The following are related hacker IPs probably controlled by a command and control bot:
They all hit our site at the same time requesting things our server does not host.
Here's another set shortly before doing something similar, probably also related to the above:
Perhaps someone pointed a domain to the wrong IP since they were all hitting the same domain.
These IPs are all requesting php files -- the favorite language of the hacked and hackers as far as I can tell by the percentage of hacks in the logs on various types of web programming and scripting languages.