Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 906
  • Last Modified:

Myterious message: "The Giraffe Dropcatcher System" appearing on webservers

Today I was trying to get to a website but mistyped the domain name to end in ".coj". I got a page with plain text on it reading "The Giraffe Dropcatcher System". There is no country with the extension ".coj"! What is returning this message? I remoted into my work machine and got the same message so it's obviously not tied to my ISP. It happens with any domain ending in ".coj"

Googling "The Giraffe Dropcatcher System" brings up an LJ entry by a bloke with a similar discovery, but with the domain extension ".cmo", which again doesn't exist. Peculiar. Any ideas?
0
rgford
Asked:
rgford
  • 6
  • 5
  • 4
  • +6
7 Solutions
 
ridCommented:
Look in the address field of your browser - what does it say?

My guess is that this is locally generated. Most browsers have some kind of way to notify you of misspelled URLs, perhaps some nice add-on has nested in your browser...
/RID
0
 
rgfordAuthor Commented:
rid:  "I remoted into my work machine and got the same message " would indicate this is not the case. Have since tried some other machines, same thing.

The address field retains the web address - why don't you try it yourself?
0
 
Booda2usCommented:
Sorry rgford, but when I try it all I get is "Page cannot be displayed".   Booda2us
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Booda2usCommented:
Google says nothing matches.......Is your google better than mine?
0
 
rgfordAuthor Commented:
damn! I know people are often not very loathe to admit to having parasites on their machines, but unless the same thing has infected every machine at my work, plus clients' machines and my home ones, it's unlikely! Baffling what it could be.
0
 
☠ MASQ ☠Commented:
Talk to the people who admisiter your DNS servers, sounds like this has been put in by someone as a 404 error trap
0
 
ridCommented:
Do you get any kind of URL in the address field when this page displays?
Possibly this could be a sort of "catch-all" that is taking care of failed DNS lookups (which this invalid URL would constitute) and the current DNS server just passes on the request to this page. By locally I meant in the local machine and I just failed to register the part of "remoted into...", sorry.
/RID
0
 
ridCommented:
...oh, and I did try it... just get the usual "server not found" stuff, somewhat different but basically the same thing in 3 different browsers.
/RID
0
 
rgfordAuthor Commented:
sorry rid, didn't mean to come over like that - just plenty of people who never read questions properly, I get too used to it.

Looks like it might be something with BT then? (only common thing between machines). I manage the DNS at two of the sites, and can't rememebr anything myself!

Maybe it shall be left unsolved..
0
 
JohnnyCanuckCommented:
Its undoubtedly some kind of government internet usage spying software that hiccupped when you mistyped the url.
0
 
ridCommented:
I guess your local DNS servers aren't authoritative for unknown URL's, so the request will go out to a higher level, probably at your ISP. You could actually get something by asking them... :)
/RID
0
 
moorhouselondonCommented:
There is a company called:-

www.giraffe.co.uk

who register names.  If the name is registered it can be back-ordered at:-

http://www.dropcatcher.co.uk/

At first I thought these two companies were connected, which would explain things, they aren't, but nevertheless the terminology is relevant.

I would say that this (as has already been mentioned) is a "catch-all" way of "rescuing" failed searches so that a company can flog you a domain.
0
 
rgfordAuthor Commented:
I guess so. thanks for the answers - MoorHouse, you seem to be onto something there! Two things confuse me though, and are behind why I bothered posting a question - firstly, the extensions we are talking about here *don't exist*. How can a company have registered a catch-all with every single extension for .coj and .cmo...? The only way I thought that was possible was if you had client software installed to pickup extra extensions which, as reaonsed earlier, I can't see any evidence of. The second thing ios more minor - just that if it is a method of catching visitors, why not have it point to something!? It's clearly not working very well!
0
 
ridCommented:
I would have thought that you couldn't register anything but accepted extensions, so it would be very interesting to know at which level the "catchall" operates... If it is at DNS level, it shouldn't be too difficult. The extension list is finite, after all, and anything that fails to match there could be dropped into a catchall, which in turn could be set to operate on some of the letter combinations that fall through. Pure guesswork here and the big idea totally escapes me.
/RID
0
 
moorhouselondonCommented:
NetworkSolutions tried to do this a while ago, but decided not to after adverse comment - admittedly this search was done within the same TLD, what you are seeing is redirection of non-existent TLD's.  Some third party in the chain (perhaps BT?) is tinkering in this way.

