As recently expired names, you should be aware that they may suffer an array of detriments.<p>Notably:<p>"Pinned" security properties like recursive HSTS may apply until they expire. Even if <i>you</i> have only ever operated <a href="http://clown-photos.example.com/" rel="nofollow">http://clown-photos.example.com/</a> and never <a href="https://clown-photos.example.com/" rel="nofollow">https://clown-photos.example.com/</a> the previous owner of example.com could have set policy saying all names are HTTPS-only.<p>Certificates issued in the Web PKI as much as three years ago for names in these domains may still exist and be valid. In principle some of them might even not be in CT logs. As new owner you are entitled to have those certificates revoked, but to do that you first need to know they exist.<p>Adverse user permissions decisions apply indefinitely. If the previous owner spewed notifications, or had unsolicited video content the resulting adverse decisions by users survive the change of ownership. (The other side of this applies too, if you buy a popular cat video sharing site, you're going to inherit lots of "allow autoplay" type permissions) but that's something you'd probably explicitly plan for rather than being a surprise.<p>White and black lists maintained by third parties may impact you. Whether that's a DNS blacklist that means some PiHoles block your whole site because the previous owner was an advertising network, or a spam blacklist that ensures your newsletter is never seen by its subscribers, that could be a real problem. Some list maintainers are very responsive, others not so much.<p>Speaking of lists, the domain could be on the PSL. Again you can ask to be removed (or indeed added if your planned use would mean the domain should be on the PSL and isn't). But if you don't realise the domain is PSL listed, you'll be astonished that it's impossible to get a Let's Encrypt certificate for *.example.com, or that cookies and frames and other origin-restricted stuff doesn't work as you expect.