Strange HTTP GET requests from IP 150.70.x.x and IP 62.24.x.x

Recently I started to notice that one of our sites gets strange HTTP GET requests from two IP ranges: 150.70.x.x and IP 62.24.x.x.

The short version of this goes as follows: we have web service when users can submit results via HTTP GET request. For example:
http://www.example.com/service?guid={BEDC2C9A-C5E6-4766-B57C-7CC07BB26F59}&result=x

Each (next) user/request gets a new GUID, like:
http://www.example.com/service?guid={412E9B56-E9CE-4FB5-9804-676FDC9EA3EC}&result=a
http://www.example.com/service?guid={64A00D1D-BCDB-4B5A-9DF3-51CF2BB6B663}&result=b
http://www.example.com/service?guid={CA5B86A1-A6B4-4CA8-AAA6-DC9302CF34D3}&result=c

Because GUIDs are unique, we should get each GUID only once. But this was not true for our web-service. We occasionally got duplicate requests. We started to investigate closer, and found that all double requests come from two IP ranges 150.70.x.x and IP 62.24.x.x, and all “second” requests follows the first after 30s – 5 min.

We did a Google search and found, that 150.70 IP range belongs to Trend Micro. There are even some statement from them:

Dear Site Owner,

To protect our customers from visiting a malicious or harmful site, web pages of the applicable URLs are downloaded and scanned by our servers. Thus, you may have noticed a few visits from our IPs. Please be assured that this poses no security risk to your web sites as our servers do not perform any action other than scanning the sites.
We then store the rating of the web site in our server cache so that our servers will no longer access those pages for analysis when a customer chooses to visit those web sites again. We have already asked our server owner to add the rating for the following domain(s);
…..
The setting will take effect soon, please verify it again on your site.
Sorry for any inconvenience and please inform us of any other concerns you may have.
Best Regards,
Trend Micro’

More: http://forum.notebookreview.com/security-anti-virus-software/331930-trendmicro-servers-japan-accessing-webservers.html

It seems, that Trend Micro is spying after their customers. Second range comes from Talk Talk UK’s ISP, who apparently spies after their customers too.

Here are some links with more reading:
Search Engine Spider and User Agent Identification Forum from webmasterworld.com
IP Address Inspector – projecthoneypot.org
Im Being Monitored/Watched?

P.S. Most probably they do not try to do HTTP POST request, I do not know. We probably should use POST too, but that’s another story.
P.S.S. Some encryption like SSL should be mandatory for all Internet traffic in future.

Windows API PlaySound error / silence

Today stumbled at strange behavior of Windows API function PlaySound in combination with SND_FILENAME flag.

There are two scenarios:

  1. No sound is played, and PlaySound returns success (TRUE) in combination with SND_ASYNC;
  2. No sound is played, and PlaySound returns failure (FALSE) when using the same wav file, but without asynchronous flag.

The cause is, that system where this is happening is Windows Server 2008 R2, which is apparently missing some WAV codec. Files coded with different codec works.

Error while receiving Verisign Authenticode certificate

Today when I was downloading/receiving Verisign Authenticode certificate I got the following error window:
---------------------------
VBScript
---------------------------
Error: 1AD occured, your certificate may not be co`rrectly installed
---------------------------
OK
---------------------------

Then I was redirected to the page with the following text:
Your Certificate Could Not Be Installed Your certificate could not be installed in your web browser. The most likely reasons for this problem are:

The certificate is already installed.
Check your installed certificates. In Internet Explorer, go Tools > Internet Options and select the Contents tab. In the Certificates section, click the Certificates button. In the Personal tab, review the list of certifiicates. If your certificate is in the list, you do not need to install it again.

The browser and/or computer you are using now is not the same one used when you enrolled for your certificate.
You must use the same browser on the same computer to enroll for and install your certificate.

You are not running the latest version of Internet Explorer.
Click here to get the latest version of Internet Explorer.

The certificate database in the Web browser is not accepting the new certificate (the database may be corrupted).
Reinstall Internet Explorer and enroll again for the certificate.

It seems, that Verisign site is trying to install this certificate two times, because when I looked at the installed certificates in Internet Explorer, the certificate was already there.