DefenceCore is an OSINT data-enrichment platform for fraud and threat-intelligence investigators. Turn one identifier into linked accounts, breach exposure, and risk signals — the open-source intelligence a full investigation surfaces, in seconds.
Already have an account? Sign in
CARRIER · EXPOSURE · OPEN SOURCE
Carrier, line type, VoIP detection, and SIM swap risk. Any number, worldwide.
Correlate an identifier against known data breaches and leaks, then score the digital footprint it exposes — broken down by category.
Up to 40 OSINT results per lookup — linked accounts, social profiles, public records, and directory hits, gathered from open sources.
WHO USES DEFENCECORE
Investigate smishing and vishing numbers during incident response. Classify VoIP vs. mobile, assess SIM swap risk, and document findings in one report.
Verify phone numbers at signup. Score risk and detect burner and VoIP numbers before they become chargebacks.
Open-source intelligence and data enrichment in one place — carrier data, breach exposure, and OSINT results in a single investigation report.
Enrich every onboarding and counterparty. Surface the digital footprint and breach exposure behind an identifier before you approve it.
New to the discipline? Read our OSINT and open-source intelligence guides on data enrichment and investigation workflows.
THREE STEPS
Paste or type a phone number to start the enrichment. All international formats supported.
DefenceCore queries carrier APIs, breach databases, and open sources in seconds.
Read the full breakdown — metadata, exposure score, and OSINT results — all in one view.
NO HIDDEN FEES · CANCEL ANYTIME
20 lookups per day, full reports, lookup history.
cancel anytime
No subscription — pay once, use anytime.
one-time · no recurring charge
Professional use only. Intent screening at signup. OSINT for defenders.
OSINT & DATA ENRICHMENT, EXPLAINED
OSINT stands for open-source intelligence — the practice of collecting and analysing information from publicly available sources to build a complete picture of a person, account, or identifier. Investigators use OSINT to surface linked accounts, breach exposure, and a subject’s digital footprint without touching private or restricted systems. DefenceCore automates that workflow as a single data-enrichment lookup.
OSINT tools gather and correlate open-source intelligence — linked accounts, social profiles, public records, breach data, and carrier metadata — so an investigator can turn a single identifier into a full picture. Fraud, threat-intelligence, KYC, and trust-and-safety teams use them to enrich investigations instead of pivoting across a dozen separate lookups. DefenceCore is an OSINT data-enrichment platform that returns all of these signals from one query.
Data enrichment takes a single starting identifier — such as a phone number — and expands it into linked accounts, breach and data-leak exposure, carrier and line-type data, and a risk score. It replaces the manual cross-referencing investigators do across multiple OSINT tools and spreadsheets with one automated lookup that returns an investigation-ready report.
Phone number OSINT is the practice of gathering open-source intelligence about a phone number — carrier, line type, breach exposure, and publicly available accounts linked to it. Security teams use it to investigate smishing, vishing, and fraud without touching private carrier systems. DefenceCore runs the full phone number OSINT and data-enrichment workflow from a single lookup.
An HLR lookup queries the Home Location Register — the carrier database that tracks a mobile number’s network status — to confirm a number is active, identify its current carrier, and detect porting. Investigators use HLR and carrier lookups to verify a number is real and reachable before acting on it.
Run a carrier lookup that returns the line type: mobile, landline, or VoIP. VoIP and prepaid numbers are the most common choice for smishing, scam calls, and fake signups, so line type is the first filter fraud analysts apply. DefenceCore includes VoIP detection in every lookup.
SIM swap risk is the likelihood that a phone number has recently been moved to a new SIM or carrier — a key signal in account-takeover fraud. It is detected through carrier-level signals such as recent porting or SIM change activity. DefenceCore returns a SIM swap risk signal with every lookup.
Run the number through a tool that correlates it against known breach datasets. DefenceCore scores breach exposure as part of its composite exposure score, showing whether a number appears in known breach data and how exposed it is overall. Checking your own number is a fast way to assess your attack surface.
No. DefenceCore is built for security, fraud, and investigation teams — not for looking up individuals out of curiosity. Signups are intent-screened, and every feature is framed around defense: investigating suspicious numbers, scoring fraud risk, and auditing your own exposure.
Twilio Lookup and free carrier checkers return carrier and line type, and little else. DefenceCore combines carrier and HLR data, VoIP detection, SIM swap risk, caller ID resolution, breach exposure scoring, and up to 40 open-source results in one report. One lookup replaces the stack of tools analysts otherwise stitch together during an investigation.