Information about misusage of


Since longer time (approx. over 2 years now) is misused on port 8080 in a continous way by a Java software from various IP addresses:
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_102)
Accept-Encoding: gzip,deflate
GET / HTTP/1.1
Host:[various-ports, mostly in range of 1200...1500]
User-Agent: Java/1.8.0_10
Log entries (after blocking User-Agent "Java") like - - [14/Nov/2020:16:35:35 +0100] "GET / HTTP/1.1" 403 209 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_102)" 8080 "" "-" 155 375 "-/-/-/-" - - [01/Sep/2021:01:19:03 +0200] "GET / HTTP/1.1" 403 199 "-" "Java/1.8.0_102" 8080 "" "-" 154 365 "-/-/-/-"

Further Analysis

Probing Attack Sequence


It looks like that the request with User-Agent and Host-Header
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_102)
is somehow the controller probe from particular IP addresses


If probing request is successful, huge amount of requests from IP addresses all over the world will start with User-Agent and Host-Header
User-Agent: Java/1.8.0_10
Host:[various-ports, mostly in range of 1200...1500]
User-Agent: Java/1.8.0_10

Client Analysis

Client OS indicators

After blocking several IPv4 ranges of some countries it turns out that clients suddenly start using 6to4 IPv6 addresses like
This 6to4 address is an indication, that the client operating system is Microsoft Windows, because this stores the encoded IPv4 address also into Interface-ID.

Client connection indicators


Several workarounds did not stop that misusage like: Following step reduced the misusage a lot


In case of any issues with blocked DNS resolution replace in your browser: ->


If I detected that one change the FQDN to "" then I will get really angry and close down the service!

Request of help

If one has any hint about the root cause, please contact me - thank you very much!
I'm also able to handout related log entries for further statistics or drill-down!
2021-10-21, webmaster at bieringer dot de

Your connection is via: IPv4
Your address:
is maintained by
webmaster at bieringer dot de
powered by Apache HTTP server powered by Linux