How to catch the source of the request on the VPS?

Good afternoon. A VPS ( Debian 9.5 + PHP 5.6 FastCgi). It is a PHP script. Looking into access log I see that about every 10 minutes where it is query of the form:
{VPS IP address} - - [{date}] "GET / HTTP/1.0" 200 8184 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36"

If index.php to register logging the $_SERVER / $_POST / $_GET etc., it is not empty $_SERVER
var_export $_SERVER

<?
'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
'CONTENT_LENGTH' => '0',
'SCRIPT_NAME' => '/index.php',
'REQUEST_URI' => '/',
'QUERY_STRING' => ",
'REQUEST_METHOD' => 'GET',
'SERVER_PROTOCOL' => 'HTTP/1.0',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'REMOTE_PORT' => '40638',
'SCRIPT_FILENAME' => '{path to index}/index.php',
'CONTEXT_DOCUMENT_ROOT' => '{path to domain}',
'CONTEXT_PREFIX' => ",
'REQUEST_SCHEME' => 'http',
'DOCUMENT_ROOT' => '{path to domain}',
'REMOTE_ADDR' => '{VPS IP address}',
'SERVER_PORT' => '80',
'SERVER_ADDR' => '127.0.0.1',
'SERVER_NAME' => '{domain}',
'SERVER_SOFTWARE' => 'Apache/2.4.25 (Debian)',
'SERVER_SIGNATURE' => '<address>Apache/2.4.25 (Debian) Server at {domain} Port 80</address>
'HTTP_ACCEPT_ENCODING' => 'gzip',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36',
'HTTP_CONNECTION' => 'close',
'HTTP_X_FORWARDED_PROTO' => 'http',
'HTTP_X_FORWARDED_PORT' => '80',
'HTTP_X_FORWARDED_FOR' => '{VPS IP address}',
'HTTP_X_REAL_IP' => '{VPS IP address}',
'HTTP_HOST' => '{domain}',
'FCGI_ROLE' => 'RESPONDER',
'PHP_SELF' => '/index.php',
'REQUEST_TIME_FLOAT' => 1576834809.0801599,
'REQUEST_TIME' => 1576834809,


Kron task is not created
The host says that the problem is somewhere in the scripts. Then in php such a call by itself ?
April 3rd 20 at 18:53
3 answers
April 3rd 20 at 18:55
Stupid search your code for http requests
April 3rd 20 at 18:57
Someone makes an http request to your website. What exactly surprises you?
Who (user-agent) and where (IP) are indicated. Although it is possible to forge.
Maybe some third-party monitoring service.
The IP of my VPS , i.e. the request comes from the inside ... no more no disk imaging: who / where and why - martin.Medhurst26 commented on April 3rd 20 at 19:00
Perhaps some kind of monitoring service from host. And some of the technical support staff do not know about. - consuelo_Gorczany commented on April 3rd 20 at 19:03
@consuelo_Gorczany, about monitoring - option - martin.Medhurst26 commented on April 3rd 20 at 19:06
April 3rd 20 at 18:59
{VPS IP address}

you see here the address of your server?
Yes, where usually the IP of the one who asks for something - martin.Medhurst26 commented on April 3rd 20 at 19:02
interesting!
and the rest of the lines log client address normal?

Kron task is not created

it can be at the system level, and applications (e.g. Wordpress). Checked all?

How to find who? I have disabled for 10 minutes, the network and looked at disappeared if this request.
If you cannot turn off, probably to run a sniffer and analyze. - adeline.Kemmer commented on April 3rd 20 at 19:05
and the rest of the lines log client address normal?

Yeah, bots / users, etc ... but if you filter on the IP of the server , there is some sort of activity inside the VPS , the initiator of the PHP process.

About the internal chronotopic functions - as I understand the process of it all - to run should be an external initiator - PHP script can't call itself just like that ? - martin.Medhurst26 commented on April 3rd 20 at 19:08
About the internal chronotopic functions - as I understand the process of it all - to start must be external initiator

Yes, should be the initiator or crowns, or the webserver. - adeline.Kemmer commented on April 3rd 20 at 19:11

Find more questions by tags PHPHosting