strange.

"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
Sgrunt¦V109¦267¦S-732210569¦dial; snprtz¦T15415600000070¦2600#Service Pack 2#2#5#1)"

Sgrunt is a dialer.
[www3.ca.com ]

Maybe snprtz is some sort of malware too.

Like you I found lots of log entries pairing up snprtz with numbers, and also as "snprtz¦dialno", so along those same lines...

1.) Spyware Nuker has a page [nuker.com] showing that "Downloader.NewDial" may create files containing both the snprtz and sgrunt terms...

(Emphasis mine)
>>
NewDial might create following folders (and inject its files inside the folders):

* %APPDATA%\sgrunt

[...]

NewDial might create following registry values:

* HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform¦snprtz*
<<

2.) Symantec also has a page [securityresponse.symantec.com] about how to remove "Dialer.NewDial" -- but I'm not sure if that's related or not.

(I'm glad I'm a Mac person:)

The first UA (visitor and IP range) has visited one of my sites three times and the same pages (the directory has mutiple pages that were too large for a single web page.)

The refer's and searches were content specific and related to my websites. Viewed images as well.

The second UA came in on a mispelled word. Normally I wouldn't thing nothing of it, however this mispelled word was a famous gorilla that way swiping at airplanes like humans swat at flies :)
My page has a paragraph reagrding a one-time baseball player who was hung with the gorilla nick-name.

BTW, I've corrected the numerous mispellings on the specific page.

I may deny the UA of this threads subject line,
Assuredly I'll ad grunt.

Many thanks to everybody for the feedback.

Don

I think you're seeing visitors whose computers have been infested by sgrunt.

Anything 'in common' between the IP addresses, as in country?

Jim

Pardon me if I'm missing something here but --

Why deny visitors whose computers appear to be beset by malware? Because from what I skimmed about the dialer(s), they're problematic for the affected user but that's about it.

(I'd just hate to see innocent visitors who are already getting victimized without their knowledge also getting denied access without having a clue as to why. Not that it's incumbent upon any site to tell them why but you know what I mean.)

Anything 'in common' between the IP addresses, as in country?

Hey Jim,
The on topic visits were from an adjoining state.
The today's "gorilla" straggler from Canada.

(I'd just hate to see innocent visitors who are already getting victimized without their knowledge also getting denied access without having a clue as to why. Not that it's incumbent upon any site to tell them why but you know what I mean.)

Pfui,
Once an innocent person visits my websites they are corrupted for ever ;)
I'm not sure how I'd tell a visitor anything (with the exception of we're closed or keep_out).

Hell! No matter how many instances of, or how hard I try?
I'm unable to enhance visitors of the search benefits of using quotes with "proper names". (which would cut my visitor logs and pages viewed by 50-75%.)

I've thought of devising a rocket with a arm on it that comes shooting out of the monitor and wedges itself under the visitors backside, then lifts them up about two-foot out of their chair! Then the arm comes out and bashes their head into their own monitor ;)

Innocence in today's world? ;)

Don