Real case: how a creator lost their .com in 8 minutes and what we learned

This is a real story, anonymized. We will call her Mara. In April 2026 she went from “I should probably register my .com someday” to “my .com is registered to someone else who is asking $4,800 for it” inside an eight-minute window. The interesting part is not what she did wrong. The interesting part is what would have stopped it for almost no money.

The eight minutes

Here is the actual sequence, reconstructed from Mara’s screenshots, the WHOIS history, and the registrar logs.

• 18:42 (UTC). Mara goes mildly viral on a TikTok reposted by a larger account. Her handle picks up about 600 new followers in two hours.
• 18:58. A handle-watcher’s automated tooling fires. It checks mara<lastname>.com, sees it is unregistered, and queues a batch buy across .com, .net, .shop, and .store.
• 19:01. The squatter’s account at a low-cost registrar completes registration of mara<lastname>.com for $11.99.
• 19:06. A second batch-buy completes for .net, .shop, and .store.
• 20:14. Mara, that evening, decides to register the .com. She types it into Namecheap. The price field shows “Make Offer” and a redirect to a broker.
• 20:14 plus a few seconds. The broker emails her: $4,800. They will negotiate.

The window that mattered was the eight minutes between her TikTok being reposted and the squatter’s batch completing. She did not lose because she was slow. She lost because she did not have the registration in advance.

I assumed I had time. I always assumed I had time. The TikTok wasn’t even mine, it was a repost. By the time I sat down to grab the domain, four of them were gone.

Why creators are targeted at this size

A common assumption is that domain squatting only goes after big creators. The data shows the opposite at the bulk level. Squatters use cheap automation against thousands of mid-tier handles per day. Each hit costs them under $15. Each successful resale clears $400 to $5,000. They do not care if you are small. They care if your handle has any momentum at all, because momentum signals “this person might pay to get the domain back”.

The threshold seems to sit around 2,000 to 8,000 followers, depending on niche. Tech and finance handles get scraped earlier. Lifestyle and fashion get scraped a bit later. Once you cross it, every viral moment is also a buy signal for somebody you do not know.

What Mara did next, and what worked

Three options. We will rank them by what worked for Mara.

Option A: pay the broker

She did not. The $4,800 quote sat for six weeks. The squatter’s automated counter-offer system reduced it to $1,800. She declined. The domain is still parked.

Option B: file UDRP

Mara owns a small business under her name. Her business name predates the domain registration, which gives her a Uniform Domain-Name Dispute-Resolution Policy claim. She filed. The cost was $1,500. The timeline was 90 days. The outcome was a successful transfer at day 78. Total spend: $1,500 plus three months of waiting and energy.

Option C: rebrand the domain side

Some creators in this situation move to yourname.co, yourname.me, or the platform-relevant TLD that is still free. Mara registered mara<lastname>.co and mara<lastname>.shop immediately, and used .shop as her primary store URL. She told her audience the new URL via a pinned post. Conversion did not measurably suffer because she made it part of her brand-evolution story.

The minute-by-minute defense

Here is what would have stopped the eight-minute window.

1. Register the .com whenever you decide the handle is real. That is the one bet that always pays. Cost: $12.
2. Register the next four TLDs by priority. Per the 12-TLD priority guide, that is .net, .co, the platform-relevant one, and .xyz. Cost: roughly $90 per year.
3. Set the lookalikes to redirect to your real URL. Even a 301 to your Instagram is enough. The point is denial, not utilization.
4. Re-run the exposure scan quarterly to see if any of the still-free ones got registered by anyone hostile.

The total annual cost of this defense for a creator who does not yet have a .com is about $100. Mara’s spend after the fact, including the broker time, the UDRP filing, and the brand-evolution explanation, was an order of magnitude higher. Not counting the time.

What if your .com is already gone

You have options:

• Buy it back via broker. Realistic price range: $500 to $10,000. Higher if the squatter senses urgency.
• File UDRP if you have a trademark or business name claim. $1,500 to $4,000 in fees, 60 to 120 days, no guarantee but high success rate when claim is clean.
• Rebrand to the next-best TLD. .co is the most common pivot. .me and the platform-relevant TLD are valid. Pair the move with the rest of the 12 TLD set so it does not happen again on neighboring TLDs.

What we are doing differently because of cases like this

Dominguard’s Basic plan exists in part because the eight-minute window keeps repeating with different names. We register all twelve in your name, set redirects, renew them annually, and run the exposure scan continuously so you do not have to remember to. The point is not to add another tool. The point is to make the question “did I register that yet?” obsolete.

Where to go from here

• Run the 30-second domain check for your handle. See your exposure right now.
• Read the typosquatting playbook to understand the four shapes the next attempt will take.
• If you are deciding which TLDs to defend in what order, the 12-TLD priority guide is the right reference.