WhatsAppThreat Intelligence

The Burner Phone That Wasn't Burner Enough: WhatsApp Registration Metadata

March 15, 2025
Outcome

Burner phone operator identified through carrier registration patterns and purchase location analysis.

Background

A business owner was receiving extortion threats via WhatsApp from numbers that changed weekly. Each number appeared to be a prepaid burner phone with no registered owner.

Investigation Methodology

  1. Carrier Metadata Analysis: Each threatening WhatsApp number was analyzed for carrier information, revealing the specific prepaid provider and activation patterns.
  2. Purchase Pattern Mapping: Activation times and carrier data were cross-referenced with retail locations selling prepaid SIMs in the area.
  3. WhatsApp Profile Forensics: Even minimal WhatsApp profile data (profile photo changes, about text, online status patterns) was collected and compared.

Key Findings

  • All 8 burner numbers were activated on the same prepaid carrier, all purchased from stores within a 5-mile radius of a specific neighborhood.
  • WhatsApp online status patterns showed the burner accounts followed the same sleep-wake cycle as a specific suspect.
  • One burner number briefly had a WhatsApp profile photo that, through reverse image search, matched a fishing photo posted on a private Facebook account.

Outcome

The suspect was identified as a former business partner in a dispute. The evidence was provided to law enforcement, leading to an arrest. Total investigation time: 3 weeks.

Facing a similar situation?

Our analysts handle cases like this daily. Start your investigation now.

Start Investigation