迅雷云你伤不起啊

  • A+
所属分类:WooYun-Zone

起因

上周,某部比较出名的电影据说出了完整版非枪版,于是在某天堂找到了下载地址。但是下载地址已经失效,朋友给了个迅雷的会员号,于是就打算看看是不是枪版。把某天堂的地址拉了进去,果断找到了已经被迅雷缓存掉了。于是想用迅雷的快速播放功能,但显示源地址错误,无法快速播放。

由于博客上vps剩余流量充足,才用了不到3G/500G,于是就用vps把片子下载了,然后用迅雷的离线离线我博客的地址。

在迅雷离线的时候,查看vps的流出流量都比较稳定,基本上了离线页面显示的下载速度是相同的。

一切还好,很快就离线好了,此时vps没发现什么异常。

有点问题

用快速播放简单看了后,好吧不是枪版,比较满意,于是就开始用家里电脑下载了。

顺便还开了加速通道。。。。。

发现有点问题,一开始下载,网站马上就打不开了,一暂停,又马上恢复了。

当初以为是迅雷占满了vps 的流出,于是就没怎么管。

监控宝发来了服务器不可用的提醒,还是没管。

继续写作业了。

情况不对

写了会作业,大概过了半个多小时,目测电影已经下完了,用手机打开自己的网站,发现还是无法打开。

基本判断应该是出了什么事了,蛋疼地打开了SolusVM平台,我吓尿了。

瞬时的流出居然达到了40M/S,并且占用了我100G的流量…..

迅雷云你伤不起啊

感觉到情况不太好,马上改上电脑开始处理。。。。

DDoS deflate战败

一直以来都有用DDoS deflate来防御小规模攻击的习惯

查了下iptables -L,封了的IP并不多,于是就把条件降低,但发现还是不行。

于是开始蛋疼的手动封,但发现效果还是不明显,重启了nginx依然网站无法打开。

cpu占用>85%

top了一下,多个php-fpm进程占用极高

检查特征

把日志拖了下来看看,蛋疼的由于系统时间出错,导致一开始没发现被攻击的特征。

当时时间14时左右,但是此时服务器时间才为9时

蛋疼……

直到我拖到最下面,发现了被大规模地访问视频的下载地址,后缀为rmvb

于是果断去nginx写规则把后缀为rmvb的给403掉

初见成效

ban掉*.rmvb的访问后,cpu一下子就下来了,恢复到了正常的状况。。

重启服务器后,服务器下的网站均恢复了正常访问。

蛋疼又来

上学昂上学昂……

今天回来的时候,发现尼玛突然多了4G的东西,查了一下,我跪了。

access.log这个伟大的日志文件占用的4G的空间。。。

迅雷云你伤不起啊

让我情何以堪……….

改名之,重启nginx,重新生成了一个日志,拉下来一看。。。。。

部分日志

121.34.191.96 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; KB974488)"

180.110.85.117 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xE8\x87\xB4\xE6\x88\x91\xE4\xBB\xAC\xE7\xBB\x88\xE5\xB0\x86\xE9\x80\x9D\xE5\x8E\xBB\xE7\x9A\x84\xE9\x9D\x92\xE6\x98\xA5.HD.1024x576.\xE5\x9B\xBD\xE8\xAF\xAD\xE4\xB8\xAD\xE5\xAD\x97.rmvb HTTP/1.1" 403 564 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)"

110.184.8.46 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xE8\x87\xB4\xE6\x88\x91\xE4\xBB\xAC\xE7\xBB\x88\xE5\xB0\x86\xE9\x80\x9D\xE5\x8E\xBB\xE7\x9A\x84\xE9\x9D\x92\xE6\x98\xA5.HD.1024x576.\xE5\x9B\xBD\xE8\xAF\xAD\xE4\xB8\xAD\xE5\xAD\x97.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; BRI/2; InfoPath.2; .NET4.0C; youxihe.1437; Media Center PC 6.0; MASP; youxihe.1437)"

