Got it, came from nanog, originated from DISA (purportedly, anyways):
Received: from 198.26.130.36 by by13fd.bay13.hotmail.msn.com with HTTP;
Wed, 17 Mar 2004 21:10:38 GMT
#whois 198.26.130.36
OrgName: The Defense Information Systems Agency
OrgID: DISA
Address: DISA/DSSO/JCLCC
Address: Room BF655A, The Pentagon
City: Washington
StateProv: DC
PostalCode: 20301
Country: US
NetRange: 198.25.0.0 - 198.26.255.255
CIDR: 198.25.0.0/16, 198.26.0.0/16
NetName: NETBLK-DISA-C
NetHandle: NET-198-25-0-0-1
Parent: NET-198-0-0-0-0
NetType: Direct Allocation
NameServer: AAA-KELLY.NIPR.MIL
NameServer: AAA-VAIHINGEN.NIPR.MIL
NameServer: AAA-WHEELER.NIPR.MIL
NameServer: AAA-VIENNA.NIPR.MIL
I *think* I loaded the page in lynx before it got rate-limited, and lynx
flashed through a whole mess of fast redirects before faulting out. No
logs, unfortunately.
Just a question: is this the chinese year of the immature script kiddie
or something?