Correct me if I'm wrong but I'm thinking that those URLs do not contain the IP addresses of hosts accessing your proxy, but rather they are outbound POST requests FROM your 'clients' TO remote destinations.
This portion of the 2nd type URL you provided is typical of a 'folder' with a randomly generated name.
Folders like that are often used for legit purposes but those URLs also resemble a Slow Lorris attack. In that sort of scenario, the path and resource are arbitrary and likely don't exist. The objective is to flood the server with a bunch of requests that won't time-out, because the very end of the request header is crafted so it is purposely missing the full 0d 0a 0d 0a that the server expects.
Not really enough evidence to determine from your post.
EDIT: My first post on this forum and unfortunately, I NECROed. Sorry all.....
Last edited by bashomatic; 03-14-2017 at 06:14 PM..
Reason: Apologized for thread necro.