Where is this error message coming from?

4

0

Recently switched to a new ISP after a move, running Chrome under OSX 10.7. The problem occurs with all browsers.

I see the following error when visiting various sites -- no particular pattern -- from time to time. This is the entire message. It is the only thing that appears in my web browser. The problem fixes itself in a few minutes. Probably a lookup error of some sort, but I don't recognize it.

What piece of software is serving this message? What is happening? What is this Reference # referencing? (bold added to emphasize that I am not trying to troubleshoot this problem, I am trying to learn something about the internet)

Invalid URL

The requested URL "/articles/6517181", is invalid.

Reference #9.6f200f6c.235618518a.b7e910cf

UPDATE: I looked at the exchange in Wireshark. The request is going to an IP address that is clearly different from the IP address of the site I'm trying to reach. If I look at the traceroute, the route to the IP address of say, Facebook, is the same as the IP that is serving the error message, up to 6 steps and then the two diverge:

UPDATE 2: The error is being returned as a 400 HTTP response by a server called "Akamai GHost." There is little info about this software available. Akamai is a major CDN and this must be one of their caching servers. There must be a downstream DNS error. How can I find out what's causing this?

Route to Facebook:

$ traceroute facebook.com 
traceroute: Warning: facebook.com has multiple addresses; using 69.171.234.21
traceroute to facebook.com (69.171.234.21), 64 hops max, 52 byte packets
 1  192.168.2.100 (192.168.2.100)  14.311 ms  1.182 ms  3.513 ms
 2  192.168.1.1 (192.168.1.1)  5.012 ms  2.857 ms  3.308 ms
 3  xx.xx.192.1 (xx.xx.192.1)  487.876 ms  203.273 ms  202.285 ms
 4  xx.xx.26.77 (xx.xx.26.77)  176.310 ms  20.453 ms  252.630 ms
 5  xx-ccr02.xx.rr.com (xx.xx.18.138)  169.683 ms  298.418 ms  165.257 ms
 6  xxca1-cr01.xx.rr.com (xx.xx.17.2)  166.682 ms  199.838 ms  208.288 ms
 7  ae-6-0.cr0.xx30.tbone.rr.com (xx.xx.6.214)  60.857 ms  276.735 ms  209.215 ms
 8  ae-1-0.pr0.xx00.tbone.rr.com (xx.xx.6.129)  197.058 ms  502.956 ms  204.400 ms
 9  xx.xx.9.206 (xx.xx.9.206)  186.777 ms
    tengigabitethernet4-2.ar4.xx1.gblx.net (xx.xx.254.25)  413.101 ms
    tengigabitethernet4-1.ar4.xx1.gblx.net (xx.xx.93.65)  309.246 ms
10  ae2-50g.scr4.xx1.gblx.net (xx.xx.95.213)  236.292 ms  181.912 ms  140.705 ms
11  ae10-0-40g.scr4.snv2.gblx.net (xx.xx.164.30)  88.988 ms  96.949 ms  128.331 ms
12  e5-3-40g.ar5.sjc2.gblx.net (67.17.72.14)  87.643 ms  62.797 ms  114.806 ms
13  64.208.158.30 (64.208.158.30)  298.681 ms  214.118 ms  313.760 ms
14  ae0.bb01.sjc1.tfbnw.net (74.119.76.21)  285.443 ms
    ae1.bb02.sjc1.tfbnw.net (204.15.21.164)  195.285 ms  297.923 ms
15  ae12.bb02.prn1.tfbnw.net (74.119.79.109)  309.046 ms
    ae2.bb01.pao1.tfbnw.net (74.119.76.136)  307.655 ms
    ae12.bb02.prn1.tfbnw.net (74.119.79.109)  322.926 ms
16  ae0.dr05.prn1.tfbnw.net (204.15.23.57)  512.197 ms
    ae0.dr02.prn1.tfbnw.net (74.119.79.103)  419.674 ms
    ae1.dr02.prn1.tfbnw.net (74.119.79.107)  410.296 ms
17  po1021.csw08a.prn1.tfbnw.net (31.13.25.129)  418.573 ms
    ae1.dr01.prn1.tfbnw.net (74.119.79.105)  289.727 ms
    po1021.csw08a.prn1.tfbnw.net (31.13.25.129)  293.519 ms
18  * * *

