In my web server logs (I'm running node.js with express), intermixed with valid requests for files, I see the following:
[app-0 (out)] GET / 200 1ms - 3.95kb
[app-0 (out)] GET / 200 2ms - 3.95kb
[app-0 (out)] GET / 200 1ms - 3.95kb
---[app-0 (out)] GET http://www.mafengwo.com/ 200 1ms - 3.95kb
[app-0 (out)] GET / 304 1ms
I'm not the owner of "magengwo.com", and I'm unsure of how the attacker was able to query my web server for another website (and its a little more alarming that node responded with a 200). I would assume this is a bad thing, although I'm at a loss for how to reproduce this issue. Any help or explanation of whats going on here would be greatly appreciated
I got the same request within 15 minutes of spawning a testing server (SF on DigitalOcean), so I'm guessing it's a bot looking for subnodes serving mafengwo.com