RaoulMoulebitte

Hi guys, I hope you are alright. I had to shut down my reverse proxy because of some unusual activities (this si a docker container following SpaceInvader One tutorial). Just checking the nginx access log I have noticed this : 72.173.251.17 - - [25/Jul/2020:18:13:04 +0100] "POST / HTTP/1.1" 405 559 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)" 72.173.251.17 - - [25/Jul/2020:18:15:06 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:17:08 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:19:10 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:21:13 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:23:15 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:25:16 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:58:58 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" .... and it carries on for a long time... Would you consider this weird ? The unusual activity I mentioned was my Bitwarden container (Still SpaceInvader) getting constant requests from my local gateway (PfSense VM; I know...). Every second it was knocking on its door but from a different port everytime. From PFSense logs and network tools I could see a lot of activity from 127.0.0.1 trying to reach what I guess is some DNS stuff (Sorry not a pro here), ports 53/853/953. I had to shut down my reverse proxy and block all traffic from my local gateway to the Bitwarden container port. Even when the Internet was shut down it kept trying to reach that container so I changed the container port. I disabled the port forwarding for external access to the container as well. Everything seems "normal" now. Where would you guys look to try and determine what happened ? Sorry if the post is all over the place but it mirrors my state of mind... Don't have much networking experience so I bascally kept opening everything that looked like a log and trying to make sense out of it... So I welcome any tips !