61.187.6.123 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xD6\xC2\xCE\xD2\xC3\xC7\xD6\xD5\xBD\xAB\xCA\xC5\xC8\xA5\xB5\xC4\xC7\xE0\xB4\xBA.HD.1024x576.\xB9\xFA\xD3\xEF\xD6\xD0\xD7\xD6.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

61.136.145.119 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"

218.108.168.178 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

180.110.85.117 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)"

113.120.105.197 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

59.56.115.134 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)"

61.131.97.40 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)"

114.83.179.112 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xD6\xC2\xCE\xD2\xC3\xC7\xD6\xD5\xBD\xAB\xCA\xC5\xC8\xA5\xB5\xC4\xC7\xE0\xB4\xBA.HD.1024x576.\xB9\xFA\xD3\xEF\xD6\xD0\xD7\xD6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; youxihe.1577)"

及时返回了403,但是每秒N次不同地方来的流量你也伤不起啊是不是。。。。

暂时停用了日志功能…….

删掉了那个4G的大日志…..

部分日志下载:access

写在后面

想了想为什么会有那么多不同地方的机子访问这个地址,这个地址除了我自己知道之外没有告诉过别人。

应该就是迅雷的问题了,这部电影当时比较红,可能在离线下载的时候,我这边离线到的MD5与某天堂那边电影的MD5相同,因此迅雷就把我当成了源地址之一,但用户在离线服务器提出下载请求的时候,部分下载请求就会转移到我这边。

从日志中抓了个IP去查,某某宽带,应该不会是迅雷官方服务器,而是用户机子了..

当然,上面的只是我的猜测,有什么不对的地方也敬请指出讨论讨论…

现在这个地址每秒种也有N个请求,试想一下,将这个地址rewrite到某些自己不喜欢的站点,会造成CC攻击么?

假如上面试想成立的话,即用自己的vps离线一些热门的文件后,部分下载请求访问过来,rewrite到别人的站点,岂不是造成了一个很牛X的攻击?

http://imlonghao.com/post/2013-05-24/%E8%BF%85%E9%9B%B7%E4%BA%91%E4%BD%A0%E4%BC%A4%E4%B8%8D%E8%B5%B7%E5%95%8A

just for fun!

  1. 1#

    imlonghao | 2013-05-24 21:36

    试了试rewrite到别人的站,秒卡…..

  2. 2#

    imlonghao | 2013-05-24 21:39

    location ~* \.(rmvb)$ {
    rewrite ^/ http://www.wooyun.org/searchbug.php?q=%25;
    }

  3. 3#

    insight-labs | 2013-05-24 21:42

    迅雷会follow rewrite么?

