I have a web site that uses a couple hundred domain aliases, including franchise-dallas.info, franchise-delaware.info, and detroitfranchise.info (see more below).
I have been getting ten to twenty hits per day via Google AdWords PPC. I set up a log file so that I could see the variables in the URL.
I was surprised to see that the page is getting hit about once per minute. I looked up the IPs and they are all in China.
My site has ZERO content that would be of use to anyone outside the U.S.A.
Can you tell me why my site would be getting this type of hit? Is this normal? Is this a bot?
TIME, IP, DOMAIN, PAGE
20:9, 66.249.71.138, franchise-st-petersburg.info, Why-Buy-a-Franchise
20:13, 66.249.71.21, franchise-ok.info, Frequently-Asked-Questions-About-Franchises
20:16, 66.249.71.44, franchise-dallas.info, Frequently-Asked-Questions-About-Franchises
20:20, 66.249.71.36, franchise-delaware.info, Frequently-Asked-Questions-About-Franchises
20:21, 66.249.71.136, detroitfranchise.info, What-We-Do-Free-Franchise-Advice
20:21, 66.249.71.10, philadelphiafranchise.info, Privacy-Policy
20:21, 66.249.71.144, denverfranchise.info, Franchise-Terminology
20:22, 66.249.71.59, franchise-tx.info, Get-Started-Ask-a-Franchise-Expert
20:24, 67.195.114.240, franchise-ky.info, Franchise-Terminology
20:27, 66.249.71.138, franchise-st-petersburg.info, Why-Buy-a-Franchise
Welcome to hosting a website on its own IP address. You can put a host on a public IP nowadays and chances are you'll get hit with a scan before the end of the day, probably sooner. Often times the source is just scanning up and down the IP ranges looking for running web, mail or shell servers to attack. They may not even know your website's proper domain name.
Updating my answer since I notice its now the top site that comes up when you ask this question and similarly worded ones. So much has happened in this field since 2011, when I originally answered your question.
China has a sophisticated state funded cyberattack force that is constantly scanning most of the Internet on a daily basis looking for vulnerable website software and services. They will do repeat scans so you'll see the same IPs over and over again in your logs and site stats. This has been going on since at least as far back as the late 1990s, but in recent years has increased significantly.
Chances are your site is going to be hit by other countries and from inside the US as well by adversaries also looking for vulnerable sites, but right now China is by far the largest source of these types of attacks. As always, you should make sure your website's software is kept up to date because if you are running any vulnerable version of popular software you can bet it will be exploited quickly.
Because you're hosting a website, wait for it, on the World Wide Web. Not the United States Web.
Don't worry about it. If you really don't want China to hit your website then put appropriate firewall rules in place to block that traffic.
Many chinese people also speak the lingua-franca of the web, which is essentially english. I'd set up google analytics to track who's referring links to your site.
As long as it isn't a Denial of service situation, it might be positive for your sites.
Evik - it's possible that franchoice or bison were trying to gain organic search dominance by purchasing up multiple keyword heavy domain names and pointing them to the same codebase. They might have even promoted some of these domains by purchasing links on affiliate websites which in turn get spidered by the search robots which then show up in your log files - It's not possible to know if it's robot traffic or user traffic with only log data. You might have better luck collecting user agent data.
The Chinese are scanning / attacking everything, everywhere.
For the sites I run, I don't want any Chinese or African traffic - there's no reason for it, and so I consider any hits from there as an attack.
To accomplish the ban, I created a table to store IPs that hit the sites, and a php script that uses the geoplugin API to identify the origin of the IP. When the site is hit, the script checks the table to see if it's already there, if not it's stored. If the IP is from China or Africa, the app dies and displays "FORBIDDEN", for now. Once I'm more sure of the comprehensiveness of the code, I'll let it die silently.