I found following entry in my access.log
115.231.222.40 - - [02/Oct/2015:07:57:11] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8936631410048374 HTTP/1.1" 302 160 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
What does it mean? Do I have to worry?
It looks like a spambot trying to send an invalid request, or possibly to see if your server is misconfigured to allow proxying.
Do you have to worry? I find it a bit strange that a 302 status code is returned, as in 302 Found, I would expect such request to generate a 404 Not Found, or maybe 400 Bad Request or 403 Forbidden, but, in general, these kinds of requests should not cause much worry with properly configured modern servers.
(In your situation, I would guess that a 302 is returned because you redirect 404 pages to a single "not found" page? If so, then, yes, you do have to worry in regards to the usability of your site, because that's not a good practice, as the user has no chance to easily correct a mistyped URL, since it just disappears into thin air, and they'd have little clue as to what's wrong.)
I'm seeing the same on a local server. The originating IP is listed as a probably bot on a Chinese ISP. It is probably part of an automated scan for a DDOS amplification attack against qq.com, which is some sort of Chinese web-mail provider. Judging by the URL there is probably a known exploit (tying up CPU-time?) against their web-server installation.
Lots of "probable" reasons, should you worry? - no, but make sure that you are not forwarding the request to the actual target domain.
I have been getting these requests to my apache server every couple of hours on a daily basis for several months, with a differing id every time. Reports to the listed domain abuse departments for the source IP 115.230.124.164 and zc.qq.com all constantly fail.
I have deployed a rewrite rule sending all hits from the IP back to iself.
