Proof That Christopher Lawell Owns MiyaBot and Is Therefore VegasChris

Some more has been discovered about MiyaBot, the chatbot sold by VegasChris of MoneyMakerDiscussion.com, the man who was once a VP of a mortgage company and now markets porn on the internet by means of hiring people to post fake dating ads on Craigslist. On the site uowow.com, which now has nothing but a default website page, there was once a source code repository for a Microsoft Visual Studio Solution (a collection of software development projects) with the name MiyaBot. It no longer exists but is still partly viewable in Google’s cache.

The MiyBot solution was located at http://www.uowow.com:8080/svn/CLI/AimBot/Miyabot.sln (Click to enlarge)

In the screen shot above, see that the URL given for the solution file was

http://www.uowow.com:8080/svn/CLI/AimBot/Miyabot.sln

In this path, there is a directory called svn, which stands for Apache Subversion, the name of the source code control system being used here. It’s standard practice in using Subversion to create your source code repositories in directories underneath this one. The source code repository in this case happens to be called CLI, which just happen to be the initials of Christopher Lawell Inc.

Well, it was discovered that the person who owned this server is a computer programmer who was one of Chris Lawell’s Facebook friends. It was thought that he was the person who created MiyaBot. We contacted him and asked him how he was involved with Christopher Lawell. This is a screen shot of part of the conversation. His name, picture, and other identifying information were blanked out since he doesn’t want to be associated with any illegal activities.

Conversation about Chris Lawell
More of the conversation

So this person confirms that Chris Lawell is the owner of MiyaBot, which means that Chris Lawell is VegasChris of MoneyMakerDiscussion.com.

Christopher Lawell and the CraigslistSafe.LocalSafe.org Scam: A Review of the Evidence So Far

Let’s review everything that has been discovered regarding the scam site CraigslistSafe.LocalSafe.org and Christopher Lawell over the past few weeks.

On November 17th, a post was made on this blog that showed the following:

  1. Mysafenet.net, CraigslistSafe.LocalSafe.org, and some of the other sites used for the scam were all in a DNS zone that was administered by someone with the e-mail address finishlinehosting@cli-us.com.
  2. Cli-us.com is the website for Christopher Lawell Inc (CLI). At the time, the site consisted only of a home page with his logo.
  3. There was a publicly viewable LinkedIn profile for the Christopher Lawell of Christopher Lawell Inc that showed he lived in the Las Vegas area.
  4. There was a dating scam site called CraigslistSafe.SafeAndLocal.org that was discussed on Broadbandreports.com that was registered to Christopher Lawell of Henderson, Nevada. This site was very similar to CraigslistSafe.LocalSafe.org.
  5. Christopher Lawell wrote articles showing people how to spam Craigslist, which is one of the methods used by scammers to get traffic to these fake dating sites.

That same day, a little while after this post was made, complaints about the scam were sent by e-mail to Ecatel (the ISP for the scam sites), finishlinelinehosting@cli-us.com, and ThePlanet.com (the ISP for one of the sites used for sending the scam messages). These complaints contained a link to the blog post. Within a few hours, the scam sites hosted by Ecatel were shut down and Christopher Lawell hid his LinkedIn profile and removed his company’s logo from cli-us.com.

A few days after this, Christopher Lawell’s links to these scam sites were publicized. On November 26th, after some joker made a mock Facebook profile for Chris that some of his friends saw, he wrote a letter in which he denied having taking part in the scams and also denied ever being involved in marketing porn.

First, he said that regarding the hiding of his personal information:

When someone brought to my attention several days ago your current campaign against me, I contacted my attorney and they said to “lock everything down and wait for it to blow over. Addressing these claims will only fuel the fire.” At that time I took down my image from cli-us.com and locked down my linked in account…

But this just doesn’t agree with the facts. The personal information was hidden just a few hours after the e-mail message was sent to Ecatel, ThePlanet.Com and finishlinehosting@cli-us.com informing them of the post on this blog with the evidence implicating Chris in the scam. Outside of that single post and the complaints e-mailed to the ISPs and cli-us.com, there was no mention of Christopher Lawell in regards to the the scam anywhere on the Internet.

