The telus apache log entires, that originally alerted me to the issue: 208.38.59.161 - - [06/Jul/2012:08:05:04 -0700] "GET /~doug/network/reverse_ssh_tunnel/index.html HTTP/1.1" 200 2773 "http://support.clean-mx.de/clean-mx/phishing.php?response=alive&email=abuse@telus.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; .NET4.0E)" 208.38.59.161 - - [06/Jul/2012:08:16:11 -0700] "GET /~doug/network/reverse_ssh_tunnel/index.html HTTP/1.1" 304 213 "http://support.clean-mx.de/clean-mx/phishing.php?response=alive&email=abuse@telus.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; .NET4.0E)" 208.38.59.163 - - [06/Jul/2012:08:19:58 -0700] "GET /~doug/network/reverse_ssh_tunnel/index.html HTTP/1.0" 200 5683 "http://support.clean-mx.de/clean-mx/phishing.php?response=alive&email=abuse%40telus.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MS-RTC LM 8; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 208.38.59.161 - - [06/Jul/2012:08:22:05 -0700] "GET /~doug/network/reverse_ssh_tunnel/index.html HTTP/1.1" 304 213 "http://support.clean-mx.de/clean-mx/phishing.php?response=alive&email=abuse@telus.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; .NET4.0E)" 208.38.59.161 - - [06/Jul/2012:08:22:44 -0700] "GET /~doug/network/reverse_ssh_tunnel/index.html HTTP/1.1" 304 213 "http://support.clean-mx.de/clean-mx/phishing.php?response=alive&email=abuse@telus.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; .NET4.0E)" The following entry was a few minutes after my e-mail to abuse@telus.net: 208.38.59.161 - - [06/Jul/2012:11:27:50 -0700] "GET /~doug/network/reverse_ssh_tunnel/index.html HTTP/1.0" 200 5683 "http://support.clean-mx.de/clean-mx/phishing.php?response=alive&email=abuse@telus.com" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; InfoPath.2)" The reverse lookups: doug@doug-64:~$ nslookup 208.38.59.161 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: 161.59.38.208.in-addr.arpa name = stop.nssi.telus.com. doug@doug-64:~$ nslookup 208.38.59.163 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: 163.59.38.208.in-addr.arpa name = merge.nssi.telus.com.