from Hacker News

Show HN: Browse recently expired, pronounceable domain names (Part II)

by TheMask01 on 7/1/20, 6:48 PM with 66 comments

  • by TheMask01 on 7/1/20, 6:48 PM

    Ha. So here it goes I guess, I’ve been working on this pretty consistently for too long now (backend mainly).

    Inspiration for the project was based off one I made over half a decade ago. And I gratefully got recognized on HN for it! I saw (my) username that posted it, tried a few of my go-to password ’s, and boom, I still got it :)

    Here was the thread for a trip down memory lane https://web.archive.org/web/20160322215116/https://news.ycom...

    And the new one is called DecentDrops.com - Would have totally used DomainInferno again but looks like some squatter had it, hey that’s what I get for neglecting I guess. Still not sure why.. Updated daily. Sorry I’m bad about rambling and don’t want to do a (bigger) wall of text but if you’ve got questions shoot em!

  • by tialaramex on 7/2/20, 1:05 AM

    As recently expired names, you should be aware that they may suffer an array of detriments.

    Notably:

    "Pinned" security properties like recursive HSTS may apply until they expire. Even if you have only ever operated http://clown-photos.example.com/ and never https://clown-photos.example.com/ the previous owner of example.com could have set policy saying all names are HTTPS-only.

    Certificates issued in the Web PKI as much as three years ago for names in these domains may still exist and be valid. In principle some of them might even not be in CT logs. As new owner you are entitled to have those certificates revoked, but to do that you first need to know they exist.

    Adverse user permissions decisions apply indefinitely. If the previous owner spewed notifications, or had unsolicited video content the resulting adverse decisions by users survive the change of ownership. (The other side of this applies too, if you buy a popular cat video sharing site, you're going to inherit lots of "allow autoplay" type permissions) but that's something you'd probably explicitly plan for rather than being a surprise.

    White and black lists maintained by third parties may impact you. Whether that's a DNS blacklist that means some PiHoles block your whole site because the previous owner was an advertising network, or a spam blacklist that ensures your newsletter is never seen by its subscribers, that could be a real problem. Some list maintainers are very responsive, others not so much.

    Speaking of lists, the domain could be on the PSL. Again you can ask to be removed (or indeed added if your planned use would mean the domain should be on the PSL and isn't). But if you don't realise the domain is PSL listed, you'll be astonished that it's impossible to get a Let's Encrypt certificate for *.example.com, or that cookies and frames and other origin-restricted stuff doesn't work as you expect.

  • by wtracy on 7/2/20, 4:17 AM

    You know, someone needs to make an Iron Chef styled reality TV show where teams of web developers are each handed a random recently-expired domain name and challenged to make a viable service that fits that domain.

  • by TheMask01 on 7/1/20, 10:22 PM

    If anyone's wondering why the results started looking a tad more strange (and higher rate of unavailable domains on the list), it's because todays list was just processed over the course of the past. ~20min. Have some jobs spread out a little to be nice to the server and inconsistencies.

    For the next who knows maybe hour or so, from this minute actually, you'll probably notice a few more than average domains one the list are already taken. Don't worry i've got my best robot people on it

  • by iampims on 7/1/20, 7:48 PM

    This is neat. After browsing for several pages, I'm yet to find something that is a decent name.

    In a similar space, I really like https://park.io

  • by shange on 7/1/20, 8:35 PM

    R.I.P. cryingbitches.com, gone before I even knew her

  • by totetsu on 7/2/20, 4:31 AM

    I remember seeing a hacker talk about picking these domains up and setting up an MX record to collect emails meant for the past registrar. .. Including 2FA and passwords resets if I recall correctly..

  • by eganist on 7/1/20, 8:31 PM

    Thanks for this, found a diamond in the rough.

    Good on you for restricting people from sending "4" or less for the character count; I'd probably hide that too and use that for my own needs in your position, though it only raises the barrier from opportunistic searchers to people with a mild amount of curl/grep knowledge.

  • by xkuc on 7/1/20, 10:04 PM

    Thanks for the service! I found a decent 4-letter that I can use as a pseudonym for political blogging now ;) Grade A!

  • by zeveb on 7/1/20, 7:50 PM

    a) Really awesomely cool!

    b) Kinda sad to read all those names and think that someone once thought, 'hey, this could be my baby.' Sure, I imagine a bunch of them were just hoovered up by domain squatters, but at least a few of them are failed sites, right? … right?

  • by chrisjarvis on 7/2/20, 4:21 AM

    Hmm what business could be built around havecheesewilltravel.com?

  • by y42 on 7/2/20, 12:44 PM

    Really impressive, and de-motivating for me! :) I was working on something similar as a side project. The only information that was not easy to get, because it was not delivered with every DNS request, is the "expiration date". How did you manage to get it? Or even more interestingly: Are you willing to give some insights, how you realised it?

  • by jlgaddis on 7/2/20, 12:36 AM

    Anyone have recommendations for a nice and easy, "no BS" site for selling a domain? Or even some "we'll (try to) sell it for you and take a commission" type of place?

    I've got one domain that I think I could actually sell for a decent price, but I just really don't wanna deal with it...

  • by gbmor on 7/1/20, 11:23 PM

    After browsing the list for a bit, I really wish I had a use for haterade.org

  • by ComputerGuru on 7/2/20, 12:07 AM

    Nice site! Just from a UX perspective, I’d advise against a modal dialog within a second of landing on the page. Consider a dismissible header for the introduction instead.

  • by tkjef on 7/2/20, 3:57 AM

    I have sem.fyi available and several other nice 2-3 letter .fyi domains at https://rad.fyi

  • by etxm on 7/2/20, 10:24 AM

    ButtholeDragon.com

  • by andrefuchs on 7/1/20, 7:31 PM

    Useful service, congrats on the launch. Do 4 character domains basically never drop or why is the minimum length 5?

  • by anirudhmurali on 7/1/20, 9:28 PM

    Is it possible to add a column with the Page Rank or Domain Authority of the particular domain?

  • by pdxandi on 7/1/20, 8:24 PM

    This is great, but most of these don't seem that pronounceable to me.

  • by mkl on 7/1/20, 11:08 PM

    knotso.com seems like a very clever name for a knot-tying instruction site or game. I'm not going to make one though. Anyone keen to?

  • by goatherders on 7/1/20, 11:24 PM

    Awesome.

    I just registered (majorsportsapparelmaker)golf.com

    And yes, they make golf shoes and apparel.

    So that's fun.