http://www.icann.org/topics/wildcard-history.html
0
 
Booda2usCommented:
It's probably that "Blue Pill" malware.....undoubtedly unleashed to monitor and hijack your network, steal all personal/corporate info from everyone...
0
 
andyalderCommented:
What are your DNS forwarders set to? If we know that we can have a poke about and see what they return for non-existent TLDs.
0
 
Jared LukerCommented:
Does it do the same thing in IE and Firefox (or opera or......)
0
 
rgfordAuthor Commented:
Yes, same with other browsers.

RID, seems about right. In the ICANN page you posted, moorhouse, doesn't this just refer to domain names, not extensions?
0
 
☠ MASQ ☠Commented:
What happens if you flush your DNS cache?  (or if people are connecting via a proxy internet server the DNS cache there?)
0
 
andyalderCommented:
The ICANN doc is about Verisign who look after the gTLD servers but to get to xxx.cmo you don't go to the gTLD servers but to the root servers and they would not return anything except non-existent domain so as moorhouse said it has to be BT that's doing it which is why we need your customers' DNS forwarder settings.
0
 
moorhouselondonCommented:
Andy has a good idea there.  To get at the info that he is asking for, I believe you need to do the following:-

At the DOS prompt, type :-

IPCONFIG /ALL

This will tell you which DNS servers your pc is using to resolve "anything.com" to a dotted IP address.  With that info, we can use the same DNS servers to see whether we get the same results as you.  

Alternatively if you wanted to free yourself of giraffe dropcatcher syndrome, you could change your DNS settings away from what they are at present (they may well be assigned "automatically", but you can force them by specifying them, then checking using IPCONFIG /ALL to make sure you have saved the info properly), so in Network Connections, properties for the TCP/IP protocol of your method of connecting to the internet, use one of the following DNS addresses.  Having done this, run your test again to see if the effect has disappeared:-

http://www.portforward.com/networking/dns.htm

(In this list are some BT DNS Addresses - these might be the ones you currently happen to be using).  Some DNS addresses listed may only be available to customers of that company, so you may not be able to browse the internet with some of these listed.
0
 
moorhouselondonCommented:
FWIW one of the DNS servers I am using is

38.9.223.2

This does not resolve the type of address you mentioned.
0
 
tombullCommented:
The reason for this is as follows:

Windows stores a list of domain 'endings' to test with addresses that it can't resolve - try right clicking your LAN connection in 'Network Connections', 'Properties', click on 'Internet Protocol TCP/IP', 'Properties' button, 'Advanced' button, 'DNS' tab.

You will either have
a) A domain which ends in .co.uk AND 'Append primary and connection specific DNS suffixes' selected with 'Append parent suffixes of the primary DNS suffix' ticked, or
b) An entry for .co.uk entered in 'Append these DNS suffixes (in order)'

What windows does when looking for a machine name on your network (or the internet) is that it will look first for the actual name you typed in, then with the DNS suffixes appended. For example if you are on the companyname.co.uk domain, and you type in the address 'mailserver', windows will first look for 'mailserver', then 'mailserver.companyname.co.uk', then 'mailserver.co.uk' then 'mailserver.uk'. Hopefully it will find 'mailserver.companyname.co.uk', but if it doesn't, it will keep on looking.

The other part of the puzzle is a domain registration company in the UK called giraffe, who specialise in registering three letter domain names in the .co.uk domain name space. Something that domain registration companies often do is host DNS which will accept any host name at the domains they register (for example 'anything.anythingelse.something.hosteddomain.co.uk'). They often call this a catch-all. Giraffe call this a dropcatcher system (for no apparant reason).

Hence when you type in an address that ends in 'cmo' or 'coj' (or 'ikl' or 'rfg' or various others), your computer first searches for www.whatever.cmo (finding nothing), then www.whatever.cmo.yourcompany.co.uk (finding nothing), then www.whatever.cmo.co.uk (which is picked up by none other than the giraffe dropcatcher system).

Note this only works on domains ending in .co.uk with the specific settings mentioned above.

0
 
rgfordAuthor Commented:
Thankyou!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 6
  • 5
  • 4
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now