were defrauded; your state attorney general for consumer protection action; payment processors like PayPal, Stripe, or Visa if they are processing payments; and social media platforms if the imposter is advertising there. Filing with multiple parties increases pressure and creates a paper trail for legal action if needed.
What if the imposter website is hosted overseas?
Overseas hosting makes takedowns more challenging but not impossible. Start with the domain registrar, which may be US-based even if hosting is not. File with ICANN if the registrar is unresponsive — they oversee all generic TLDs and can apply pressure. For EU-hosted sites, GDPR complaints can be effective. Submit to Google Safe Browsing regardless of hosting location — getting the site flagged as dangerous severely reduces traffic. Consider filing with the hosting country's cybercrime authorities. For persistent offshore sites, legal action through your country's courts may be necessary, and many countries have mutual legal assistance treaties for fraud cases.
Is domain squatting illegal?
Yes, domain squatting (also called cybersquatting) is illegal in the United States under the Anticybersquatting Consumer Protection Act (ACPA). The law prohibits registering, trafficking in, or using a domain name that is identical or confusingly similar to a trademark with bad faith intent to profit. Penalties can include statutory damages up to $100,000 per domain and forfeiture of the domain. However, proving bad faith requires demonstrating the registrant had no legitimate interest and intended to profit from the trademark. The UDRP process through ICANN provides a faster, less expensive alternative to litigation for resolving domain disputes.
What is typosquatting?
Typosquatting is a form of domain squatting where scammers register domains that are common misspellings of legitimate brand names — for example, "amazom.com" or "gooogle.com." When users accidentally mistype the URL, they land on the fraudulent site instead of the legitimate one. These sites may display ads, attempt phishing attacks, or sell counterfeit products. Typosquatting is particularly dangerous because visitors often do not realize they have made a typo, especially on mobile devices. Businesses can protect themselves by proactively registering common misspellings of their domain.
What is the difference between typosquatting and combosquatting?
Typosquatting exploits typing errors (misspellings like "gogle.com"), while combosquatting adds words to a legitimate brand name to create fraudulent domains (like "amazon-deals.com" or "paypal-secure.com"). Combosquatting is often more dangerous because the domains look intentional rather than accidental, making victims less likely to question their authenticity. Both tactics are used for phishing, fraud, and brand impersonation. Combosquatting has become increasingly common because most obvious typos are already registered, and the added words can make the scam seem more legitimate.
What is a UDRP complaint and when should I file one?
UDRP (Uniform Domain-Name Dispute-Resolution Policy) is an arbitration process administered by ICANN for resolving domain name disputes. You can file a UDRP complaint if someone registers a domain that is identical or confusingly similar to your trademark, has no legitimate interest in the domain, and registered it in bad faith. UDRP is faster and cheaper than litigation — typically $1,500-5,000 in filing fees with a decision in 60-90 days. If successful, the domain is transferred to you or cancelled. File UDRP when you want control of the domain itself rather than just a takedown, or when registrar abuse complaints have failed.
Can I sue someone for creating a fake website of my business?
Yes, you can pursue legal action against imposter website operators for trademark infringement, unfair competition, fraud, and potentially cybersquatting under the ACPA (Anticybersquatting Consumer Protection Act). Civil lawsuits can result in injunctions forcing the site down, monetary damages, and recovery of the fraudulent domain. The challenge is often identifying and serving the defendant, as scammers typically hide behind privacy protection and fake registration information. For cases involving significant financial harm, working with an attorney who specializes in intellectual property and cybercrime is worthwhile. UDRP proceedings through ICANN are a faster, less expensive alternative for domain disputes.
How do I find out who is behind an imposter website?
WHOIS lookups provide registrant information, though scammers typically use privacy protection. Check historical WHOIS data through services like DomainTools to find information from before privacy was enabled. Analyze the site's code for developer comments, analytics IDs, or metadata that might reveal the operator. Reverse IP lookups can show other sites on the same server. Look for payment processor information, contact forms, or social media links that might expose the operator. In serious fraud cases, law enforcement can subpoena registrars and hosting providers for actual registrant data. Private investigators specializing in online fraud can also assist with identification.
What is the difference between phishing and an imposter website?
Phishing specifically targets user credentials and personal information — fake login pages designed to harvest passwords, credit card numbers, or identity data. Imposter websites are broader: they may engage in phishing, but also include fake e-commerce sites that take payment without delivering products, sites that damage brand reputation through association with low-quality goods or scams, and sites that simply deceive visitors about who they are dealing with. All phishing sites are imposter sites, but not all imposter sites are phishing. The distinction matters for reporting — phishing should be reported to Google Safe Browsing and anti-phishing organizations in addition to other channels.
How do I prevent imposter websites from appearing in the first place?
Register common misspellings and variations of your domain name proactively. Set up trademark monitoring services to catch new domain registrations similar to yours. Use domain monitoring tools that alert you to lookalike domains. Register your trademarks with the Trademark Clearinghouse for ICANN-accredited TLDs. Implement brand protection measures like verified social media accounts and Google Search Console ownership. Educate customers about your official domain and how to identify it. Consider defensive registrations of your brand name across major TLDs (.net, .org, .co, country codes for markets you serve).
What should I tell customers who were scammed by an imposter site?
Respond with empathy and clear guidance: acknowledge the frustration, confirm the site is fraudulent and not affiliated with your business, direct them to report the fraud to their bank or credit card company for chargebacks, advise filing reports with the FTC (reportfraud.ftc.gov) and FBI IC3 (ic3.gov), provide your official website and contact information for legitimate orders, and document their experience for your own complaint filings. Prompt, helpful responses protect your reputation and turn frustrated victims into advocates who help spread awareness. Consider posting a prominent scam alert on your official site with guidance.
Can Google remove an imposter website from search results?
Google can remove or demote imposter websites through several mechanisms. File a DMCA takedown request through Google's Legal Removal Request form if the site copies your copyrighted content — Google must remove infringing URLs from search results. Report the site to Google Safe Browsing to get it flagged as a phishing or malware site, which adds warning screens and severely reduces traffic. For trademark infringement in Google Ads, file through Google's trademark complaint form. Note that Google removing something from search results does not take down the actual website — you still need to work with the registrar and hosting provider for complete removal.
How much does professional imposter website removal cost?
At The Discoverability Company, we handle imposter website takedowns for a flat fee of around $2,600, which covers documentation, registrar and hosting complaints, DMCA filings, follow-up, and confirmation of removal. UDRP filings, if needed, cost an additional $1,500-5,000 in filing fees. The DIY approach is free but typically takes 20-40 hours of frustrating back-and-forth over several weeks. Most businesses find that professional help pays for itself by resolving the problem faster and more completely — and without the headache.