dstiles - 9:27 pm on Sep 19, 2011 (gmt 0)

SteveWh - my MSIE 6 comment was more to the point that the UA should in any case be blocked rather than it was an actual browser. Most things hitting web sites with an MSIE 6.0 UA are probably bots nowadays. otherwise, you have a valid point. :)

I think, based on that, any AV bot that was blocked from access should expect to be blocked. The bot is using a very dodgy UA coupled with non-browser header fields. Obviously it's carrying its own shroud with it. :)

Staffa - I'm no longer sure about it being Japanese IP range. The 150 range is an "early assign" block of IPs with assignments to all the then major districts (RIPE, ARIN etc).

Oddly enough, of the tools and WHOIS services I use, only robtex and RIPE give a correct assignment to TrendMicro. All others say it's part of the large Japanese range, which is why I had it down as such in my security database.