Never buy a .online domain

Posted by ssiddharth 12 hours ago

Never buy a .online domain(www.0xsid.com)

646 points | 405 commentspage 3

eappleby 12 hours ago|

Unfortunate story. It wasn't clear to me that the .online TLD led to Google blacklisting the site. Why did you think that was connected?

dathinab 11 hours ago||

The problem isn't Google Safe Search backlisting the side (I mean that also is a problem, but a very different one).

The problem is the vanity domain registrar Radix using that as a reason to _put the whole domain on hold, including all subdomains, email entries etc._

This means:

- no way to fix accidental wrong "safe search" blacklisting

- if it was your main domain no mails with all the things it entails

- no way to redirect API servers, apps etc. to a different domain. In general it's not just the website which it's down it's all app, APIs, or anything you had on that domain

Google Safe search is meant to help keep chrome users safe from phishing etc. it is fundamentally not designed to be a Authority Institute which can unilaterally dictate which domains are no longer usable at all.

Like basically what Radix did was a full domain take down of the kind you normally need a judge order for... cause by a safe browsing helper service misfiring. That is is RALLY bad, and they refuse to fix their mistake, too.

You normally don't have _that_ level of fundamentally broken internal processes absurdity with the more reputable TLD operators (which doesn't mean you don't have that in edge cases, but this isn't an edge case this is there standard policy).

Avamander 9 hours ago||

At the same time given the already terrible reputation of such vanity TLDs, being this hard on abuse might be the only survivable way.

That's not me saying there shouldn't be a warning and a recourse, but the time-to-profit for domain abuse is really short so anti-abuse actions have to be quick.

NewJazz 7 hours ago||

This isn't being hard on abuse though, this is being lazy and incompetent.

Avamander 6 hours ago||

I'm fairly sure that Safe Browsing's false-positive rate is extremely low otherwise it'd be unusable in Chrome. Which also means that acting on positive results is very likely a correct approach.

NewJazz 5 hours ago||

Safe browsing is meant for websites, not domain names. You really want your registry acting on it and nuking your email services, intranet services, cert renewal automation, et cetera?

NikolaNovak 11 hours ago|||

My understanding from the article is that because the registrar for this domain is using Google safe browsing for their domain suspension, something that a) shouldn't be the case and b) isn't the case for other, perhaps more mainstream TLDs

eappleby 7 hours ago||

Right. Sounds more like a registrar problem than a TLD problem. They should change the article title to "Never buy a domain from Radix"

Aaron2222 6 hours ago||

Radix is the registry for .online, not the registrar they bought the domain from.

nguyenkien 11 hours ago||

The registrar suspense domain because it on Google blocked list. And Google refuse to review the ban because he can't prove he own that domain (because it suspended :D).

nelsonic 6 hours ago||

The first mistake anyone makes is thinking they are “buying” anything with a domain. You’re renting it. And the company you are renting from can arbitrarily push up the price above inflation. NameCheap is good for the basics. But a .site or .online domain is a no-go beyond an MVP/test.

agentifysh 5 hours ago||

Does anybody know any good alternative to Name Cheap? It seems like they keep raising prices on all the domains. Website is very sluggish, especially for finding domains quickly.

mdhen 5 hours ago||

cloudflare is the cheapest - they do it at cost.

agentifysh 4 hours ago||

Wow, thanks. You were right. I Googled and it says Cloudflare is cheaper by twenty-five to fifty percent on renewals. I'm really sick of namecheap. They seem to never stop raising prices. but I'm also I'm kinda wary and afraid of moving domains and losing it.

pocksuppet 3 hours ago||

Cloudflare is doing the enshittification strategy, enticing you now, and then extracting value later. You don't want your domains to be in Cloudflare when they lock the gates. If it's a temporary domain, go ahead I suppose.

themafia 4 hours ago||

The AWS registrar is actually not bad.

trey-jones 9 hours ago||

I'm sorry that the author got bitten by this. But .com purism is funny to me. I only buy GTLDs for personal projects, and I've never had a problem before. But then, I've never bought .online.

palad1n 12 hours ago||

Are there any other TLDs that are of this ilk or are we saying nothing but .com will ever do? Or .org, perhaps?

Macha 9 hours ago||

.com, .org have legacy contracts eliminating the shenanigans they can pull. .org did try get out of restrictions on hiking the price on renewals, but weren’t successful. So all my domains are either .com, .org or the TLD for the country where I live (of course, how trustworthy your local ccTLD is varies)

kristofferR 11 hours ago|||

It's not exactly the same, but a lot of owners of weird TLDs have got hit with insane renewal fees,.hosting went from $20/y to $300/y overnight.

Also, some TLDs directly speculate on having very low prices for the first year or two, then 10x it on year 2 or 3.

ectospheno 8 hours ago||

Buy all 10 years you can when you get the domain. Renew yearly. When they pull silliness like this you have at least 9 years to migrate.

DetroitThrow 12 hours ago|||

I would love a list of Radix TLDs or registrars who do this Safe Browsing ban with no appeal.

Also, go figure Namecheap works with these morons.

bjord 11 hours ago||

from their site (radix.website):

.store, .online, .tech, .site, .fun, .pw, .host, .press, .space, .uno, .website

not sure about other registrars

ranger_danger 11 hours ago|||

The ones used by freenom were particularly abused:

https://prezkennedy.com/2026/01/15/the-free-domain-trap-the-...

