Automating domain drop catching with Python

Has someone ever ‘taken’ your expired domain or has someone forgot to renew it ever, and then somone ‘took’ it? Unless you’re a celebrity or you’ve very strong trademark product, chances are that either you’ve to pay a large sum of money to the current owner of the domain, or wait for the domain to expire.

Waiting however is dumb because people can’t dedicate all their time to just monitor status of a single or multiple domains.

This is why I came up with an idea about catching domains with Python scripts. Domain “drop catching” isn’t a new thing at all however and many companies do it already for money, and some registrars allow this practice by default.

About domain status codes in whois-information

You can skip this if you know this stuff.

The common rule for international domain names (not country specific, like .fi and .se) is that the domain expires and is expired for ~30 days, then goes to ~30-45 day redemption time and after that the domain enters “pendingDelete” status for ~5 days.

To catch a domain without paying extra to someone, you want to see this pendingDelete -status in the domain you’re looking for. This requires that the current owner of the domain has failed to renew it or has given up hope that you’ll be paying lot’s of money for the domain one day.

To see this status you obviously need to be aware of the current whois-information of the domain. Query can be done quite simply:

This domain is obviously renewed and functional

Actual code and examples

So here is the code, embedded below at Gitlab, but what does it do? It’s actually quite simple. You run it from the crontab. I run mine every 15th minute:

0,15,30,45 * * * * /usr/bin/python3 /path/to/

If you’ve trouble with crontabs, I recommend this ‘crontab guru‘ service for future reference.

It has 4 main functions. whoisLookup takes care of whois-lookups. It connects to the whois server defined in whois_host variable at port 43 and performs whois-queries, and takes the data back for very ‘smart’ analysis which you’ll see soon.

Whois host can be found by running a whois-command directly against the TLD e.g. with whois tool: “whois com”.

Since we’re waiting for the domain to be purged from registry, we’re looking for a string that appears in the whois information when the domain does NOT exist. If it’s a .com domain, it should start with “No match”, e.g:

“No match for domain “DSSFDSFSDF.COM”.”

So we set our search_string as “No match”. You can find these strings by querying for nonexistent domains.

If the domain still exists when the code runs, we try looking it up later. When it does not, it’s free to be registered obviously.

This leads to sendNotify function. It uses Pushover to send push notifications directly to the phone, which is nice.

Pushover is also quite an affordable service so I’m using it for this purpose. You’re free to rewrite the notification function or remove it if you want of course, but there it is.

While the code is running, almost everything mentionable is logged into the log file defined in variable log, which gets timestamps from getStamp because I was lazy.

Because at this point we’re sure that our domain is free, we try taking the domain back with captureDomain -function. I’m using Namesilo because it’s API reference is simple and their prices are nice. I would have used Porkbun for this purpose but it seems they don’t have an API at the moment or I’ve not seen it yet.

The registration process is done with simple POST request. If we get a successful registration from Namesilo with code 300 according to their API reference, we know that our registration went really well! That means another notification to be sent to the phone:

Pushover app containing Namesilo API response to our request

Other codes than 300 don’t mean success so I’ve not implemented more error handling. After these notifications, a lockfile is created to prevent accidental running of the script again and again against the API, defined in the failsafe.

Lockfile also contains the contents of the API response (after a successful registration) and the logfile just states that the code has been successful on registering a domain. At this point you should remove the script from crontab and use auto-renew on your domain from now on, keep whois-information up-to-date and read all the emails sent by your registrar.

PSA: Pay attention to your account security in Namesilo, enable 2FA, enable access only from servers you trust and treat the API key like a password. I’m not responsible for your financial failures if you do something dumb.

Enjoy! TLDR; Stay safe, read the API reference, go through all the variables before using the code in production and test before deploying.

Leave a Reply

Your email address will not be published. Required fields are marked *