this one is driving me nuts - beavermails.com

HUGE server load, diff. IPs, all preceeded by google js (which is on our webpages), and then the GET entry of an ad from referrer beavermails.com.

Anyone seen this crap before? Is our server acting as proxy for them?

-Kirk

main site is www.snarfware.com

61.173.199.214 - - [22/Dec/2006:07:19:44 -0500] "GET http://www.google-analytics.com/urchin.js HTTP/1.0" 404 10844 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
61.173.199.214 - - [22/Dec/2006:07:21:24 -0500] "GET http://popunder.adsrevenue.net/links.php?data=rSe_2%2F%FE.-%2B5%7C%2A1-%24S%5C7%5D_Yq_%5DsK%7Dmj%60S%5C7%2B.%FE%2B1%FErS%5C7%26%2F%20%2B0%2C1%7B%2F2&id=haoyehua&subid=60137&tid=1163673278&clater=&m=75&o=1&c=27448&a=32769&q=6&s=%3C%3D&ah=10&al=0&l=english&campaign=&rurl=&serverfile=paypopup&ref=http%3A//beavermails.com&os=W1&bs=I2&isframe=false&bk=1&serverfile=popnetwork HTTP/1.0" 301 742 "-" "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)