I put up my site yesterday and this morning I saw a lot of requests in the logs. I have seen this before, and immediately could tell it was someone/something probing the server. Most of the requests are attempts to potential admin pages:
220.128.237.100 (-) - - [23/Jan/2019:05:30:45 +0000] "GET /myadmin2/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
220.128.237.100 (-) - - [23/Jan/2019:05:30:45 +0000] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
220.128.237.100 (-) - - [23/Jan/2019:05:30:46 +0000] "GET /phpMyadmin_bak/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
220.128.237.100 (-) - - [23/Jan/2019:05:30:46 +0000] "GET /www/phpMyAdmin/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
220.128.237.100 (-) - - [23/Jan/2019:05:30:47 +0000] "GET /tools/phpMyAdmin/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
220.128.237.100 (-) - - [23/Jan/2019:05:30:48 +0000] "GET /phpmyadmin-old/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
220.128.237.100 (-) - - [23/Jan/2019:05:30:48 +0000] "GET /phpMyAdminold/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
220.128.237.100 (-) - - [23/Jan/2019:05:30:48 +0000] "GET /phpMyAdmin.old/index.php HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36"
But I also saw a number of requests to other websites, which is confusing.
120.39.53.147 (-) - - [23/Jan/2019:08:27:43 +0000] "GET / HTTP/1.1" 200 27702 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
106.91.209.210 (-) - - [23/Jan/2019:08:27:44 +0000] "CONNECT www.baidu.com HTTP/1.1" 400 226 "-" "-"
124.88.64.211 (-) - - [23/Jan/2019:08:27:45 +0000] "GET http://api.ipify.org/ HTTP/1.1" 200 27702 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
175.152.34.125 (-) - - [23/Jan/2019:08:27:47 +0000] "GET http://www.123cha.com HTTP/1.1" 200 27702 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36"
124.88.64.218 (-) - - [23/Jan/2019:08:27:54 +0000] "CONNECT www.voanews.com:443 HTTP/1.1" 405 178 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3"
111.162.158.211 (-) - - [23/Jan/2019:08:27:54 +0000] "GET http://www.123cha.com/ HTTP/1.1" 200 27702 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
36.5.183.112 (-) - - [23/Jan/2019:08:27:55 +0000] "GET http://boxun.com/ HTTP/1.1" 200 15919 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
36.32.3.148 (-) - - [23/Jan/2019:08:27:57 +0000] "CONNECT cn.bing.com:443 HTTP/1.1" 405 178 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3"
218.62.245.85 (-) - - [23/Jan/2019:08:27:58 +0000] "GET http://www.ip.cn/ HTTP/1.1" 200 27702 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
221.13.12.181 (-) - - [23/Jan/2019:08:27:59 +0000] "GET http://www.wujieliulan.com/ HTTP/1.1" 200 15919 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
125.76.60.255 (-) - - [23/Jan/2019:08:28:01 +0000] "GET http://www.rfa.org/english/ HTTP/1.1" 404 233 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoMozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
123.158.61.200 (-) - - [23/Jan/2019:08:28:01 +0000] "GET http://www.minghui.org/ HTTP/1.1" 200 15919 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
71.6.232.4 (-) - - [23/Jan/2019:08:41:58 +0000] "GET / HTTP/1.1" 200 27702 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
104.131.146.83 (-) - - [23/Jan/2019:08:54:34 +0000] "GET / HTTP/1.1" 200 27702 "-" "Mozilla/5.0 zgrab/0.x"
127.0.0.1 (-) - - [23/Jan/2019:09:25:08 +0000] "GET / HTTP/1.1" 200 27702 "-" "Python-urllib/2.7"
194.74.244.130 (-) - - [23/Jan/2019:09:25:41 +0000] "GET / HTTP/1.1" 200 33618 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
Why would these be getting logged in my logs? If it is a GET request aimed at a wholly separate site, why did it even reach my server? What am I missing?