Second, he gave this story of how the site SafeAndLocal.org got registered in his name.

Over a year ago, I had someone contact me via my web design company 350dollarwebsites.com where we register domains then design and host websites for businesses that may not have a web presence. The person said they would like to register a domain and buy a hosting account. They already were working on a web design so I registered the domain he asked for with my Go Daddy account and set up a hosting account for him. I figured, why not, it’s an easy $20. I was notified at a later date by HostGator (my webhost) that he was violating our terms of service and I promptly canceled his account and refused to refund any money. He hassled me for some time and I blocked him on IM and email and he went away., or so I thought. When the complaint showed up on the broadband reports forum, I wrote multiple letters to the admins of that site explaining the situation and asking that the thread be removed, they ignored every request.

This story makes no sense. Since he registered the domain, he owned it and controlled it. Therefore, once he had suspended the account of this alleged client of his, SafeAndLocal.org would have been shut down and it would no longer have existed by the time the thread on Broadbandreports.com was created; there would have been no site for the people in that thread to discuss.

Even though this story makes no sense, he used it as a setup for his claim of how he believes that the e-mail address finishlinehosting@cli-us.com got to be used for the administrator of the DNS zone for the scam sites.

You base the fact that I am involved in this scam because my url “@cli-us.com” was used in registering the hosting account. However, I can start a hosting account right now with your email in it and it doesn’t mean that it is your hosting account…. It appears to me that this person who signed up for the domain registration and web-hosting through 350dollarwebsites.com using faked credentials and a stolen or fake PayPal has found a way to get back at me by listing my url as his hosting contact.

To begin with, the cli-us.com address wasn’t used for the scam sites’ registration information, it was used for the administrator of the DNS zone for the sites. This information is stored in the sites’ SOA records. Registration data is easy to fake while SOA records are controlled by DNS server administrators. In addition, the SOA record for a site is rarely seen by people. The registration information is of general public interest but the SOA record is almost never looked at by anyone other than DNS server administrators. If this alleged client of Chris was looking to get back at him by stealing his personal information, putting that information in this obscure place would not have been an effective means of doing that.

Finally, Chris tried to blow off the proof that he has had experience spamming Craigslist by talking about the articles he wrote on the subject as if they were mere attempts at article marketing. He didn’t address the content of the articles, and what that content says about him, at all.

The Craigslist article you point to was an early attempt at article marketing 3 YEARS ago. If you will notice in the article, there is reference to an affiliate link that no longer even exists. As I am sure you know, 3 years on the internet is a lifetime. I have not posted on Craigslist more than 1 ad per month (probably longer) in years.

As if all of this weren’t suspicious enough, further investigation revealed that

  1. There is someone on the site Freelancer.co.nz who has the alias VegasChris, lives in Henderson, and is affiliated with the company CLI. This VegasChris has placed ads looking for people to post fake dating ads on Craigslist for him. He also placed an ad looking for someone to ghost write articles on internet gaming for him. Christopher Lawell said in his letter that he makes money from “internet marketing efforts in the online gaming vertical”.
  2. There is also someone on the site MoneyMakerDiscussion.com who uses the alias VegasChris. This VegasChris also posted ads looking for people to spam Craigslist with fake dating ads and moreover we saw that he discussed his involvement with marketing porn for the site PornProfit.com. He used to use his board posting signature to promote the company InCorp of Henderson, Nevada and he says that he used to be the VP of a mortgage company, just as Christopher Lawell once was. In addition, he once mentioned Chris Lawell’s company Clearline Media as an example of some good website design that his friend SnBirdi did.
  3. On Facebook there is a profile for a Chris Lawell who posted an advertisement for the chatbot MiyaBot on his wall back in March. VegasChris of MMD has also promoted MiyaBot a few times and is in fact the owner of the company MiyaBot. VegasChris’ friend SnBirdi, the website designer who worked on ClearlineMedia.com, also designed MiyaBot.com

Now, tell me, when we consider all of the evidence discovered, and also consider just how full of holes the explanations in Christopher Lawell’s letter were, what are we supposed to conclude?