  4. 4#

    insight-labs | 2013-05-24 21:44

    @imlonghao
    不过不得不说这个思路极其淫荡
    如果会follow rewrite的话,就有资本ddos gfw了……

  5. 5#

    xsser | 2013-05-24 21:51

    @imlonghao 尼玛

  6. 6#

    imlonghao | 2013-05-24 22:02

    @insight-labs 等我再开多个小网站看看日志就知道了。。

  7. 7#

    imlonghao | 2013-05-24 22:09

    @xsser @insight-labs
    182.149.204.207 - - [24/May/2013:22:05:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    219.151.158.144 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    182.149.204.207 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    113.138.50.183 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    27.153.68.113 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
    182.149.204.207 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    183.156.53.206 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    1.203.40.140 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2)"
    219.151.158.144 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    123.149.228.64 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    183.157.115.3 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    111.172.197.39 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    182.149.204.207 - - [24/May/2013:22:05:56 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    220.189.193.67 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; KB974487)"
    183.157.115.3 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    121.237.2.43 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    222.80.175.25 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
    183.156.53.206 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    180.157.89.162 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"
    113.76.33.74 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASP)"
    61.185.178.173 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; 4399Box.1261; 4399Box.1261)"
    113.86.145.177 - - [24/May/2013:22:06:01 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    58.19.214.162 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    61.153.0.130 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    182.149.204.207 - - [24/May/2013:22:06:05 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    183.156.53.206 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    182.149.204.207 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    59.56.20.23 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    112.65.211.100 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2)"
    115.206.20.133 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4)"
    182.149.204.207 - - [24/May/2013:22:06:09 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    182.149.204.207 - - [24/May/2013:22:06:10 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    14.147.86.62 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; QQPinyin 685; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    183.156.53.206 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    111.178.209.148 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
    182.149.204.207 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    183.157.115.3 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.17.47.78 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    58.19.214.162 - - [24/May/2013:22:06:15 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    27.188.231.155 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MALN; .NET4.0E; Zune 4.7; InfoPath.1)"
    111.172.197.39 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    58.48.1.93 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    222.69.92.85 - - [24/May/2013:22:06:17 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)"
    61.153.149.166 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Apache; .NET CLR 2.0.50727)"
    58.48.106.206 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; KB974488)"
    113.65.198.144 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    182.149.204.207 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    114.233.127.15 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    61.145.38.137 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
    117.65.195.17 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    101.85.201.140 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    182.149.204.207 - - [24/May/2013:22:06:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    111.172.197.39 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    222.70.224.156 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MATP)"
    116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    183.156.9.151 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3)"
    116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    1.194.117.98 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    117.88.225.78 - - [24/May/2013:22:06:27 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; KB974488)"
    218.89.59.42 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; BOIE9;ZHCN)"
    116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    111.172.197.39 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    183.9.16.122 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; BRI/2)"
    58.19.214.162 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    182.149.204.207 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    120.36.248.212 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
    101.85.201.140 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.64.202.70 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    113.116.100.130 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS124342; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)"
    27.155.191.254 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
    183.157.115.3 - - [24/May/2013:22:06:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    182.149.204.207 - - [24/May/2013:22:06:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    218.5.58.196 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    49.84.154.38 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.64.202.70 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    49.65.10.145 - - [24/May/2013:22:06:35 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MASM; Media Center PC 6.0; Tablet PC 2.0; .NET4.0C; BRI/2)"
    183.156.53.206 - - [24/May/2013:22:06:35 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    219.159.107.138 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
    222.240.152.232 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    183.64.202.70 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    182.149.204.207 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    180.159.38.52 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    113.121.71.143 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    101.85.201.140 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    1.48.225.6 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; MDDC)"
    183.64.202.70 - - [24/May/2013:22:06:40 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    183.64.202.70 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    116.17.198.91 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    183.157.115.3 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.158.111.62 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; KB974488)"
    112.102.189.170 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    58.19.214.162 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    180.136.11.157 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; KB974489)"
    111.172.197.39 - - [24/May/2013:22:06:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    115.227.237.29 - - [24/May/2013:22:06:45 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    111.172.197.39 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    183.156.53.206 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    61.185.214.234 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    49.84.154.38 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    113.69.224.119 - - [24/May/2013:22:06:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    125.107.7.208 - - [24/May/2013:22:06:51 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    111.172.197.39 - - [24/May/2013:22:06:52 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    112.66.164.218 - - [24/May/2013:22:06:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    125.121.189.58 - - [24/May/2013:22:06:55 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"
