Hello board,

In my server logs, some suspicious hits caught my attention:

123.125.67.181 - - [23/May/2013:04:04:10 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 34500 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.218 - - [23/May/2013:04:17:59 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 34500 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.125.67.181 - - [23/May/2013:04:34:28 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 16653 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.217 - - [23/May/2013:04:48:19 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 15180 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.125.67.181 - - [23/May/2013:05:04:48 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 40020 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.156 - - [23/May/2013:05:18:36 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 49680 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

This has been going on for months. As you can see, these IPs hit quite regularly every 1/2 hour. They only download small parts of some media files (video/audio), never do they request the webpage associated with those files - which does not really make sense in this case, and also no other files from this server. The traffic they produce still moves these files to the front in the stats.
All the requests come from a narrow range of IPs located in Beijing, China. ISP: Data Communication Division

First, I suspected some kind of proxy but seeing that they seem to never get the whole file, yet request these files with timed regularity, I guess it's some bot... but for what purpose?

I decided to block the IP ranges:

Deny from 123.125.67.180/31 123.125.67.242/31 220.181.51.155/32 220.181.51.156/31
Deny from 220.181.51.158/32 220.181.51.217/32 220.181.51.218/31 220.181.51.220/32

Does anybody here know of such a thing?

Edit: Beijing, not Hong Kong.