I Need some assistance regarding a scammer please

Does anyone know how to find out what Internet companies are in Lagos, Nigeria. Is Alstel there? Also, how can I do a reverse IP address to get more informtion if they are only using Yahoo to send mail. I have the address but I don't know if it is valid and don't know how to find out if it is. It is 24 Allen Ave,Ikeja,Lagos NG,23401 and the email he uses is [email protected] Can someone please help me. Also, can I do a reverse telephone number search on an overseas number. Thank you


Moderator edit: moved to victim support forum from the welcome to ScamWarners forum -Jillian

Unless he is hiding behind a proxy or using a special protocol, you just need to view the extended headers to get the IP you are looking for (that will also tell you who the provider is). To tell you how to show extended headers, we need to know how you are checking your email (e.g. hotmail, yahoo, outlook, etc)

Scammers tend to operate by untraceable pay-as-you-go type cell phone, so tracing is not likely. If you are asking about Stephen Frank's numbers, I can tell you this much:

2348059888899
Number billable as mobile number
Country or destination Nigeria
City or exchange location
Original network provider* Globacom Lt

I am not sure whether the other number you posted was a US number, or whether there was a country code--but if a US number it is also a mobile phone.

As far as the address goes, There is an Allen Ave in Lagos, and it constantly pops up in scams. Look at this page alone to see how many Allen Ave addresses are used in these scams.
http://www.thedailyafrican.com/nigeria/2390-lagos-nigeria-23401-Nigerian-Dating-Scam.html

However, a quick search for info about Allen Ave shows that it is a well-known commercial street, with nightclubs, hotels, etc. so the address is likely not the scammer's residence.

Thank you. He is using Yahoo. I could send you an email if you can check it for me. I don't know how to do it.

Thanks. I checked the African site and his address was not on it. I think he may be in a hotel. Is there any way to find out what hotels are on that street.

I'm not sure if I understood your question about IPs and Yahoo correctly so if I didn't, I apologize in advance.

To see the sender's IP address in Yahoo mail, click on 'Full Headers' (bottom right in Yahoo 'classic mail' message view). You'll see the full headers of the message which will contain something like

Received: from 127.0.0.1 (HELO web45903.mail.sp1.yahoo.com) (68.180.199.72) by mta181.mail.ac4.yahoo.com with SMTP; Thu, 03 Jun 2010 07:18:17 -0700
Received: (qmail 81832 invoked by uid 60001); 3 Jun 2010 14:18:16 -0000
Received: from [41.210.2.30] by web45903.mail.sp1.yahoo.com via HTTP; Thu, 03 Jun 2010 07:18:16 PDT

The one furthest down the line is the originating IP, in this case 41.210.2.30
A look up of that IP at http://whois.domaintools.com/ reveals that it's one of Ghana Telecom's dynamic ADSL addresses.

Is this of any use?

Is there any way to find out what hotels are on that street.

A Google search for 'Allen Ave Lagos Hotel' shows there are quite a few.

A little more research shows the address is a dentist's office. Not surprisingly, he is using a fake home address--scammers do tend to use fake details to avoid detection. The scammer may have a fake ID, an accomplice at WU, or simply enough info to collect the money without ID.

The real business at that location is: NENE DENTAL CENTRE, 24 ALLEN AVE., IKEJA, LAGOS. If you google the dental office, you will find several sites showing that is the address.

In order to tell you how to show extended headers, we need to know what you are using to receive your email.

This is the only header I could come up with. There are more emails but it looks like the domain might be the same.