    121.204.255.133 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    218.79.60.165 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    58.19.214.162 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    183.156.53.206 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    222.188.132.105 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
    27.18.230.64 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    125.75.132.64 - - [24/May/2013:22:07:00 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    60.172.205.60 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; qdesk 2.4.1263.203)"
    183.156.53.206 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    61.136.178.10 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.5)"
    218.82.118.150 - - [24/May/2013:22:07:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALC; InfoPath.2; .NET4.0C; BRI/2; youxihe.1640; youxihe.1640)"
    110.90.222.148 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; Shuame)"
    110.177.232.203 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
    58.33.94.213 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; KB974489)"
    171.217.31.86 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
    49.84.154.38 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    1.198.94.56 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MDDCJS)"
    111.172.197.39 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    111.161.96.237 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    110.191.178.116 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    125.116.14.79 - - [24/May/2013:22:07:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
    183.156.53.206 - - [24/May/2013:22:07:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    115.152.100.157 - - [24/May/2013:22:07:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
    58.19.214.162 - - [24/May/2013:22:07:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    121.33.190.176 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)"
    58.38.244.43 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; HPNTDF; Tablet PC 2.0; Media Center PC 6.0; .NET4.0C)"
    123.182.10.252 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALN; .NET4.0C)"
    42.91.206.8 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    140.255.89.46 - - [24/May/2013:22:07:35 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
    49.84.154.38 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    117.94.89.30 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; QQDownload 718; .NET CLR 2.0.50727)"
    222.30.77.7 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0; MALCJS)"
    123.52.144.23 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET4.0C; .NET CLR 2.0.50727)"
    61.178.55.28 - - [24/May/2013:22:07:37 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    61.171.115.42 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.156.53.206 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.31.213.50 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; 4399Box.720; 4399Box.720)"
    124.236.204.239 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; 4399Box.778; 4399Box.778; KB974489)"
    222.216.57.80 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    1.87.220.193 - - [24/May/2013:22:07:40 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    124.239.121.99 - - [24/May/2013:22:07:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET CLR 2.0.50727; InfoPath.2)"
    61.171.115.42 - - [24/May/2013:22:07:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.156.53.206 - - [24/May/2013:22:07:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    1.192.93.13 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)"
    120.37.190.181 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    218.79.60.165 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    119.135.133.29 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; .NET4.0C)"
    58.19.214.162 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    61.131.97.40 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)"
    58.214.3.98 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    113.65.12.212 - - [24/May/2013:22:07:47 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    183.156.53.206 - - [24/May/2013:22:07:51 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    61.178.69.249 - - [24/May/2013:22:07:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
    183.156.53.206 - - [24/May/2013:22:07:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    111.172.197.39 - - [24/May/2013:22:07:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    14.220.49.91 - - [24/May/2013:22:07:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; KB974489)"
    122.194.216.252 - - [24/May/2013:22:08:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
    219.131.216.181 - - [24/May/2013:22:08:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    218.79.60.165 - - [24/May/2013:22:08:04 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    59.173.203.247 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    183.156.53.206 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    115.151.178.14 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    111.172.197.39 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    183.156.53.206 - - [24/May/2013:22:08:09 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    61.166.173.50 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    118.113.201.143 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
    117.82.100.71 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2; BRI/2)"
    115.216.150.146 - - [24/May/2013:22:08:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    116.209.229.81 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.11)"
    111.172.197.39 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    114.83.213.177 - - [24/May/2013:22:08:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MDDC; .NET4.0C)"
    183.156.53.206 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    59.34.36.61 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
    111.172.197.39 - - [24/May/2013:22:08:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    117.92.169.209 - - [24/May/2013:22:08:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)"
    218.79.60.165 - - [24/May/2013:22:08:20 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    114.83.89.180 - - [24/May/2013:22:08:21 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    219.150.151.4 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"
    14.117.194.204 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)"
    183.156.53.206 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    113.89.97.65 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
    14.153.144.182 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"
    113.89.97.65 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
    180.157.86.134 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    113.89.97.65 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
    61.171.115.42 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    118.213.174.214 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
    113.89.97.65 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
    58.19.214.162 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"
    113.89.97.65 - - [24/May/2013:22:08:30 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
    120.33.63.134 - - [24/May/2013:22:08:31 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    180.108.186.183 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; QQDownload 718; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
    183.156.53.206 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    218.11.176.18 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
    113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"
    58.209.237.174 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    58.212.102.13 - - [24/May/2013:22:08:35 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
    58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
    58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
    218.31.5.235 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718)"
    58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
    58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
    183.25.17.231 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
    183.156.53.206 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    222.75.204.224 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
    58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"
    61.171.115.42 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    112.102.189.170 - - [24/May/2013:22:08:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
    183.156.53.206 - - [24/May/2013:22:08:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

