Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
151.95.186.133	Italy (Pignone)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.20.195	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Lorena N. Livingston Mon Jun 22 17:26:07 2009
Return-Path: <llivingston_wt@avantgarde.de>
Authentication-Results: mta112.sbc.mail.gq1.yahoo.com from=avantgarde.de; domainkeys=neutral (no sig); from=avantgarde.de; dkim=neutral (no sig)
Received: from 151.95.186.133 (EHLO flpi193.prodigy.net) (207.115.20.195)
by mta112.sbc.mail.gq1.yahoo.com with SMTP; Tue, 23 Jun 2009 04:14:27 -0700
Received: from lqdbnh2 ([151.95.186.133])
by flpi193.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5NBDbs2029631;
Tue, 23 Jun 2009 04:14:25 -0700
Message-ID: <000701c9f399$334e5fd0$627e2c7a@avantgarde.de>
Reply-To: “Lorena N. Livingston”
From: “Lorena N. Livingston” <llivingston_wt@avantgarde.de>
To: ScamFraudAlert
Subject: Stay Hard and Last Longer in Bed!
Date: Mon, 22 Jun 2009 17:26:07 -0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 126

From: Lorena N. Livingston <llivingston_wt@avantgarde.de>
To: ScamFraudAlert.com
Sent: Monday, June 22, 2009 5:26:07 PM
Subject: Stay Hard and Last Longer in Bed!

An Incredible Canadian Pharmacy is available at your Fingertips!
No_Doctor_Needed! Click Here -> http://firmvictor.com

This spam brand has the dubious distinction of being the most heavily spammed domain our staff receives.

The “Canadian Pharmacy” titled sites are the most common. They may also be labeled “European Pharmacy” for visitors from IP addresses located outside North America.

Other sites include “PharmSite” and “best online PHARMACY.” They are riddled with identical fraudulent claims.

For simplicity, this entry refers by default to Canadian Pharmacy, but the false claims apply equally to all of these.

The copyright statement in the trailers for “PharmSite” and “best online PHARMACY” actually contains the words Copyright Canadian Pharmacy.

Visitors to these sites are cautioned against placing an unsecure order for any of the products advertised. With so much obvious fraud in the set up of the web site, any reasonable person would be justified in having doubts about passing identity and credit card details to such blatant criminals.

See Spamtracker.eu – Canadian Pharmacy

Address lookup

canonical name	firmvictor.com.
aliases
addresses	119.39.238.2 203.93.208.86 218.75.144.6 60.191.221.117 60.191.239.153 61.191.191.241

Domain Whois record

Queried whois.internic.net with “dom firmvictor.com“…

   Domain Name: FIRMVICTOR.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.SOUNDPRIZE.IN
   Name Server: NS2.SOUNDPRIZE.IN
   Name Server: NS3.GROUNDBED.COM
   Name Server: NS4.GROUNDBED.COM
   Name Server: NS5.CHANGESTORY.PL
   Name Server: NS6.CHANGESTORY.PL
   Status: ok
   Updated Date: 18-jun-2009
   Creation Date: 18-jun-2009
   Expiration Date: 18-jun-2010

>>> Last update of whois database: Thu, 25 Jun 2009 07:36:37 UTC <<<

Queried whois.namerich.cn with “firmvictor.com“…

; This data is provided by China Springboard Inc.
; for information purposes, and to assist persons obtaining information
; about or related to domain name registration records.
; China Springboard Inc. does not guarantee its accuracy.
; By submitting a WHOIS query, you agree that you will use this data
; only for lawful purposes and that, under no circumstances, you will
; use this data to
; 1) allow, enable, or otherwise support the transmission of mass
; unsolicited, commercial advertising or solicitations via E-mail
; (spam); or
; 2) enable high volume, automated, electronic processes that apply
; to this WHOIS server.
; These terms may be changed without prior notice.
; By submitting this query, you agree to abide by this policy.

