Christopher Lawell, Inc.

I’ve done some more investigating of mysafenet.net and localsafe.org and it looks like I’ve found out who’s behind them.

First of all, localsafe.org, mysafenet.net, and several other servers share the name server ns1.finishlinehosting.com:

 SAMPLE OF DOMAINS USING NS1.FINISHLINEHOSTING.COM

Domain Registrar Create Date Expire Date More Information
finishlinehosting.com INTERNET.BS CORP. 2010-06-21 2011-06-21 DNS
localsafe.org Internet.bs Corp. (R1601-LROR) 2010-03-18 04:31:32 2011-03-18 04:31:32 DNS
mail4now.net INTERNET.BS CORP. 2010-03-18 2011-03-18 DNS
mail4time.org Internet.bs Corp. (R1601-LROR) 2010-10-29 04:42:25 2011-10-29 04:42:25 DNS
mysafenet.net INTERNET.BS CORP. 2010-11-01 2011-11-01 DNS
safe-local.net INTERNET.BS CORP. 2010-03-18 2011-03-18 DNS

Safe-local.net is another server that is used for the scam. It redirects to craigslistsafe.localsafe.org. Mail4now.net and mail4time.org are servers that are used for for sending spam for mysafenet.net and safe-local.net. Since these sites all share the same name server and they were all used for the scam, it’s a good bet that they are all owned by the same person.

A useful piece of information about a website is its SOA record. This record contains the e-mail address of the person responsible for administering the domain’s zone. The SOA record for mysafenet.net is this:

MYSAFENET.NET SOA RECORD

Name Server ns1.finishlinehosting.com
Email blank@cli-us.com
Serial Number 2010110101
Refresh 1 day
Retry 2 hours
Expiry 41 days 16 hours
Minimum 1 day

The e-mail address of the zone administrator is an address at cli-us.com, which is a website for Christopher Lawell, Inc.

Given its name, we’d assume that finishlinehosting.com would be the website for the hosting company used by these sites, but instead it’s a blank website. Let’s look at the SOA record for finishlinehosting.com:

FINISHLINEHOSTING.COM SOA RECORD

Name Server ns1.finishlinehosting.com
Email finishlinehosting@cli-us.com
Serial Number 2010081305
Refresh 1 day
Retry 2 hours
Expiry 41 days 16 hours
Minimum 1 day

The e-mail address of the zone administrator for this site is also an address at cli-us.com. So who is this Christopher Lawell?

Googling “Christopher Lawell” brings up a number of interesting pages. For instance there’s the LinkedIn profile of a Christopher Lawell in the Las Vegas, NV area who is a partner at Clearline Media and president of both http://www.350dollarwebsites.com and Christopher Lawell, Inc. When we Google

“Christopher Lawell” craigslist

we find some articles where he gives tips on spamming Craigslist. For instance:

http://www.articlepros.com/online_business/More-In-Internet-and-Online-Business/article-94976.html
http://make-money-online12.blogspot.com/2008/02/how-to-post-on-craigslist.html.

Doing some more searching for his name shows that it has been linked to other verification scam sites. For instance, there is this thread on broadbandreports.com:

http://www.broadbandreports.com/forum/r23659525-craigslistsafesafeandlocalorg-scam-site-or-not

The Christopher Lawell discussed in this thread had an address in Henderson, NV, which is a suburb of Las Vegas, and he was listed as the owner of craigslistsafe.safeandlocal.org, a verification scam site that is no longer active:

Domain ID:D157651283-LROR
Domain Name:SAFEANDLOCAL.ORG
Created On:21-Nov-2009 16:02:05 UTC
Last Updated On:21-Nov-2009 16:02:08 UTC
Expiration Date:21-Nov-2010 16:02:05 UTC
Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:CR29951201
Registrant Name:Christopher Lawell
Registrant Street1:318 Canyon River Court
Registrant Street2:
Registrant Street3:
Registrant City:Henderson
Registrant State/Province:Nevada
Registrant Postal Code:89012
Registrant Country:US
Registrant Phone:+1.7023358990

(The current registration information is different because the registrant acquired whois privacy protection to hide his identity.)

Not only is the name of this site very similar to craigslistsafe.localsafe.org, but SafeAndLocal.org is what is shown for the title of the page on craigslistsafe.localsafe.org:

(Click the image to see it in full size). This could be because when the current site was created, the person who set it up used a copy of the HTML for the old site and forgot to change the page’s title.

When we look at all of this evidence, though it hasn’t been proven for certain, it does appear that this Christopher Lawell is the owner of the current scam sites, too.