  8. 8#

    imlonghao | 2013-05-24 22:10

    此时规则如下。
    location ~* \.(rmvb)$ {
    rewrite ^/ http://test.wooyun.imlonghao.com/?xl;
    }

  9. 9#

    /fd (Http://prompt.ml) | 2013-05-24 22:10

    牛B

  10. 10#

    xsser | 2013-05-24 22:14

    我日… 这个量还挺大

  11. 11#
    感谢(1)

    leaf | 2013-05-24 22:20

    好思路!

  12. 12#

    docall (陈公子是也。。。) | 2013-05-24 22:22

    going down!贱心快找护舒宝赞助吧!

  13. 13#

    斯文的鸡蛋 (顿时我就傻逼了) | 2013-05-24 22:33

    真特么淫荡

  14. 14#

    L.N. (http://ln.sycsec.com/) | 2013-05-24 22:52

    真心淫荡

  15. 15#

    Mujj (为何我的眼中饱含泪水?因为我装逼装的深沉) | 2013-05-24 23:02

    cat wooyun.org.log | grep ‘符合规则的’ | awk ‘{print “iptables -I INPUT -p tcp –dport 80 -s “, $1, “-j DROP”}’| sort -n | uniq | sh

  16. 16#

    x0ers (第一个知道牛奶能喝的人都对奶牛做了些什么?) | 2013-05-24 23:02

    好思路啊.顶

  17. 17#

    LittlePig (</html>) | 2013-05-25 00:13

    可以扔猥琐流了…

  18. 18#

    livers (如梦似幻) | 2013-05-25 11:41

    @imlonghao 自伤800啊

  19. 19#

    虚云 | 2013-05-25 12:09

    你rewrite得起么,想杀死别人,前提是你自己血多。

    @livers
    中肯!

  20. 20#

    虚云 | 2013-05-25 12:10

    不过思路确实值得赞一下,如果在某些可以上传并发布地址的空间放一个热门大片,后果不堪设想。

  21. 21#

    z7y (小胖子首席鉴黄师) | 2013-05-25 12:31

    超赞….  扔猥琐流去吧~ @xsser

  22. 22#

    insight-labs | 2013-05-25 12:42

    @虚云 如果能在对方网站上找到一个耗资源或者流量的链接,比如一个大文件。rewrite过去成本很低

  23. 23#

    imlonghao | 2013-05-25 13:00

    @虚云 @livers
    观察只是rewrite的话,对自己没怎么伤…
    像@insight-labs 所说的那样,对面有一个很大的文件,完全可以rewrite过去。
    要注意,发起的这个链接是会去下载的..

  24. 24#

    核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 14:36

    说到流量转发攻击,其实有更简单更高效的,直接去百度贴吧访问量大的帖子里:

    <img src=”http://zone.wooyun.org/search/核总” />
    <img src=”http://zone.wooyun.org/test.rar” />

    你懂的……

  25. 25#

    萧然 (喜欢一切美的东西·) | 2013-05-25 14:41

    @核攻击 哇  这也可以?以前拿这种刷移动的推广 搞了个第一名 奖了个手机

  26. 26#

    imlonghao | 2013-05-25 14:48

    @核攻击 要D8要是能占据首页的话。。。。

  27. 27#

    核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 14:49

    说起来云资源攻击,前些年有人曾伪装p2p热门资源发起巨型纯流量攻击……

  28. 28#

    imlonghao | 2013-05-25 14:57

    @核攻击 有地址看看么?