UPDATE

It has now been confirmed that Christopher Lawell is VegasChris. See the evidence.

VegasChris of CLI in Henderson

Christopher Lawell said in his explanation that he has “not posted on Craigslist more than 1 ad per month (probably longer) in years.” Could this be because he hires others to post for him? On the site Freelancer.co.nz there is a user who goes by the name of VegasChris. His profile states that he is with the company CLI in Henderson. He has posted some interesting ads.

On 1/14/2010, he posted an ad looking for a CL, BP and other classified sites poster.

Want an experienced poster for Backpage and Craigslist. MUST be experienced and able to successfully post on both sites.

Will compensate based off responses. Starting at $75 per 1k, will pay more based off the quality of conversions.

Posts are for NSA (W4M) ad category. You must provide ad content and forward replies to specific email address I provide in real time.

Will test work with a daily payout. Would like to escalate to a regular weekly order with successful traffic.

Being able to drive traffic from additional classified sites a plus.

He later posted a similar ad on 1/19/2010. Earlier, he was looking to buy 5000 Hotmail accounts, and the last ad he posted was for a ghost writer for articles about iGaming, the industry in which Chris Lawell says he does his internet marketing business.

There’s another VegasChris on the web who places ads for Craigslist posters, VegasChris of MoneyMakerDisscusion.com. He used to use the name AnitaJohnson. This old version of his MMD profile is still in Google’s cache. To see that this is an old version of VegasChris’ profile, hover over the link labelled Find All Posts and look at the browser status bar. You’ll see that the userid for the profile is 61348, the same as the userid for VegasChris. (Click the image to enlarge it.)

When you click on the link to InCorp Entity Structuring in the cached profile’s signature, you are taken to InCorp.com, a company in Henderson, Nevada.

So this VegasChris also has a Henderson, Nevada connection and could very well be the same person as the other one.

On 4/26/2010, the MMD VegasChris posted the thread Looking for a craigslist poster.

I am looking to buy CL posting service or W4M lead provider in real time and exclusive.

Contact me via pm.

On 11/16/2009, he posted Looking for a CL poster.

Need a poster for adult content on CL.

Let me know what you charge. Would be willing to spend $200 a day (or more) for the right traffic.

Will start immediately.

On 11/3/2009, he posted Looking for a reliable poster on CL.

I am looking to hire a regular CL poster.

Can be creative when it comes to compensation. Would consider pay per post or JV per sale.

dating in W4M section. Possibly other areas.

Please pm me for discussion.

What both of these guys (and they’re probably the same person) are doing here is hiring people to spam the dating sections of Craigslist with fake ads. This is done to promote real dating sites, or to promote fake dating sites used to trick people into signing up for porn sites, and sometimes to promote just plain upfront porn sites.

Christopher Lawell, Inc.

I’ve done some more investigating of mysafenet.net and localsafe.org and it looks like I’ve found out who’s behind them.

