Best practices Domain monitoring

The Invisible Threat: Understanding Domain Hijacking and Its Consequences

Did you notice when we announced the new domain expiration monitoring feature? Read on to see how it might come in handy to you.

Domain names are the equivalent of real estate.

But the right domain name can also be a money powerhouse.

You probably paid as little as $20 for your domain name, but the biggest names out there cost a lot more than that.

The most expensive domain name acquisition to date was the purchase of “” in 2014 by Gannett, in a deal that valued the domain at a whopping $872 million.


Trailing behind are:

  • ($49.7 million),
  • ($35.6 million),
  • and ($35 million).

Shocking, isn’t it?

With such huge value, it’s no surprise that domain hijacking has become a significant threat — a threat often overlooked but capable of causing immense damage if not dealt with promptly and correctly.

Understanding Domain Hijacking

Domain hijacking (also known as domain theft or domain slamming) is just what it sounds like — the takeover of a domain name from the rightful owner.

So, how common is domain hijacking?

Although obtaining concrete figures is challenging, the World Intellectual Property Organization (WIPO) handled over 7000 cybersquatting cases in 2022.

The number of cases filed to the World Intellectual Property Organization has increased, especially since 2012, when there were around 2900 such disputes.


As a general rule, hijackers tend to target domains that are either financially or strategically valuable.

➡️Financially valuable domains include short, one-word domains or those containing popular or industry-specific keywords. The and examples mentioned above are great examples.

➡️Strategically valuable domains, on the other hand, are more about the value of taking over the website of successful businesses or organizations. For example, hijacking a major online retailer’s domain during peak shopping season could cause significant revenue loss for the original owner and huge financial gains for the hijacker.

What makes a domain valuable?

✅ Has traffic
✅ Search friendly
✅ Niche relevant
✅ Brandable
✅ Popular TLD
✅ High SEO authority
✅ Generates income

The Mechanics of Domain Hijacking: A Deeper Dive

Hijackers can use many different tactics to take over a domain, including:

  • phishing
  • exploiting security vulnerabilities
  • drop-catching expired domains
  • brute-force attacks


Phishing attacks are one of the most common ways a hijacker can gain access to a domain, perhaps because it’s so simple.

All a hijacker needs to do is send deceptive emails to the domain owner, pretending to be from the domain registrar or another trusted source.

These emails often contain links leading to fraudulent websites — and once the domain owner enters their login credentials, the hijacker can easily capture them.

Security Vulnerabilities

Security vulnerabilities in the domain registrar’s system can also serve as an avenue for domain hijacking. According to a report by Palo Alto Networks’ Unit 42, phishing and software vulnerabilities cause nearly 70% of cyber incidents.

If the domain registrar you used has weaknesses, a hijacker can break in and alter a domain’s ownership details or redirect the domain to a different server.

TIP: PentaSecurity has shared detailed infographics about vulnerability trends.

Domain Expiration

Another prevalent method for hijacking is related to domain expiration or ‘drop-catching’.

When a domain isn’t renewed before it expires, it becomes available for anyone to register — and this is when hijackers can snatch them within seconds of becoming available.

You can easily avoid this with Domain expiration monitoring from UptimeRobot.

Start monitoring domain expiration

Brute-force Attacks

Although less common, brute force attacks are also a possibility. This technique involves an attacker systematically attempting all possible password combinations until they find the correct one.

Source: CircleID

Proactive Steps to Safeguard Your Domain

As the saying goes, “Prevention is better than cure,” and the same rings true for securing your domain.

A strong defense involves a combination of robust security and privacy measures, as well as constant vigilance. Regularly maintaing your website is a must for online businesses.

Here are some of the most effective strategies that can serve as barriers against potential hijackers:

Employ strong, unique passwords

How secure are your passwords?

According to a 2021 National Cyber Security Centre report, “15% of the population used pets’ names, 14% use a family member’s name, and 13% pick a notable date” as their password.

Even worse, 6% of people are still using the word “password” as their password.

To prevent cybercriminals from breaking into your accounts, use a strong, unique password instead — ideally by combining upper and lowercase letters, numbers, and symbols.

You can also use a password manager to generate and store complex passwords for you.

Source: HIveSystems

Keep domain registration information private

When you register a domain, your information (name, email, and address) is automatically added to the WHOIS directory — and this can make you a target for domain hijackers.

To lower your risk, you can opt to pay for “domain privacy,” which replaces your personal information with the information of a forwarding service and protects your identity.

Enable Two-Factor Authentication (2FA)

Two-step verification through SMS text messages can stop 100% of all automated attacks, 96% of bulk phishing attacks, and three-quarters of targeted attacks.

Source: Google

This is because even if a hijacker manages to acquire your password, they would still need the second verification factor (like a unique code sent to your mobile device) to access your account — making it almost impossible to break into your accounts.