From Stephen Frank Mon Apr 26 22:18:24 2010
X-Apparently-To: Removed @sbcglobal.net via 68.180.196.148; Mon, 26 Apr 2010 15:18:28 -0700
Return-Path: [email protected]
X-YMailISG
X-Originating-IP: [67.195.23.157]
Authentication-Results: mta164.sbc.mail.mud.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
Received: from 207.115.20.134 (EHLO flpd124.prodigy.net) (207.115.20.134)
by mta164.sbc.mail.mud.yahoo.com with SMTP; Mon, 26 Apr 2010 15:18:28 -0700
X-Originating-IP: [67.195.23.157]
Received: from n3-vm1.bullet.mail.gq1.yahoo.com (n3-vm1.bullet.mail.gq1.yahoo.com [67.195.23.157])
by flpd124.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13. with SMTP id o3QMIQ7N023801
for Removed @sbcglobal.net>; Mon, 26 Apr 2010 15:18:26 -0700
Received: from [98.137.27.132] by n3.bullet.mail.gq1.yahoo.com with NNFMP; 26 Apr 2010 22:18:25 -0000
Received: from [67.195.9.98] by t4.bullet.mail.gq1.yahoo.com with NNFMP; 26 Apr 2010 22:18:24 -0000
Received: from [127.0.0.1] by omp102.mail.gq1.yahoo.com with NNFMP; 26 Apr 2010 22:18:24 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 17007 invoked by uid 60001); 26 Apr 2010 22:18:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1272320304; bh=WrtFbK2duiB+rrnDjbpSrWzq6KPuWCexywfcuQYyrOg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=
Message-ID: <[email protected]>
X-YMail-OSG:
Received: from [41.155.88.225] by web113008.mail.gq1.yahoo.com via HTTP; Mon, 26 Apr 2010 15:18:24 PDT
X-Mailer: YahooMailClassic/10.1.9 YahooMailWebService/0.8.102.267879
Date: Mon, 26 Apr 2010 15:18:24 -0700 (PDT)
From: Stephen Frank <[email protected]>
Subject: Photos
To: Removed
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1557792724-1272320304=:13140"
Content-Length: 636224

Removed member information - Ralph

Thank you for letting me know about the address. I was using my yahoo.com but with my email address of Removed - Ralph. Could I find more info by using my ATT page?
Thanks

I am determined to catch him no matter what I have to do.

IP Information - 41.155.88.225
IP address: 41.155.88.225
Reverse DNS: dial-pool88.lg.starcomms.net.
Reverse DNS authenticity: [Could be forged: hostname dial-pool88.lg.starcomms.net. does not exist]
ASN: 33776
ASN Name: STARCOMMS-ASN (ASN for Starcomms)
IP range connectivity: 2
Registrar (per ASN): RIPE
Country (per IP registrar): *F [[AfriNIC Unlisted]]
Country Currency: Unknown
Country IP Range: 41.0.0.0 to 41.255.255.255
Country fraud profile: Normal
City (per outside source): Unknown
Country (per outside source): NG [Nigeria]
Private (internal) IP? No
IP address registrar: whois.afrinic.net
Known Proxy? No
Link for WHOIS: 41.155.88.225

I emailed Shell about the use of his fake ID. I sent all the pics to Ralph. I know he has been ill. He is so kind as are all of you. I haven't heard from them yet, but I am tempted to send the original copy to their corporate office. I don't think they would take it to kindly if they knew someone was doing this.

What do you think about it?

I looked the IP up and here is what it said:

Iinetnum: 41.155.88.0 - 41.155.88.255
netname: STARCOMMS-20081218
descr: Dial pool subnet for Lagos subscribers
country: NG
admin-c: CM9-AFRINIC
tech-c: CM9-AFRINIC
status: ASSIGNED PA
mnt-by: STARCOMMS-MNT
changed: [email protected] 20090404
source: AFRINIC
parent: 41.155.0.0 - 41.155.127.255

person: Catalin Miclaus
address: Plot 1261C, Bishop Kale Close, off Saka Tinubu
phone: +234-1-8041234
fax-no: +234-1-8110301
e-mail: [email protected]
nic-hdl: CM9-AFRINIC
source: AFRINIC
changed: [email protected] 20090413

Unbelievable.

