<HTML> <HEAD> <TITLE></TITLE></HEAD><BODY BGCOLOR="#ffffff" LINK="#3366cc" ALINK="#ff0000" VLINK="#336699"><P><CENTER><A HREF="http://hostingprod.com/@upgradingyourbrowser.com/logos/more.php?m=ccccc.cccc.ccc"><IMG SRC="http://hostingprod.com/@upgradingyourbrowser.com/logos/images/top.gif" WIDTH="504" HEIGHT="175" ALIGN="BOTTOM" BORDER="0"><IMG SRC="http://hostingprod.com/@upgradingyourbrowser.com/logos/images/mid.gif" WIDTH="504" HEIGHT="121"ALIGN="BOTTOM" BORDER="0"><IMG SRC="http://hostingprod.com/@upgradingyourbrowser.com/logos/images/bottom.gif" WIDTH="504"HEIGHT="135" ALIGN="BOTTOM" BORDER="0"></A></CENTER></P><P><CENTER><FONT COLOR="#666666" SIZE="-2" FACE="Tahoma">If youwould like to be removed from our mailing list, <BR>please DO NOT reply to this email. Instead, </FONT><B><FONT SIZE="-2" FACE="Tahoma"><A HREF="http://hostingprod.com/@upgradingyourbrowser.com/removerequest.html">Click Here.</A></FONT></B></CENTER></BODY></HTML>

========================================

Here is the Header too:

=========================================

Return-path: <netmail4@earthlink.net>
Envelope-to: xxxx.xxx.com
Delivery-date: Wed, 28 Jan 2004 12:38:32 -0500
Received: from [200.104.41.60] (helo=CM600-iqui1-41-60.cm.vtr.net)
by panda.dns-nac-zone.com with smtp (Exim 4.24)
id 1Alte2-0001TL-If
for xxxx.xxxx.com; Wed, 28 Jan 2004 12:38:31 -0500
Received: from 156.104.142.52 by web104.mail.earthlink.com; Wed, 28 Jan 2004 23:35:34 +0600
Message-ID: <AUFJEHFFAERSPYLDLKPDTIUN@earthlink.net>
From: "Logo Design Company" <netmail4@earthlink.net>
To: xxxx.xxx.xom
Subject: Logo Design
Date: Wed, 28 Jan 2004 12:35:34 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--902645938134345847"
X-CS-IP: 126.86.49.200

Thanks
Simon

REPORT SPAM TO: JPEEBLES@WM.COM (156.104.142.52)

They are still spamming - p6.hostingprod.com. From spam to fraud to PayPal and eBay phishing. Seriously p!ssing me off!

They are still spamming - p6.hostingprod.com. From spam to fraud to PayPal and eBay phishing. Seriously p!ssing me off!
The domain hostingprod.com goes to Yahoo GeoCities.

Wow, this is a post from the past ;)

Very unfortunate these people haven't been stopped.

between hotmail + yahoo they quite happily host some of the worst spammers on the net..

surprised only 1 of its virtual ips are blocked by sorbs..

I get spam from them every single day - multiple times. Complete disgrace on Yahoo's part.

Traceroute shows upgradingyourbrowser.com at 69.25.142.9
ARIN whois shows 69.25.142.9 part of netblock registered to internap.com.
LACNIC whois shows 200.104.41.60 is part of netblock registered to vtr.net in Chile.
Since the posted spam data is pretty old, there is no point in forwarding this particular spam to those particular abuse departments.

Some techniques and links to useful tools for working up fresh spam can be found at:
http://www.martingrumet.com/spampage.html

The stuff before the @ in the URL is just camouflage. It's what's after that counts. Or at least it used to. Today browsers have mostly been upgraded to stop working with it.
I have never seen spam or spampages genuinely hosted by Hotmail, although hotmail.com has often been seen in forged return addresses. I have seen phishing sites registered and hosted with Yahoo. Yahoo's abuse department ignores these as long as the spam wasn't sent from Yahoo. This is why if you see a phishing site spoofing Ebay, Paypal, or some bank, it is a good idea to forward to their security department. The address can usually be found from links to their homepage. They usually have the motivation to investigate, and they will lean on laissez faire hosts like Yahoo.