> Freenom’s terms of service allowed them to “cancel” a free domain at any time without warning. Users reported for years that as soon as their free site started getting significant traffic (and becoming valuable), Freenom would reclaim the domain and fill it with ads, effectively hijacking the user’s hard work.

palad1n 11 hours ago||

Oh, sh!t, I used to own a .tk! Have no idea what happened to it.

sznio 11 hours ago||

At least for the last few years of Freenom, you could only get a domain for up to a year. Once that lapsed, they parked it and you had to pay to extend it further.

kotaKat 11 hours ago||

Some of these TLD also get thrown under weird arbitrary blacklists by security vendors.

Sorry, can’t buy a frame.work laptop because that’s a “Malicious TLD”, according to the folks at ZScaler.

inigyou 11 hours ago||

[dead]

blenderob 11 hours ago||

Why was the domain blacklisted though? What can we do to prevent blacklisting in the first place?

xp84 11 hours ago||

Most definitely nothing, as no sentient humans are probably involved in the process except possibly malicious people that report a site in bad faith.

voidUpdate 11 hours ago|||

If the domain is being given away for free, it will be used a lot for scams etc, so a lot of systems will just start blocking it immediately. When I got my first domain, I used one of the free TLDs and my university blocked it completely due to it being a scam. Not for any of the content on it, just the TLD being commonly used by scammers

zadikian 10 hours ago||

Probably cause of things like "southwest.online"

otterley 11 hours ago|||

That’s my question. I’ve launched many fresh websites that have not been marked as unsafe by Google. If they were habitually doing this, there would be far more reports of it.

I suspect there is something the author is not telling us.

bilkow 9 hours ago||

Even if the false-positive rate is very small (e.g. 0.01%), you probably won't be affected, but more than a hundred thousand of websites would be and that would still be an issue. I have no idea how big is the false-positive rate.

There are many of reports of the same happening to other sites, some of the top ones (you can find many more by searching HN for "google safe browsing"):

- https://news.ycombinator.com/item?id=33526893

- https://news.ycombinator.com/item?id=25802366

- https://news.ycombinator.com/item?id=45675015

nguyenkien 11 hours ago|||

From false alarm to something previous owner did. Remember domain is recycled.

ssiddharth 11 hours ago||

The domain has no history as far as I could search and the site was up for almost 6 weeks with no issues before it was nuked. I used it with Apple's review process!

kccqzy 11 hours ago||

The big scary red warning page should at least tell you it’s phishing or malware or something else. OP didn’t have a screenshot of that. You can easily go to a safe browsing test site yourself at testsafebrowsing.appspot.com and find that Google does divulge the category of the blacklisting.

OP says:

> no gore or violence or anything of that sort

That’s not even the right criteria. OP is confused about Google Safe Browsing vs Safe Search.

ssiddharth 10 hours ago||

I just wanted to cover all the bases. The site has one outgoing link to the App Store and 3 screenshots.

kccqzy 10 hours ago||

That sounds like a competitor of yours manually submitting your site to Google for “impersonating” them or something. Anyone can submit URLs to Google to suggest it be blocked: https://safebrowsing.google.com/safebrowsing/report_phish/ Perhaps some overworked underpaid analyst had a lapse of judgement. I’m sorry that this happens to you.

Imustaskforhelp 9 hours ago||

wait, this actually makes things sound even worse because anyone who might not like your product can add it to google and google can sometimes be none the wiser and then add it to phishing link which could then lead to their domains (ie. any TLD's hosted by radix.website) being lost in void essentially unless you have verified the domain in google analytics and even then I would consider this whole situation to be so messy.

At this point, NEVER buy any radix.website TLD domains.

I am seeing pinggy had the same issue with their .online domain and this actually definitely caused hurt to their business https://news.ycombinator.com/item?id=40195410 (I saw this post from their comment in here referencing it)

MattSayar 9 hours ago||

Took me a minute to realize Sid isn't associated with 0xide.computer. Clever domain name!

Getting Google to index my personal site has been a pain. Every other search engine works fine, but ever since I switched the images on my site to .webp (a format created by Google!), my site's content just doesn't get indexed anymore. I've given up since web search traffic matters less and less these days with LLMs, and it only really bothers me when I'm trying to search for my own articles.

ssiddharth 7 hours ago|

Ha, thank you. I spent more time than I'm willing to admit to come up with it.

I use my older, much longer domain for email and identity (it used to be #3 on SERP for "Sid"). This one is just for giggles so I can blog in peace without affecting the main one.

bhartzer 7 hours ago||

Are you 100 percent certain that the domain name wasn't registered before and then got on the blacklist because of prior misuse?

It's quite possible that the domain you chose was registered previously and dropped because the previous owner misused it and burned that domain. The .ONLINE extension has been around for several years now.

ssiddharth 7 hours ago||

I can't be 100% sure but googling showed nothing. My site was up for almost 6 weeks with no issues. I used the domain for Apple's review process too. No issues at all.

NewJazz 7 hours ago||

I feel like google should be sophisticated enough to tell when a domain has expired and gone up for auction/resale?

atleastoptimal 4 hours ago|

Domains are signaling. If you have a .online domain you are signaling you can't afford the equivalent .com domain. All the TLD annoyance is a consequence of the lack of status pressure ameliorating the experience of those domain holders (in the same way you never see public health crises in rich neighborhoods)

NewJazz 4 hours ago|

If you have a .online domain you are signaling you can't afford the equivalent .com domain.

Or don't want to pay a $2k ransom to a name squatter... For some businesses that is a rounding error (saas, other high volume high margin stuff), but for small businesses like restaurants or event planners, spending that much on a domain name would be foolish.

More comments...