Lock Your Domain

Most registrars provide an option to ‘lock’ your domain.

This feature prevents any changes to the domain’s ownership or name server information without your explicit approval.

Simply put, it means nobody else but you can transfer or make modifications to the accounts connected to your domain.


Monitor domain expiration

When a domain expires, it goes into something known as “domain drop list,” where somebody else can find it and buy it.

According to The Daily Swig, “Cybercriminals can easily use dropped domains for any attack vector that exploits an organization’s identity, such as account takeovers or phishing campaigns that leverage false business invoices.”

As an illustration, let’s consider a popular gaming company that inadvertently fails to renew their domain ‘’.

Opportunistic attackers could seize the domain and create a deceptive website mirroring the gaming company’s legitimate site.

However, unbeknownst to users, every download link on this fake website conceals malicious files, leading to potential security risks for unsuspecting gamers.

TIP: You can track your domain expiration with UptimeRobot — and receive alerts 30, 14, 7, and 1 day before the domain expires. This gives you enough time to prevent disasters and protect all your domains from falling into the wrong hands.

The Aftermath: Why Hijacked Domains are Hard to Recover

Recovering a domain that was hijacked can be a complex and frustrating process.

Unlike physical property, digital property ownership isn’t always clear-cut and many registrars lack robust mechanisms to handle domain disputes.

There’s also the issue of international rules and regulations — it’s basically impossible to take back a domain from somebody on the other side of the world.

As a report published by Huffington Post accurately points out, “When hackers steal a web address, few owners ever get it back.”

A good example of this is what happened to the owner of the website

The domain was originally purchased in 1997 for a modest $600, but by 2014, it was valued at $47,000. That is, until somebody hijacked the domain.

Despite the original owner’s efforts (which included filing a lawsuit against the Russian hijacker), the domain was never recovered.

As of 2023, it is available for sale for an impressive $125,000.

Infamous Examples of Domain Hijacking

Anybody can be a target for domain hijacking, but high-profile organizations are at a higher risk simply because their domains are worth a lot more money.

Here are some crazy examples of domain hijacking you won’t believe are real.

One of the best-known cases of domain hijacking dates back to the early days of the Internet.

It was 1995 when a hijacker stole the domain from its rightful owner and used it to operate a pornography site.

It took several years before a U.S. District Court would order the hijacker to return control of the domain and pay the original owner a $65 million judgment.

Just in case you were wondering, the hijacker didn’t pay and instead chose to run. He was finally arrested in 2005.

In 2011, cybercriminal Daniel Goncalves became the first person ever to go to prison (for five years) for domain name theft.

Goncalves had stolen the domain name (which stands for “peer to peer”) and sold it via eBay for over $100,000 to NBA basketball player Mark Madsen.

Funnily enough, Goncalves had stolen the domain the old-fashioned way: by hacking into an AOL email account and copying the login and password details for the Godaddy account where the domain was registered.

In 2015, the domain name for Google’s search engine in Vietnam was briefly hijacked and redirected to a website showing a Caucasian man holding an iPhone promoting cyberattack tools.


The official website for Perl (dedicated to Perl programming, news, and culture) was briefly hacked in 2021 and pointed to a site associated with malware campaigns.

Perl was able to recover the domain after a few months, but the company later explained that the damage had been long-lasting, adding that “various security products had also blacklisted and some DNS servers had sinkholed it.”

A Few Last Words

Domain hijacking may be an invisible threat but it’s a very real one — but by staying vigilant and employing security best practices, you can protect your digital real estate from falling into the wrong hands.

Essential preventative measures are:

  • Crafting strong
  • unique passwords
  • keeping registration information private
  • enabling two-factor authentication
  • locking your domain

You should also take advantage of monitoring tools like UptimeRobot to keep an eye on domain expiration so hijackers don’t have a chance to pounce as soon as a domain becomes available.

Written by

Copywriter | LinkedIn

Diana Bocco is a writer specializing in turning SaaS jargon into snappy, marketable content. As a freelance writer and copywriter, she's teamed up with some of the coolest brands in the SaaS, B2C, and marketing sectors, including UptimeRobot. Diana's specialty? Taking a brand's story and expertise and shaping it into content that drives traffic, generates valuable leads, and builds a tight-knit community.

Expert on: DevOps, Domain monitoring, Keyword Monitoring, Ping Monitoring, Port Monitoring, SSL Monitoring

Our content is peer-reviewed by our expert team to maximize accuracy and prevent miss-information.

Fact checked by Tomas Koprusak

Product Owner | LinkedIn

Tomas Koprusak is a Product Owner at UptimeRobot. He has a rich history in similar roles at global IT powerhouses like IBM, where he started as a developer and moved to a Product Manager position, working with EMEA clients and colleagues from the US, Brazil, and China.

Leave a Reply

Your email address will not be published. Required fields are marked *