i like the concept, but the execution is flawed by design, as it basically allows someone to serve any content (including malware [0]) in whichever domain is being used (nowhr.xyz in this case).

[0] i'm using "malware" as a broad term, while mainly referring to phishing.