Unlocking a Mystery: Finding phone number and real identity of a Nepali with just a Selfie and Three Digits of ph number

Unlocking a Mystery: Finding phone number and real identity of a Nepali with just a Selfie and Three Digits of ph number

Unlocking a Mystery: Finding phone number and real identity of a Nepali with just a Selfie and Three Digits of ph number

**Background:** I encountered someone on Snapchat, and during our conversation, s/he challenged me to prove my claim of being a computer nerd. S/he was a completely random stranger whom I knew nothing about. I’m sharing this post to illustrate how easily publicly available information can be utilized to trace someone. Furthermore, s/he gave me a deadline of five days. I’m the type of person who can’t resist a challenge.

As a courtesy and a hint to make my task somewhat more manageable, s/he shared his/her facial snap and the first three digits of his/her phone number. I’d like to clarify upfront that every detail I’ll mention here is not about him/her specifically, but rather rough data to facilitate comprehension. So, I had the following:

* Face snap
* The first three digits of the phone number
* Snapchat username (which turns out to be his/her fake account)

The first thing I did was search for that username everywhere, and I came to know that the username was not of any use for me. Also, my senses started to feel that his/her Snapchat ID was fake, and there was no way she would be using his/her real name on it.

While talking with him/her, I started to gather a little personal information about her, like what she was doing and how her life was going. I found out she was preparing for her MBBS exam, which gave me the next steps. Joining different Facebook groups where people posted updates about that particular MBBS entrance exam, I went to the members’ section and searched there with her Snapchat profile name. There were many results with that name, and what I did was filter the IDs with that name that seemed to be real IDs, i.e., those with real identities and posts. With this, I filtered one ID that had nothing on it and had the same name as that of Snapchat’s profile name. I was kind of skeptical because when people make fake IDs on different platforms, they tend to use the same name.

Checking out that profile fully, I started to search if I could find some details, and to my surprise, his/her “likes” list was public, as it is for most of us on Facebook. We never even bother about that setting. S/he had liked different pages, and on hovering, I came to know s/he had liked his/her original Facebook ID. I knew that was his/her ID because I could match up the face that s/he sent me. Also, his/her name was different. This was the first milestone for me.

Now, the most difficult part was to know his/her phone number. After that, I used his/her original ID and went to “forgot password” in hopes that I may find hints about his/her email address/the last two digits of his/her phone number. But it did not work. S/he neither had the number connected nor that email with those hashes anything to be guessed. It was completely different from his/her name/surname initials. So, I was out of luck here.

Learning that his/her original Facebook ID was made many years ago, and in my country, it is almost like a trend that we forget whatever email we used when creating Facebook and never even care about that. Then, we end up creating a new email address. Then, I started to guess the most common format we use in our country to make up our email address, i.e., \[FIRST NAME\]{+/.}\[LAST NAME\]{+/.}\[YEAR OF BIRTH\], etc.

Then, I went to Snapchat’s “forgot password” and saw if it was there; it was, but that was of no use to me. I could not find her real Snapchat username in this email as I am pretty sure that setting was turned off. Now, all I had was to use the “forgot password” option of Gmail itself. Using this, I got to know the last two digits of her number, but I would say I approached it with a hit-and-trial method as the number she put there might not be the same as what she challenged me to find out. Now, I had five out of 10 digits of her number, which resulted in 100,000 possibilities, which was a pain.

Using these, I tried different sets, and I knew her birth year from her Facebook ID. Combining all this information, I used different tools against that email, and I got one success. I used the tool [GHunt](https://github.com/mxrch/GHunt) and got a profile picture downloaded, and it was of the same girl. This is how I got her email address. Now, it was time to learn about this email address, and then I used the tool [Holehe](https://github.com/megadose/holehe) to know where this email was registered, but it was no luck.

Going to Snapchat’s “forgot password,” I saw if it was there; it was, but that was of no use to me. I could not find her real Snapchat username in this email as I am pretty sure that setting was turned off. Now, all I had was to use the “forgot password” option of Gmail itself. Using this, I got to know the last two digits of her number, but I would say I approached it with a hit-and-trial method as the number she put there might not be the same as what she challenged me to find out. Now, I had five out of 10 digits of her number, which resulted in 100,000 possibilities, which was a pain.

Instead of using those 100,000 possibilities, I started to scratch my head to find out one more digit, which would result in 10,000 possibilities. Following the trend of our country where people get their first SIM/Mobile after they finish their 10th grade, I hovered over his/her Facebook profile, and from there, I could know the year s/he passed his/her 10th grade. Also, the SIM companies/telecom providers in my country distribute SIMs with certain prefixes at certain times of the year. Then, I came to know which prefix number was being distributed in that year s/he finished her 10th grade and received his/her results. Passing 10th grade is like finishing a milestone in my country. Now, I have one more digit with this method. This was also just a hit-and-trial method.

Also, the SIM companies/telecom providers in my country distribute SIMs with certain prefixes at certain times of the year. Then, I came to know which prefix number was being distributed in that year she finished her 10th grade and received her results. Passing 10th grade is like finishing a milestone in my country. Now, I have one more digit with this method. This was also just a hit-and-trial method. This resulted in me knowing six out of 10 digits.

* The first three digits of what I was given
* The last two digits from the Google account’s recovery option
* The fourth digit from the telecoms’ prefix

Again, I was just testing out my luck but would call it smartly. Then, I generated a list of 10,000 numbers in a VCF file and uploaded it to my contacts on the phone, hoping I could find his/her real Snapchat username from “quick add”, but Snapchat did not let me do it. Then, I broke up those 10,000 numbers into 10 VCF files and tried each one separately, but it was of no luck (I was checking both Viber and Snapchat at that moment but I did not check WhatsApp as I knew they would block me if I did that).

Now, my last resort was to filter out those 10,000 numbers with the ones that have registered on WhatsApp. I searched and dug up the whole internet to find a good tool to do that, but either they wanted me to log in to WhatsApp web or they were quite expensive. After that, I found one of the tools that let me do 1,000 checks for free. The tool was [Checkwa](https://github.com/myckhel/checkwa). This website won’t let you create a new account and do the test again. I guess they are using good browser fingerprinting techniques. However, using different browsers like Brave browser, I was able to make six different accounts work to filter out 6 out of 10 files I had.

Now, I was still left with 4,000 numbers to filter out. That website did not work past those six, no matter what tweaks I tried. Then, I took a risk and combined those remaining 4,000 numbers with the numbers I had already filtered and uploaded that VCF file to my contacts, opened up WhatsApp, and refreshed the contacts tab. Now, I knew I had to work quickly or else WhatsApp would block me. So, after I hovered over all the contacts and all profile images got loaded, I quickly turned off my internet. Then, I started to go to each number and see the profile image, I know my luck/guessing game favored me a lot, but I found a number with the same facial snap s/he had sent me earlier.

This shows no matter how anonymous you try to be on the internet, prints are always left.


View on r/Nepal by Fast-Progress-3686