Looking at an incredibly poorly formatted phish for Chase Bank, I find the
following stuff after the closing </html> tag:
<!-- text below generated by server. PLEASE REMOVE -->
<!-- Counter/Statistics data collection code -->
<script language="JavaScript"
src="http://hostingprod.com/js_source/geov2.js";></script>
<script language="javascript">geovisit();</script><noscript>
<img src="http://visit.webhosting.yahoo.com/visit.gif?us1142376053";
alt="setstats" border="0" width="1" height="1"></noscript>
<IMG SRC="http://geo.yahoo.com/serv?s=76001524&t=1142376053&f=p6w8"; ALT=1
WIDTH=1 HEIGHT=1>
![http://visit.webhosting.yahoo.com/visit.gif?us1142376053"](http://visit.webhosting.yahoo.com/visit.gif?us1142376053"){kind=link}