alldig

Return-Path: <pejudgem@tmz.tmzhosting.com>
Received: from smtp6.hushmail.com (smtp6.hushmail.com [65.39.178.137])
by imap9.hushmail.com (Cyrus v2.2.12-Invoca-RPM-2.2.12-8.1.RHEL4) with LMTPA;
Thu, 04 Sep 2008 16:06:54 +0000
X-Sieve: CMU Sieve 2.2
Received: from tmz.tmzhosting.com (2a.88.5546.static.theplanet.com [70.85.136.42])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp6.hushmail.com (Postfix) with ESMTP
for <admin@domainhighway.com>; Thu, 4 Sep 2008 16:06:52 +0000 (UTC)
Received: from pejudgem by tmz.tmzhosting.com with local (Exim 4.69)
(envelope-from <pejudgem@tmz.tmzhosting.com>)
id 1KbFih-00039Q-1s; Thu, 04 Sep 2008 09:21:59 -0500
To: admin@domainhighway.com
Subject: Transfer of ese.com
X-PHP-Script: www.foolex.com/fake/ese/email.php for 91.98.154.140
From: "colin.finnan@sedo.com" <colin.finnan@sedo.com>
Reply-To: "colin.finnan@sedo.com" <colin.finnan@sedo.com>
To:<admin@domainhighway.com>
Mime-Version: 1.0
Content-type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
Message-Id: <E1KbFih-00039Q-1s@tmz.tmzhosting.com>
Date: Thu, 04 Sep 2008 09:21:59 -0500
X-TmzHosting-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 1KbFih-00039Q-1s
X-TmzHosting-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-TmzHosting-MailScanner-SpamCheck:
X-TmzHosting-MailScanner-From: pejudgem@tmz.tmzhosting.com
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tmz.tmzhosting.com
X-AntiAbuse: Original Domain - domainhighway.com
X-AntiAbuse: Originator/Caller UID/GID - [32209 32212] / [47 12]
X-AntiAbuse: Sender Address Domain - tmz.tmzhosting.com

It looks like the guy used www.foolex.com/fake/ese/email.php to generate/send the email. If you click on that link the same exact email that I received on Sept 4th will be sent to admin@domainhighway.com

__________________
-Mike