1

Not sure if that has been asked before but over the last week I am getting hundreds of CONNECT and GET requests to my Apache web server for domains that are not on my server. Some are for well known sites like instagram.com. Here is a few that happened this morning:

120.78.240.35 - - [15/May/2019:09:15:10 +0200] "CONNECT book.spicejet.com:443 HTTP/1.1" 405 519 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_111)"
120.78.240.35 - - [15/May/2019:09:15:09 +0200] "CONNECT book.spicejet.com:443 HTTP/1.1" 405 519 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_111)"
120.78.240.35 - - [15/May/2019:09:15:09 +0200] "CONNECT book.spicejet.com:443 HTTP/1.1" 405 519 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_111)"
120.78.240.35 - - [15/May/2019:09:15:09 +0200] "CONNECT book.spicejet.com:443 HTTP/1.1" 405 519 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_111)"
51.75.12.139 - - [15/May/2019:09:15:07 +0200] "CONNECT api.goldenfrog.com:443 HTTP/1.1" 400 0 "-" "-"
120.76.246.242 - - [15/May/2019:09:15:05 +0200] "CONNECT api.nokair.com:443 HTTP/1.1" 405 516 "-" "-"
54.37.76.200 - - [15/May/2019:09:15:03 +0200] "CONNECT hq.uis.kaspersky.com:443 HTTP/1.1" 400 0 "-" "-"
72.130.166.116 - - [15/May/2019:09:15:03 +0200] "CONNECT stockx.com:443 HTTP/1.1" 400 0 "-" "-"
51.77.245.206 - - [15/May/2019:09:15:00 +0200] "CONNECT 160.153.202.75:443 HTTP/1.0" 405 535 "-" "-"

Any idea what could be causing those requests to be redirected to my server? Initially I thought that it might be a scan to see if the server could be used as a proxy but this has been going on for the better part of a week now.

Grant
  • 11
  • 1

1 Answers1

0

Likely a bot looking for open proxies. The url in the log is the page it's trying to load via any open proxy it can find.

neonprimetime security
  • 936
  • 4
  • 15