 DomainName : firmvictor.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS2.SOUNDPRIZE.IN
Name Server......................NS6.CHANGESTORY.PL
Name Server......................NS4.GROUNDBED.COM
Name Server......................NS5.CHANGESTORY.PL
Name Server......................NS1.SOUNDPRIZE.IN
Name Server......................NS3.GROUNDBED.COM
Status...........................ok
Creation  Date ..................2009-06-18
Expiration Date .................2010-06-18
Last Update  Date ...............2009-06-18

Registrant ID ...................V-X-57697-13132
Registrant Name .................GU FEI
Registrant Organization .........GU FEI
Registrant Address ..............FUZHOUGUANGCHANG29
Registrant City..................FZ
Registrant Province/State .......FJ
Registrant Country Code .........CN
Registrant Postal Code ..........350019
Registrant Phone Number .........+86.059175695124
Registrant Fax ..................+86.059175695124
Registrant Email ................baijakdfe@yeah.net

Administrative ID ...............V-X-57697-13132
Administrative Name .............GU FEI
Administrative Organization .....GU FEI
Administrative Address ..........FUZHOUGUANGCHANG29
Administrative City..............FZ
Administrative Province/State ...FJ
Administrative Country Code .....CN
Administrative Postal Code ......350019
Administrative Phone Number .....+86.059175695124
Administrative Fax ..............+86.059175695124
Administrative Email ............baijakdfe@yeah.net

Billing ID ......................V-X-57697-13132
Billing Name ....................GU FEI
Billing Organization ............GU FEI
Billing Address .................FUZHOUGUANGCHANG29
Billing City.....................FZ
Billing Province/State ..........FJ
Billing Country Code ............CN
Billing Postal Code .............350019
Billing Phone Number ............+86.059175695124
Billing Fax .....................+86.059175695124
Billing Email ...................baijakdfe@yeah.net

Technical ID ....................V-X-57697-13132
Technical Name ..................GU FEI
Technical Organization...........GU FEI
Technical Address ...............FUZHOUGUANGCHANG29
Technical City...................FZ
Technical Province/State.........FJ
Technical Country Code ..........CN
Technical Postal Code ...........350019
Technical Phone Number ..........+86.059175695124
Technical Fax ...................+86.059175695124
Technical Email .................baijakdfe@yeah.net

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “119.39.238.2“…

inetnum:      119.39.232.0 - 119.39.239.255
netname:      yueyang
country:      CN
descr:        CNC Group HuNan YueYang network
descr:        SanHui building ,WuLiPai Street,
descr:        YueYang 411104
admin-c:      CH444-AP
tech-c:       CH444-AP
status:       ASSIGNED NON-PORTABLE
changed:      zoulei@chinaunicom.cn 20081215
mnt-by:       MAINT-CNCGROUP-HN
source:       APNIC

route:        119.39.0.0/16
descr:        CNC Group CHINA169 Hunan Province Network
country:      CN
origin:       AS4837
mnt-by:       MAINT-CNCGROUP-RR
changed:      abuse@cnc-noc.net 20080102
source:       APNIC

person:       CNCGroup Hostmaster
nic-hdl:      CH444-AP
e-mail:       abuse@cnc-noc.net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
phone:        +86-10-82993155
fax-no:       +86-10-82993144
country:      CN
changed:      abuse@cnc-noc.net 20041220
mnt-by:       MAINT-CNCGROUP
source:       APNIC

DNS records

DNS query for 2.238.39.119.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
firmvictor.com	IN	A	218.75.144.6	10800s	(03:00:00)
firmvictor.com	IN	A	119.39.238.2	10800s	(03:00:00)
firmvictor.com	IN	A	203.93.208.86	10800s	(03:00:00)
firmvictor.com	IN	A	60.191.221.117	10800s	(03:00:00)
firmvictor.com	IN	A	60.191.239.153	10800s	(03:00:00)
firmvictor.com	IN	A	61.191.191.241	10800s	(03:00:00)