Good morning people, I am looking at the Apache access from an online server hosting one of my apps and I am noting some interesting entries, some I have never seen before, something like this: A normal user legit-ip-here - - [08/Nov/2013:06:15:14 -0800] "GET /index.php/auth/login HTTP/1.1" 200 6360 "http://www.myaddress.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)" A normal bot 101.226.68.137 - - [08/Nov/2013:04:02:16 -0800] "HEAD / HTTP/1.1" 302 - "-" "DNSPod-Monitor/1.0" A weird bot crawl-66-249-66-27.googlebot.com - - [08/Nov/2013:13:06:43 -0800] "GET /robots.txt HTTP/1.1" 200 46 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; + http://www.google.com/bot.html)" A normal malicious access (malicious because they are accessing stuff I don't have on that server) 114.221.91.40 - - [08/Nov/2013:07:10:22 -0800] "GET /.7qcjnc/km-qcjnc.mp3 HTTP/1.1" 404 2677 "http://www.wang-nan.cn/" "Mozilla/4.0 (compatible; MSIE 9.10; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" A weird malicious access h18811653206.rev.rootvps.pl - - [09/Nov/2013:01:02:11 -0800] "GET /video.php?vid=38932 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" static.focured.net - - [09/Nov/2013:01:04:44 -0800] "GET / HTTP/1.1" 302 20 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)" poczta.chmuri.net - - [09/Nov/2013:01:04:22 -0800] "GET /video.php?vid=38929 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" Now, its the "weird malicious attacks" that have me piqued. Instead of having an IP address in the first column, they have some sort of domain name. Has anyone encountered this before?