First of all, localsafe.org, mysafenet.net, and several other servers share the name server ns1.finishlinehosting.com:

 SAMPLE OF DOMAINS USING NS1.FINISHLINEHOSTING.COM

Domain Registrar Create Date Expire Date More Information
finishlinehosting.com INTERNET.BS CORP. 2010-06-21 2011-06-21 DNS
localsafe.org Internet.bs Corp. (R1601-LROR) 2010-03-18 04:31:32 2011-03-18 04:31:32 DNS
mail4now.net INTERNET.BS CORP. 2010-03-18 2011-03-18 DNS
mail4time.org Internet.bs Corp. (R1601-LROR) 2010-10-29 04:42:25 2011-10-29 04:42:25 DNS
mysafenet.net INTERNET.BS CORP. 2010-11-01 2011-11-01 DNS
safe-local.net INTERNET.BS CORP. 2010-03-18 2011-03-18 DNS

Safe-local.net is another server that is used for the scam. It redirects to craigslistsafe.localsafe.org. Mail4now.net and mail4time.org are servers that are used for for sending spam for mysafenet.net and safe-local.net. Since these sites all share the same name server and they were all used for the scam, it’s a good bet that they are all owned by the same person.

A useful piece of information about a website is its SOA record. This record contains the e-mail address of the person responsible for administering the domain’s zone. The SOA record for mysafenet.net is this:

MYSAFENET.NET SOA RECORD

Name Server ns1.finishlinehosting.com
Email blank@cli-us.com
Serial Number 2010110101
Refresh 1 day
Retry 2 hours
Expiry 41 days 16 hours
Minimum 1 day

The e-mail address of the zone administrator is an address at cli-us.com, which is a website for Christopher Lawell, Inc.

Given its name, we’d assume that finishlinehosting.com would be the website for the hosting company used by these sites, but instead it’s a blank website. Let’s look at the SOA record for finishlinehosting.com:

FINISHLINEHOSTING.COM SOA RECORD

Name Server ns1.finishlinehosting.com
Email finishlinehosting@cli-us.com
Serial Number 2010081305
Refresh 1 day
Retry 2 hours
Expiry 41 days 16 hours
Minimum 1 day

The e-mail address of the zone administrator for this site is also an address at cli-us.com. So who is this Christopher Lawell?

Googling “Christopher Lawell” brings up a number of interesting pages. For instance there’s the LinkedIn profile of a Christopher Lawell in the Las Vegas, NV area who is a partner at Clearline Media and president of both http://www.350dollarwebsites.com and Christopher Lawell, Inc. When we Google

“Christopher Lawell” craigslist

we find some articles where he gives tips on spamming Craigslist. For instance:

http://www.articlepros.com/online_business/More-In-Internet-and-Online-Business/article-94976.html
http://make-money-online12.blogspot.com/2008/02/how-to-post-on-craigslist.html.

Doing some more searching for his name shows that it has been linked to other verification scam sites. For instance, there is this thread on broadbandreports.com:

http://www.broadbandreports.com/forum/r23659525-craigslistsafesafeandlocalorg-scam-site-or-not

The Christopher Lawell discussed in this thread had an address in Henderson, NV, which is a suburb of Las Vegas, and he was listed as the owner of craigslistsafe.safeandlocal.org, a verification scam site that is no longer active:

Domain ID:D157651283-LROR
Domain Name:SAFEANDLOCAL.ORG
Created On:21-Nov-2009 16:02:05 UTC
Last Updated On:21-Nov-2009 16:02:08 UTC
Expiration Date:21-Nov-2010 16:02:05 UTC
Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:CR29951201
Registrant Name:Christopher Lawell
Registrant Street1:318 Canyon River Court
Registrant Street2:
Registrant Street3:
Registrant City:Henderson
Registrant State/Province:Nevada
Registrant Postal Code:89012
Registrant Country:US
Registrant Phone:+1.7023358990

(The current registration information is different because the registrant acquired whois privacy protection to hide his identity.)

Not only is the name of this site very similar to craigslistsafe.localsafe.org, but SafeAndLocal.org is what is shown for the title of the page on craigslistsafe.localsafe.org:

(Click the image to see it in full size). This could be because when the current site was created, the person who set it up used a copy of the HTML for the old site and forgot to change the page’s title.

When we look at all of this evidence, though it hasn’t been proven for certain, it does appear that this Christopher Lawell is the owner of the current scam sites, too.