Route to whatever is serving this message:

$ traceroute 23.15.61.177
traceroute to 23.15.61.177 (23.15.61.177), 64 hops max, 52 byte packets
 1  192.168.2.100 (192.168.2.100)  21.246 ms  14.488 ms  1.017 ms
 2  192.168.1.1 (192.168.1.1)  5.226 ms  7.623 ms  5.454 ms
 3  xx.xx.192.1 (xx.xx.192.1)  530.663 ms  188.692 ms  202.046 ms
 4  xx.xx.26.77 (xx.xx.26.77)  181.943 ms  167.857 ms  138.634 ms
 5  xx.xx-ccr02.xx.rr.com (xx.xx.18.138)  199.755 ms  172.108 ms  165.070 ms
 6  xx.xxca1-cr01.xx.rr.com (xx.xx.17.2)  186.851 ms  198.587 ms  203.372 ms
 7  xx.xx.17.134 (xx.14.17.134)  209.303 ms  232.596 ms  694.958 ms
 8  xx.xx.19.67 (xx.14.19.67)  40.765 ms  149.819 ms
    xx-1-0.pr0.xx00.tbone.rr.com (xx.xx.6.129)  63.554 ms
 9  * * *

jordanpg

Posted 2012-08-28T06:32:51.267

Reputation: 101

In may be possible that your new ISP uses a transparent web proxy, that is a proxy that is automatically used and does not have to configured on the clients. You should try the same url on an HTTPS connection. If the error is gone it is a proxy. – Robert – 2012-08-30T17:01:44.123

Please specify your browser and operating system. – harrymc – 2012-08-30T18:34:36.913

@anyone I would appreciate an upvote on this just to get out of the red. I don't know why it was downvoted and whoever did it was not polite enough to tell me what their problem with it was. – jordanpg – 2012-08-30T21:00:53.583

What router do you have? – Der Hochstapler – 2012-08-31T10:06:46.900

@Robert I have verified that the problem occurs for either protocol. I don't know if it's relevant or not, but the delta between the "reference number" is (http) 9.ed2e12d1.1346557934.47eac518 and (https) 9.ee2e12d1.1346557953.587c2f78. – jordanpg – 2012-09-02T03:53:22.010

@OliverSalzburg In Wireshark, I see the Ethernet frame source as "Source: Cisco-Li_ba:62:36 (00:67:6a:cd:62:36)". Is there a better way to get this info? – jordanpg – 2012-09-02T04:01:13.823

Are you using an ad blocker? – Keith – 2012-09-02T05:00:59.357

@jordanpg: This guy is getting a similar error and claims it was caused by his router (also a Cisco).

– Der Hochstapler – 2012-09-02T14:00:53.060

@Keith The problem persists with AdBlock turned off in Chrome. – jordanpg – 2012-09-02T21:20:54.923

Answers

3

This is apparently a standard error message that only means that an invalid URL was requested. It can have many possible sources, such as a bad plugin or a badly programmed website. Unfortunately the source of the message is not specified.

If you are a developer, you can try to debug what is happening using the console of the Chrome Developer Tools and Firebug Lite for Google Chrome. Otherwise, continue on with this answer.

I suggest to flush your DNS cache :

sudo dscacheutil -flushcache

I this doesn't help, I suggest that you try to see if this is happening using another browser. If it is still happening, then the problem is either with : your ISP, your router, your DNS servers.

If this does not happen with another browser, then test Chrome with no plugins. If the problem disappears, then this is caused by one of your plugins, so you will have to find which one by trial and error.

If the problem still happens in Chrome with no plugins, then uninstall Chrome, cleanup all folders, reinstall Chrome, then add any plugins carefully one-by-one while checking if the problem returns.

If nothing works, then verify your system with several well-known antivirus products.

If the problem is only in Chrome but uninstalling it didn't help, then the only advice I have left is to use another browser.

[EDIT]

My best guess with the information at hand is that the problem lies with your ISP using some sort of a caching proxy which either (1) rewrites sometimes the page incorrectly, or (2) expires its links too soon.

Use a free VPN service to escape using the ISP. An example of such service is Hotspot Shield or CyberGhost VPN (the simplest to use is their Free Proxy). If the problem disappears, then you can be absolutely sure that it is caused by your ISP and should get in touch with their Support. If the problem doesn't disappear, then the problem is within your computer or router.