I just looked up other address and this is what I got. Could you tell me how you found all this out so I don't feel stupid or if I get some more should I send what I got on the headers. I just got another one today.
Thanks

% Information related to '41.252.0.0 - 41.255.255.255'

inetnum: 41.252.0.0 - 41.255.255.255
org: ORG-LTaT1-AFRINIC
netname: LTT-20070612
descr: Libyan Telecom and Technology
country: LY
admin-c: KEE3-AFRINIC
tech-c: AAA48-AFRINIC
status: ALLOCATED PA
mnt-by: AFRINIC-HM-MNT
mnt-lower: LTTNET-MNT
changed: [email protected] 20070612
source: AFRINIC
parent: 41.0.0.0 - 41.255.255.255

organisation: ORG-LTaT1-AFRINIC
org-name: Libyan Telecom and Technology
org-type: LIR
country: LY
address: Libya Telecom and Technology,
address: Abusetta, Alshut Road
address: PoBox:91216
address: Tripoli,
address: LIBYA.
address: Tripli
e-mail: [email protected]
phone: +218 21 3400020
fax-no: +218 21 3400039
admin-c: TN1559-AFRINIC
admin-c: AAA48-AFRINIC
admin-c: EMA
admin-c: KEE3-AFRINIC
mnt-ref: LTTNET-MNT
mnt-ref: AFRINIC-HM-MNT
mnt-by: AFRINIC-HM-MNT
notify: [email protected]
remarks: data has been transferred from RIPE Whois Database 20050221
changed: [email protected] 20040415
changed: [email protected] 20050205
changed: [email protected] 20090118
source: AFRINIC

person: Khaled E. Eshah
nic-hdl: KEE3-AFRINIC
address: Libya Telecom and Technology
address: Abu Setta,
address: Nearby Alforusia Club, Alshut Road
address: POBox: 91612
address: Tripoli, Libya.
address: Tripoli
address: Libyan Arab Jamahiriya
e-mail: [email protected]
phone: +218 21 3400020
fax-no: +218 21 3400039
remarks: data has been transferred from RIPE Whois Database 20050221
mnt-by: LTTNET-MNT
changed: [email protected] 20040115
changed: [email protected] 20050205
changed: [email protected] 20080228
changed: [email protected] 20090118
source: AFRINIC

person: AbdulNasir A. Al-Tubuly
nic-hdl: AAA48-AFRINIC
address: Libyan Telecom and Technology
address: Abusetta, Alshut Road
address: PoBoX: 91216
address: Tripoli, Libya.
address: Tripoli
address: Libyan Arab Jamahiriya
e-mail: [email protected]
phone: +218 21 3400020
fax-no: +218 21 3400039
remarks: data has been transferred from RIPE Whois Database 20050221
notify: [email protected]
mnt-by: LTTNET-MNT
changed: [email protected] 20000113
changed: [email protected] 20030120
changed: [email protected] 20050205
changed: [email protected] 20090125
changed: [email protected] 20090309
changed: [email protected] 20100222
source: AFRINIC


Bold: Object type.
Underlined: Primary key(s).

I was using my yahoo.com

Yay! I didn't type in vain

Could I find more info by using my ATT page?

Probably not. As far as I can tell you've got the lot already, I assume ATT will just give you the same info. Headers are headers.

I emailed Shell about the use of his fake ID.

Don't expect too much of that. Virtually every major company has its name and logos abused by scammers. There's not much they can do about it (unless the scammer happens to be an employee as well). By the way, if you forward stuff like that to corporations or banks, keep using the same safe address you use with the scammer. You wouldn't be the first to have his/her private address forwarded to a scammer by a company's (not too clever) legal department. Just a tip.

I am playing his little game but I am going to use my yahoo.mail instead of ATT. Maybe the idiot will divluge more info. He told me he had a daughter by the name of Amanda. I keep asking questions, and the idiot answers them with the stupid info. We have to catch him.