  29. 29#

    核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 15:07

    @imlonghao 利用P2P网络发动大规模、大流量DDOS攻击

  30. 30#

    核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 15:18

    @萧然 详见:【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息

  31. 31#

    CHForce (带马师) | 2013-05-25 15:58

    一楼比一楼给力,招数越来越犀利

  32. 32#

    happytree (“如果我死了,请吃掉我吧”) | 2013-05-25 16:02

    雅蠛蝶~太口怕了

  33. 33#

    廷廷 (想法最重要) | 2013-05-25 16:16

    @核攻击 果断学习啦!!!

  34. 34#

    小森森 (学习中……) | 2013-05-25 17:44

    赞一个~~不过……你自己网站也会很卡诶~

  35. 35#

    imlonghao | 2013-05-25 18:08

    @小森森 http://imlonghao.com 现在仍有这种情况,但是你觉得卡么?

  36. 36#

    Mujj (为何我的眼中饱含泪水?因为我装逼装的深沉) | 2013-05-25 18:52

    @imlonghao 重写消耗的是CPU资源,不过也消不了多少。

  37. 37#

    whking (不登高山,不知天之大。) | 2013-05-25 19:56

    @imlonghao 前几天你网站挂了,我以为你不开了的呢。

  38. 38#

    imlonghao | 2013-05-25 20:32

    @whking -.-##

  39. 39#

    GaRY | 2013-05-26 00:45

    好帖子!绝对精华。目前对这个方面进行ddos的技术不是没人想过,但是都没有实例化阶段。楼主这个帖子算是头一个了AFAIK。

  40. 40#

    xsser | 2013-05-26 11:32

    @livers 对洞主自己来说,这个应该只需要耗费重写的,但是对于目标来说可能还要过数据库……

  41. 41#

    小森森 (学习中……) | 2013-05-26 14:56

    @imlonghao 不卡。。但是上不去啊……

  42. 42#

    蟋蟀哥哥 (̷ͣ̑̆ͯ̆̋͋̒ͩ͊̋̇̒ͦ̿̐͞҉̷̻̖͎̦̼) | 2013-05-26 15:51

    精华帖子了

  43. 43#

    hang | 2013-05-26 20:34

    想到这个了,vessial在poc2011上面的演讲PPT
    Xunlei_Network_Internal_for_PoC2011.pdf

  44. 44#

    Nimda | 2013-05-29 08:51

    这几天由于工作,正好涉及到了MD5,突发奇想有个问题:
    如果迅雷的验证机制是MD5,那么能不能在某些资源比较火的时候,依照火资源的MD5生成一个木马,然后把这个木马上传到自己的空间里。。。

    之前看过一个类似的帖子,说有个哥们买了个远控,然后过段时间远控被360查杀了。这哥们反应给远控卖家,卖家在QQ那边搞了一会儿,然后这边的远控就不再被查杀了,那哥们判断可能是上传了一个和木马MD5一样的合法文件,修改了360的白名单。

    纯属YY。。。

  45. 45#

    坏虾 (黑阔都被爆菊花~) | 2013-05-29 09:04

    = = 这个攻击 我也用过。  貌似效果不怎么样。

  46. 46#

    CplusHua | 2013-06-08 21:34

    @虚云 如果用改DNS的方式呢?攻击独立IP的站,这样会有危害吧?

  47. 47#

    Mujj (为何我的眼中饱含泪水?因为我装逼装的深沉) | 2013-06-08 21:52

    @Nimda 你这个略高端了,不过理论上是说的过去的。

  48. 48#

    ACGT | 2013-06-08 22:23

    @Nimda 给定MD5生成一个合法的PE文件,纯属YY
    360那个应该是利用了360的某个漏洞

  49. 49#

    flying ((ส้้้้้้้้้้้้้้้้้้้้้้้) | 2014-08-01 12:43

    楼主vps哪里买的