Can someone explain this (corporate) trendnet.org web-proxy behavior?

V

Virus Guy

I was looking at the log files for our web server at $Dayjob.

Specifically, I was looking at log entries made as a result of our
software (running on customer machines) performing software update
checks. The software performs an http-get request to our web server to
access a specific URL.

Every once in a while, I run a dedicated program that scans through the
logs to tease out these update requests. A few days ago I noticed
something peculiar for one of our customers (a large hospital system in
the mid-west US):

150.70.172.105
(iad1-wtp-gd-maya5.sdi.trendnet.org)

150.70.75.177
(sjdc-wtp-g2-maya4.sdi.trendnet.org)

In other words, the http request was not made from an ip address
assigned to the hospital - but instead it came from the above-mentioned
IP addresses. These seem to be based in Japan.

I can't find that much related to those IP addresses or trendnet.org, or
what sort of product could be in play here. I did find this:

http://www.mywot.com/en/forum/14954-150-70-75-176-false-positives-for-phishing

So does anyone know if Trendnet has some sort of corporate product along
the lines of a web-proxy that diverts some (or most, or all?) of a
client machine's http traffic through a Trendnet machine (presumably to
perform real-time threat detection) ???

And if so, why not use a US-based machine for US-based clients? Why
Japan in this case?
 
V

Virus Guy

You must be using a TrendMicro anti virus or other TrendMicro
solution.

Remember - it's not *me* that's using this trendmicro or trendnet
product.

An institutional computer owned by one of our customers has this unknown
trend product on *their* PC, and it's causing their hits to our server
appear as if they're coming from:

150.70.172.105
(iad1-wtp-gd-maya5.sdi.trendnet.org)

150.70.75.177
(sjdc-wtp-g2-maya4.sdi.trendnet.org)
TrendMicro is Internationalized.

The domain trendnet.org is indeed owned by Trend Micro.

So my question (again) is - what Trend Micro security product has the
effect of routing some (or most, or all?) of the http-get requests on a
client PC through a trendnet.org machine?

And - why not use a US-based machine for US-based clients? Why use a
machine located in Japan?
 
D

Dustin

Virus Guy said:
I was looking at the log files for our web server at $Dayjob.

Oh wow. You're in IT? Seriously? LMFAO!
So does anyone know if Trendnet has some sort of corporate product
along the lines of a web-proxy that diverts some (or most, or all?)
of a client machine's http traffic through a Trendnet machine
(presumably to perform real-time threat detection) ???

If we answer, won't you just berate us again?
 
D

Dustin

Virus Guy said:
So my question (again) is - what Trend Micro security product has the
effect of routing some (or most, or all?) of the http-get requests on a
client PC through a trendnet.org machine?

That pretty well answers my question concerning berating. Hard to believe
you're in some fashion tied into any I.T. work ...Scary infact...

Good luck getting the answers you seek with the kickass attitude you
consistently display. The DNS one being the funniest so far.
And - why not use a US-based machine for US-based clients? Why use a
machine located in Japan?

Why not ask trend?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top