Odd requests in the http server access log

Question

I switched to Nnginx from Apache, and took a look at the access logs. There are some requests scanning for phpMyAdmin etc, but I was surprised to find requests for weird sites. For example:

156.201.91.152 - - [14/Nov/2018:23:43:14 +0100] "GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1" 404 234 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

I have no clue what yastatic.net or bootstrap.min.css are. I have a number of those isolated requests giving 404. I went to check the access log for my old Apache instance, and there they can be found too, but with a 302 status code.

Any clue what that is about?

A got other weird ones. Here is someone asking for http://www.bing.com/, apparently coming from a google search results page:

46.119.114.237 - - [14/Nov/2018:23:15:58 +0100] "GET http://www.bing.com/ HTTP/1.1" 200 5616 "http://www.google.co.uk/search?q=%3Ctitle%3EBing%3C%2Ftitle%3E%20www.bing.com" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)"

Answer 1

Someone is asking your server for the page http://yastatic.net... We can only speculate at the reasons why.

I think the most likely cause is either a bot which is incorrectly configured or something trying to fingerprint / exploit your system. There are other possible explanations but they would seem less likely as the IP addresses requesting this change are very different over a not-that-long time period. Similarly the browser strings are very different and appear to have been picked up from someone elses logs.