Today, I bought a domain, and I have some ideas for what I want to do with it. After buying, I pointed the nameservers to Cloudflare, used their DNS to point the domain at my server, and enabled email forwarding with a catch-all. I then checked the Wayback Machine to see what it had saved from the past. A few hits, but they all had errors. That's unfortunate, because one of my ideas was to re-host what used to be there.
I used to use this domain, as a user not an owner, a long time ago. For my privacy, I won't be sharing who or what this domain belonged to. The domain became deprecated, and eventually fell back into circulation in 2019. A couple months ago I noticed it was available, and considered buying it, but decided against it.
Tonight, I made a late-night decision, and registered it. After all the registration formalities had been completed, there was one thing I was curious about. HIBP offers a domain search feature, that I use on this domain to automatically get an email if one of my addresses gets compromised. I decided to check how many users of this domain had been hacked.
I went through the process of verifying ownership of the domain, and then was faced with a paywall. That's odd, since this domain doesn't need one. I wonder why the new site does...
Uh oh... 55 breached accounts. If I want to get a look at that, it's $19/month. And then what am I supposed to do after that? I can reach out to the entity who originally controlled the domain, but I'm almost certain that they'll be uninterested. These are decade+ old email addresses that nobody uses anymore. My curiosity will get the best of me usually, but I hate spending money more than I like getting my questions answered, so this case will go unsolved for the time being. At the very least, this isn't some limited thing like the domain was, where anyone could snatch it up before me. I can always return to HIBP and buy access if I'm ever flush enough with cash to be willing to spend $190/yr on breach alerts.
I woke up this morning with dozens of emails. All from the same sender, actually. They were all reminder emails that XYZ account would be deleted in 90 days, and I was receiving them for all the accounts for the sender's platform that used to be on my new domain. This has made me realize that email domain takeover has got to be one of the most potent forms of account hijacking, since I now have access to a previously trusted email address for a large number of accounts.
That said, I know that nobody still uses these accounts, and I have no plans of actually hijacking them. On the off-chance that somebody does want to receive an email sent to their old address, I made the placeholder webpage have my email so that they can contact me. I don't expect anyone to actually do it, but I might as well give people a path to account recovery if they ever do need it.
Something else interesting is that I was able to log into my old Google account, and all my files are still there! I wonder who is paying the bills on it...
I entered my old password, and they sent a verification code to the email. This got routed by Cloudflare to my personal inbox, and I was in! I used Google Takeout to save a backup, and everything there just worked! I was considering trying to log into the admin panel, but I feel like it's better not to touch that, lest I become the one who the Google Workspace bills are sent to.
I was sitting around, unsure of what exactly to do with this thing, when I had an idea: Just because the Wayback Machine didn't have a copy doesn't mean the former domain owner doesn't.
To be continued, maybe.