enigma1 - 9:45 pm on Apr 22, 2011 (gmt 0)

people from Belarus suddenly take an interest in page B

I don't think they do. Concentrate on the queries, at least in my case various visits sole purpose is to scrap content, hack the site and/or spam the forms in every way possible.

Some of the ips are returning funny DNS names which are forged of course and they may come from every country you can imagine typically via a hijacked system. In most cases it's fully automated.

Although the majority may seem to come from outside NA or Europe, it just tells me the user awareness on some countries is either lower than in US for example, or just the cost of security/original software is much higher and people can't afford it, they prefer the "risk it for free" way, which leads lots and lots of machines to structure various botnets for shady purposes.

You can also input some ips to several anti-spam services like SC and check the status of it. Sometimes I will enter a couple of them as their system may check for a compromised PC based on the open ports. When I see someone checking out or submitting a form and I am not quite sure of their intentions.

Other times just the ip blacklisted databases will do, or I will have the server doing a port scan on the standard HTTP ports given an IP. If they're open something isn't right.