for fraud & threat-intel teams

Investigate any phone number
in a single lookup.

Drop in a number and DefenceCore returns the carrier, line type, SIM-swap risk, breach exposure, and the accounts linked to it — the full picture a manual investigation builds, in seconds. One lookup instead of pivoting across a dozen tools.

See a sample report ↓

Already have an account? Sign in

Real-timecarrier & HLR data
200+countries covered
40OSINT results / lookup
< 3savg. lookup time
3-in-1carrier, breach & OSINT in one report
25+data sources
Pro onlyintent screened, not people search

Why DefenceCore?

ONE LOOKUP VS. A DOZEN TABS

The manual way
  • Pivot across a separate carrier lookup, breach checker, and OSINT tools
  • Copy-paste findings into a doc by hand
  • No consistent, comparable risk score to act on
  • An hour or more per number
With DefenceCore
  • One lookup returns carrier, exposure, and OSINT together
  • A single, shareable investigation report
  • Category exposure score out of 100
  • Seconds, not hours

Professional use only — a faster investigation workflow, not a people-search tool.

An OSINT platform, three layers deep

CARRIER · EXPOSURE · OPEN SOURCE

CARRIER
Verizon
LINE TYPE
mobile
VOIP
no
SIM SWAP
elevated

Carrier & HLR Lookup

Carrier, line type, VoIP detection, and SIM swap risk. Any number, worldwide.

carrier nameVoIP detectionSIM swap riskcaller ID
breach exposure72
digital footprint58
public records41

Breach & Exposure Scoring

Correlate an identifier against known data breaches and leaks, then score the digital footprint it exposes — broken down by category.

data breachdata leakdigital footprintrisk rating
breachCollection #1 (2019)
recordsBusiness filing match
directory2 public listings

Open-Source Intelligence

Up to 40 OSINT results per lookup — linked accounts, social profiles, public records, and directory hits, gathered from open sources.

osint toolslinked accountssocial profilespublic records

What a full lookup returns

SAMPLE REPORT · DEPTH OF A PAID LOOKUP

SAMPLE+1 (512) 555–0148
CARRIER
Verizon Wireless
LINE TYPE
mobile
SIM SWAP
elevated
CALLER ID
M. Calloway
EXPOSURE SCORE67 / 100 · elevated
Breach exposure72
Social footprint64
Public records41
Marketing / data brokers58
LINKED ACCOUNTS & OSINT RESULTS2 of 38 shown
breach
Data breach
Collection #1 (2019) — email + plaintext password
fraud
Marketplace
Seller account flagged in 2 chargeback disputes

Sample data shown for illustration. DefenceCore is for professional fraud, threat-intel, and investigation use only — not a people-search tool.

Built for OSINT investigators

WHO USES DEFENCECORE

SOC & threat intel analysts

Investigate smishing and vishing numbers during incident response. Classify VoIP vs. mobile, assess SIM swap risk, and document findings in one report.

Fraud & trust-and-safety teams

Verify phone numbers at signup. Score risk and detect burner and VoIP numbers before they become chargebacks.

Private investigators & OSINT researchers

Open-source intelligence and data enrichment in one place — carrier data, breach exposure, and OSINT results in a single investigation report.

Due diligence, KYC & compliance

Enrich every onboarding and counterparty. Surface the digital footprint and breach exposure behind an identifier before you approve it.

New to the discipline? Read our OSINT and open-source intelligence guides on data enrichment and investigation workflows.

How it works

THREE STEPS

ENTER A NUMBER
🇺🇸 +1
(512) 555–0148
Run →
All international formats supported.

Simple pricing

NO HIDDEN FEES · CANCEL ANYTIME

Most popular
Pro · Monthly
$40 / month

600 lookups/month (20/day), full reports, lookup history.

  • Carrier metadata & SIM swap risk
  • Caller ID resolution
  • Exposure score with breakdown
  • Up to 40 OSINT results per lookup
  • Full lookup history
START NOW →

cancel anytime

One-Time Credits
$7 / 10 credits

No subscription — pay once, use anytime.

  • 10 phone lookups
  • Carrier & line type data
  • Exposure scoring
  • No recurring charge
BUY CREDITS →

one-time · no recurring charge

Professional use only. Intent screening at signup. OSINT for defenders.

Frequently asked questions

OSINT & DATA ENRICHMENT, EXPLAINED

What does OSINT mean?

OSINT stands for open-source intelligence — the practice of collecting and analysing information from publicly available sources to build a complete picture of a person, account, or identifier. Investigators use OSINT to surface linked accounts, breach exposure, and a subject’s digital footprint without touching private or restricted systems. DefenceCore automates that workflow as a single data-enrichment lookup.

What are OSINT tools used for?

OSINT tools gather and correlate open-source intelligence — linked accounts, social profiles, public records, breach data, and carrier metadata — so an investigator can turn a single identifier into a full picture. Fraud, threat-intelligence, KYC, and trust-and-safety teams use them to enrich investigations instead of pivoting across a dozen separate lookups. DefenceCore is an OSINT data-enrichment platform that returns all of these signals from one query.

What is data enrichment for investigations?

Data enrichment takes a single starting identifier — such as a phone number — and expands it into linked accounts, breach and data-leak exposure, carrier and line-type data, and a risk score. It replaces the manual cross-referencing investigators do across multiple OSINT tools and spreadsheets with one automated lookup that returns an investigation-ready report.

What is phone number OSINT?

Phone number OSINT is the practice of gathering open-source intelligence about a phone number — carrier, line type, breach exposure, and publicly available accounts linked to it. Security teams use it to investigate smishing, vishing, and fraud without touching private carrier systems. DefenceCore runs the full phone number OSINT and data-enrichment workflow from a single lookup.

What is an HLR lookup?

An HLR lookup queries the Home Location Register — the carrier database that tracks a mobile number’s network status — to confirm a number is active, identify its current carrier, and detect porting. Investigators use HLR and carrier lookups to verify a number is real and reachable before acting on it.

How do I check if a phone number is VoIP or a burner?

Run a carrier lookup that returns the line type: mobile, landline, or VoIP. VoIP and prepaid numbers are the most common choice for smishing, scam calls, and fake signups, so line type is the first filter fraud analysts apply. DefenceCore includes VoIP detection in every lookup.

What is SIM swap risk and how is it detected?

SIM swap risk is the likelihood that a phone number has recently been moved to a new SIM or carrier — a key signal in account-takeover fraud. It is detected through carrier-level signals such as recent porting or SIM change activity. DefenceCore returns a SIM swap risk signal with every lookup.

How can I check if my phone number was in a data breach?

Run the number through a tool that correlates it against known breach datasets. DefenceCore scores breach exposure as part of its composite exposure score, showing whether a number appears in known breach data and how exposed it is overall. Checking your own number is a fast way to assess your attack surface.

Is DefenceCore a people-search tool?

No. DefenceCore is built for security, fraud, and investigation teams — not for looking up individuals out of curiosity. Signups are intent-screened, and every feature is framed around defense: investigating suspicious numbers, scoring fraud risk, and auditing your own exposure.

How is DefenceCore different from Twilio Lookup or free carrier checkers?

Twilio Lookup and free carrier checkers return carrier and line type, and little else. DefenceCore combines carrier and HLR data, VoIP detection, SIM swap risk, caller ID resolution, breach exposure scoring, and up to 40 open-source results in one report. One lookup replaces the stack of tools analysts otherwise stitch together during an investigation.