What this property was
PropBot Studio presents itself as an AI service shop for real estate: chatbots that qualify leads, CRM automation, an AI proposal generator, content pages and a blog aimed at agents and brokerages. Technically it's one of the lightest properties I run — a static marketing site with multi-language support, plus a single backend microservice so minimal it's almost a koan: a raw Node.js HTTP server, no framework, exposing exactly one endpoint to collect newsletter signups. No database-driven product, no user accounts.…
Evidence recorded in the manuscript
Revenue: zero confirmed. The services were never sold in any volume I can document, the abandoned checkout never processed a real order to my knowledge, and the newsletter list is small. Traffic: modest organic, befitting a content site that got an initial SEO push and then maintenance-tier attention. Costs: nearly nothing in hosting terms — static files and a one-endpoint server round to free.…
The lesson recorded after launch
Dead code is not neutral — it's unguarded attack surface with no owner. The checkout file leaked precisely because it was abandoned: live code gets reviewed, monitored, and updated, while dead code just sits there, still served, still executing, still holding whatever secrets it held the day you walked away from it. Three rules came out of this incident and now apply fleet-wide. Delete dead code, don't strand it — and if you must keep it, quarantine it outside the web root where the server cannot serve it.…