Stange stream of HTTP GET requests in apache logs, from amazon ec2 instances

Posted by Alexandre Boeglin on Server Fault See other posts from Server Fault or by Alexandre Boeglin
Published on 2013-06-12T16:17:44Z Indexed on 2013/07/03 11:08 UTC
Read the original article Hit count: 349

Filed under:
|
|
|

I just had a look at my apache logs, and I see a lot of very similar requests:

GET / HTTP/1.1
User-Agent: curl/7.24.0 (i386-redhat-linux-gnu) libcurl/7.24.0 \
    NSS/3.13.5.0 zlib/1.2.5 libidn/1.18 libssh2/1.2.2
Host: [my_domain].org
Accept: */*
  • there's a steady stream of those, about 2 or 3 per minute;
  • they all request the same domain and resource (there are slight variations in user agent version numbers);
  • they come form a lot of different IPv4 and IPv6 addresses, in blocs that belong to amazon ec2 (in Singapore, Japan, Ireland and the USA).

I tried to look for an explanation online, or even just similar stories, but couldn't find any.

Has anyone got a clue as to what this is? It doesn't look malicious per say, but it's just annoying me, and I couldn't find any more information about it.

I first suspected it could be a bot checking if my server is still up, but:

  1. I don't remember subscribing to such a service;
  2. why would it need to check my site twice every minute;
  3. why doesn't it use a clearly identifying fqdn.

Or, should I send this question to amazon, via their abuse contact?

Thanks!

© Server Fault or respective owner

Related posts about amazon-ec2

Related posts about http