Nginx fazendo pedido para / ping a cada segundo?

Estou tendo este problema, quando inicio o nginx e ele começa a enviar / receber tráfego a uma taxa de 1 GET de solicitação a cada segundo do nginx na porta 80 para /ping , mas não consigo acompanhar o que está causando isso. Alguma idéia de como rastrear qual processo está causando esse tráfego?

Amostras de log: /tmp/nginx.error.log

2011/03/31 21:30:33 [error] 6587#0: *7213 connect() to unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock failed (111: Connection refused) while connecting to upstream, client: 10.252.27.111, server: myhost.com, request: "GET /ping HTTP/1.1", upstream: "http://unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock:/ping", host: "newcaprica11"
2011/03/31 21:30:33 [error] 6587#0: *7215 connect() to unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock failed (111: Connection refused) while connecting to upstream, client: 10.204.203.236, server: myhost.com, request: "GET /ping HTTP/1.1", upstream: "http://unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock:/ping", host: "newcaprica11"
2011/03/31 21:30:34 [error] 6587#0: *7217 connect() to unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock failed (111: Connection refused) while connecting to upstream, client: 10.252.27.111, server: myhost.com, request: "GET /ping HTTP/1.1", upstream: "http://unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock:/ping", host: "newcaprica11"
2011/03/31 21:30:34 [error] 6587#0: *7219 connect() to unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock failed (111: Connection refused) while connecting to upstream, client: 10.204.203.236, server: myhost.com, request: "GET /ping HTTP/1.1", upstream: "http://unix:/home/deploy/apps/dashboard/current/tmp/sockets/unicorn.sock:/ping", host: "newcaprica11"

Log de acesso ao Nginx: nginx.vhost.access.log

10.252.27.111 - - [31/Mar/2011:21:33:23 +0000] "GET /ping HTTP/1.1" 502 728 "-" "-"
10.204.203.236 - - [31/Mar/2011:21:33:23 +0000] "GET /ping HTTP/1.1" 502 728 "-" "-"
10.252.27.111 - - [31/Mar/2011:21:33:24 +0000] "GET /ping HTTP/1.1" 502 728 "-" "-"
10.204.203.236 - - [31/Mar/2011:21:33:24 +0000] "GET /ping HTTP/1.1" 502 728 "-" "-"
10.252.27.111 - - [31/Mar/2011:21:33:25 +0000] "GET /ping HTTP/1.1" 502 728 "-" "-"

Eu substituí o nosso hostname real por myhost.com, mas o estranho é que no error.log existe o host host: "newcaprica11"

Mais detalhes:

nmap -P0 10.204.203.236

Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-31 21:38 UTC
Nmap scan report for ip-10-204-203-236.ec2.internal (10.204.203.236)
Host is up (0.00042s latency).
Not shown: 994 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
6667/tcp closed irc
8001/tcp closed unknown
8080/tcp closed http-proxy
9000/tcp closed cslistener
9090/tcp closed zeus-admin

Então, eles estão executando algum tipo de serviço da Web em 80

Além disso, um telnet revela:

telnet 10.204.203.236 80
Trying 10.204.203.236...
Connected to 10.204.203.236.
Escape character is '^]'.
GET / HTTP/1.0 

HTTP/1.1 302 Found
Server: Apache/2.2.9 (Debian) Phusion_Passenger/2.2.15
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Runtime: 310
Cache-Control: no-cache
Location: http://newcaprica9/neighborhoods
Status: 302
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 98
Date: Thu, 31 Mar 2011 21:39:16 GMT
X-Varnish: 2154834965
Age: 0
Via: 1.1 varnish
Connection: close

<html><body>You are being <a href="http://newcaprica9/neighborhoods">redirected</a>.</body></html>Connection closed by foreign host.

Então, é claro que alguns aplicativos Rails ou Rack estão executando alguma merda.