Friday, March 12, 2010


Over the past week, I have gotten numerous hits (more than a dozen) from the same IP address in Washington, DC. All of the hits have been to THIS page on my Blog, and no other identifying information is available (like domain name) about the visitor. In fact, the hits all look like this:

A WHOIS search of the IP yields the following:
OrgName: Verizon Internet Services Inc.
Address: 1880 Campus Commons Dr
City: Reston
StateProv: VA
PostalCode: 20191
Country: US

NetRange: -
NetHandle: NET-173-64-0-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
RegDate: 2008-08-11
Updated: 2009-10-14

OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711

OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: 800-243-6994

# ARIN WHOIS database, last updated 2010-03-11 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
# ARIN WHOIS data and services are subject to the Terms of Use
# available at

This IP range is Verizon's FIOS network, but I find it curious that all identifying information is "Unknown". The typical network gateway for a Class C network would be x.x.x.1, and a TraceRoute of assumed gateway resolves to Hostname "". A Google search of associates to "", which discovers a company called MarkMonitor, an internet brand watching and fraud prevention security company.

Which I find a little odd...

My questions for you, Mr. Anonymous Visitor, are: "Who are you?", "Why do you keep coming back to THAT PARTICULAR post?", and "What is your goal in doing so?"

Is there a networking professional among my scant few readers who can shed some light on how a domain user can mask itself to prevent source location from providing backtracking information? If so, who are the most likely people to use such a mask?

I am getting more curious by the day on this one...




Welshman said...

Very odd, indeed. In fact, lots of very odd things are going on these days, at the hands of the Feds.

Tam said...

Mobile devices usualy turn up with a lot of "unknowns". Satellite broadband users even turn up as "unknown country".

Personally, I think you're reading way too much into this.

(For example, 'way back when I first started blogging, I was getting hits from the Treasury Dep't's Office of Asset Forfeiture.

As it turns out, one of the guys I used to know from TFL had moved out East after graduating from Purdue and was doing contract programming for the Treas.)

Not to beat a dead horse, but if you were being scrutineered by "Them", they wouldn't be showing up in your site meter at all.

Newbius said...


I understand that, what with Einstein and Echelon and all that. I wouldn't expect an "official" scrutiny to arrive in my SiteMeter. They have other ways of monitoring "us subversives". ;)

I really DO find it curious that I am getting a lot of direct hits, from DC, on that post. Whether it is from an internet security firm, or a K-Street lobbyist, or just from someone with an extreme interest in tactical gear who doesn't know how to bookmark a page still remains to be seen.

I bring it up because my recent traffic has been heavy on Anonymous/Unknown Network and is well in excess of my normal daily hit counts. Normally, the Unknown Network-type hits amount to <2% of my count. Right now, they are up over 25%.

Since I am nowhere near as interesting as you are, it just makes me wonder why all of the attention, all-of-a-sudden. Now, if the hits from these IPs read the rest of the blog too, I wouldn't wonder quite as much. The pattern is off.

Right now I am curious, not worried.