Here's what I've seen so far:
Web Sniffer Proxy
Both of those links just show a few of my firewall entries. I give feeds of my logs to several organizations to assist in monitoring internet-wide attacks and trending.
My Snort logs show a different story (IDS logs always do, when comparing to firewall logs). What I'm seeing are SNMP-type scans, which are probably NMAP scans. What's weird is that the scans originate from IP 18.104.22.168:80. Visiting that page with http://web-sniffer.net, I see an unconfigured/new server account:
class="welcomeText">Server Default page class="descriptionText"> If you see this page it means: 1. hosting for this domain is not configured or 2. there's no such domain registered in Plesk
The above is usually an indicator of badness...it appears that someone may have purposely stood up this account to use maliciously. All they need is a running web server, and the fact that I'm seeing what I am is an indication that the web server is up and running (I also got an HTTP status code of '200').
I'll keep monitoring this activity, although the activity is fully blocked (the whole network range is blocked).