If this test is not conclusive, you could also test using a tool to trace your communication (I don't know which are available for OSX). The moment this error occurs, look immediately to see what was the request and the returned html. Post the trace if you want our opinion. If the URL used does not point to where it should, then it is the proxy that has rewritten the current page.

It would help to have some details for your router to see if it has an expiring cache.

harrymc

Posted 2012-08-28T06:32:51.267

Reputation: 306 093

Thanks. The problem occurs with all browsers. As I mentioned in the OP, I agree that it's a lookup problem of some sort. Flushing the DNS cache does not solve the problem. – jordanpg – 2012-09-02T04:04:39.230

Questions: (1) Does the message look exactly the same in all browsers? (2) What happens when you use google DNS servers (as said Moab)? (3) Try tracing to see if this is coming from a website (if yes, post all returned data including headers) (4) Does this happen when booting in Safe mode with Network? – harrymc – 2012-09-02T11:04:43.070

...See also my edit above. – harrymc – 2012-09-02T11:14:32.213

(1) Yes. (2) Using public DNS servers solves the problem. (3) See update 2 above. The message is being served by a server called "AkamaiGHost". (4) Not available in OSX AFAIK. – jordanpg – 2012-09-02T22:04:48.900

From (2) I conclude that the problem is that your ISP has a bad interface to the Akamai Content delivery network. The solution is to get in touch with their Support, but also not use their DNS servers in the meantime.

– harrymc – 2012-09-03T07:54:34.540

3

Change the DNS servers in your Operating System to use Google DNS servers

Google server ip's are as follows:

IPV4:

8.8.8.8

8.8.4.4

IPV6:

2001:4860:4860::8888

2001:4860:4860::8844

https://developers.google.com/speed/public-dns/docs/using

Moab

Posted 2012-08-28T06:32:51.267

Reputation: 54 203

1Thanks, I'll try that. The question was, what piece of software is serving this message? I've never seen anything like it before. – jordanpg – 2012-08-28T16:36:09.113

Would need a screenshot of the message and what browser you are using at the itme – Moab – 2012-08-28T19:59:39.453

1The entirety of the message is in the post. This was in Chrome. – jordanpg – 2012-08-28T20:04:29.017

1

Happened to me yesterday. All messages here are wrong :)

So, where does this error comes from? Answer: from an Akamai server. Akamai is a company that sells local servers all over the world so big companies like Yahoo! can have the least latency for any user around the world. So they have LOTS of servers.

Now, why are you hitting those servers if you are trying some of your dev server or something? answer: because you had a bad dns entry at somepoint, fixed it, but your annoying browser still has the previous entry cached.

Most browsers cache DNS queries even though it is none of their business. In my case it happened as this:

  1. i created a bad CNAME on my hosting company the day before for a new dev server
  2. I hit it on the browser, but meanwhile noticed it was wrong, and ifxed it
  3. i even added a entry on /etc/hosts
  4. so pings and browsers i hadn't opened before were fine
  5. firefox was still showing the error. turned out, changing the ip from 173.... to 172... (the mistake i had) reached an akamai server. as i said, they have lots of servers everywhere.
  6. i tried clearing cache, quiting the browser, restarting... nothing solved it. until i waited some 20min without requesting that URL or something.
  7. i really hate modern browsers.

i know it was an akamai server because if i hit the wrong ip i had on the browser cache (the beauty of that, there is no way to know from within the browser, you have to listen to the tcp connections on the OS) i get that error. and if i reverse queried the DNS about that IP, i got an akamai hostname.

So, answer to your question: this error message cames from an akamai server, thanks to your browser aggresive DNS cache pointing you to the wrong address.

gcb

Posted 2012-08-28T06:32:51.267

Reputation: 3 392

0

I did some investigating also. My current theory is that is is coming from an HTTP load balancer, and one or more back-end servers is down or slow. Then it would be the load balancer responding with this message. That's why it's 1) intermittent, and 2) only seems to occur on high-volume sites.

Keith

Posted 2012-08-28T06:32:51.267

Reputation: 7 263

Asked: 2012-08-28T06:32:51.267

Viewed: 6 782 times

Active: 2016-12-20T15:52:36.160