Freaked out by "impossible click" in logs

It might be some security software on your system or in your network which inspects if the URL's you visit are harmful. They often do their visits from systems which are not obviously associated with security companies, since attackers often try to serve innocent content if they detect a bot from a security company. Thus, instead of trying to find any malware, try to disable all security software on your system or inside your network and see if the problem vanishes.


We've seen behaviour like this on our servers (some years ago): some automated process attempted to replay each request made by a logged in user.


In our case the service required TLS for the login-pages, but allowed logged-in users to continue their session on non-HTTPS pages. However, the session identifier changed on every request, while used session identifiers remained valid for some seconds after the first time they were sent back to the server (to mitigate latency problems).

When the pattern you describe was noticed, we did some investigating on who or what was the source of the repeat request. When we lowered the invalidation timeout for re-used session identifiers, it quickly became clear that all requests for certain users were repeated, but that the pattern only came up for a distinct subset of users.

It turned out that the common factor for this distinct subset of users was that they all were in China. We assumed it was a feature of China's great firewall, switched the whole service to (mandatory) HTTPS and the repeat requests stopped.


So, long story short, since you're connecting to your remote PHP-script over a non-TLS connection, anyone, including many automated processes, could be listing in on your request. This could be nefarious, but could just as easily be a security feature (such as anti-malware detection, etc.) somewhere.

Switch to HTTPS and see if it continues. If it stops, you solved the issue. If it continues, your requests are being intercepted at one of your endpoints (your server or your local machine).