Free threat reputation lookup for security analysts. See if a number has been observed in smishing, vishing, SIM-swap, or fraud activity — in seconds, no signup.
Built for security teams and investigators. Lookups are rate-limited and monitored for abuse.
Tracking 8,247 flagged numbers across 6 campaign types, updated 2026-06-11.
The phone number reputation check queries an aggregated threat dataset and returns the reputation signal for a single number in seconds. For every match it reports the campaign observations tied to the number, the first-seen and last-seen dates, the volume of reports behind it, and a confidence value per observation. Those roll up into a composite risk score from 0 to 100.
It is purpose-built for smishing number lookup, vishing number checks, and fraud number database queries during an active investigation. It is phone threat intelligence — a reputation indicator, not a subscriber record. It does not return owner identity, and it is not a reverse phone lookup.
Flagged — the number appears in our dataset against one or more campaigns. Read the observations to judge recency and weight.
Clean — no observations in our dataset. This means no signal here, not "safe." Absence of evidence is not evidence of absence; corroborate with other sources.
Unknown — insufficient coverage for the number’s region to return a meaningful signal either way.
SOC and incident response, threat intelligence, fraud and trust-and-safety, and OSINT investigators. If you just received a smishing report or a suspicious vishing call with a number attached, this gives you a reputation read before you escalate.
Signals are derived from aggregated, ethically-sourced threat reporting — abuse feeds, honeypots, partner submissions, and analyst-confirmed cases. Numbers are tracked as indicators against observed campaigns. Indicators are not proof: a flag means the number warrants scrutiny, and a clean result is not a clearance. Lookups are rate-limited and monitored for abuse.
PHONE NUMBER REPUTATION, EXPLAINED
Flagged means the number has been observed in one or more threat campaigns in our dataset — smishing, vishing, SIM-swap, or fraud activity. Each observation carries a campaign type, first-seen and last-seen dates, a report count, and a confidence value. A flag is an indicator, not proof: it tells you the number warrants scrutiny in your investigation, not that every call or message from it is malicious.
Clean means we found no observations of this number in our threat dataset. It is not a safety guarantee. Absence of evidence is not evidence of absence — a number can be actively abused before it is ever reported, or operate in a region we do not yet cover. Treat clean as "no signal here" and corroborate with your other sources.
The reputation dataset is aggregated from ethically-sourced threat reporting: abuse feeds, honeypot collection, partner submissions, and analyst-confirmed fraud cases. Numbers are tracked as indicators tied to observed campaigns. We do not scrape private carrier systems and we do not sell personal data. The signal you see is a reputation indicator derived from reported activity, not a subscriber record.
No. This is not a reverse phone lookup and it will not tell you who owns a number, the subscriber name, or a home address. It is a threat reputation check: it answers whether a number has been observed in phishing or fraud campaigns. If you are trying to identify a personal caller, this is the wrong tool. It is built for security analysts and fraud investigators working a case, not consumer people-search.
SOC analysts, threat intelligence analysts, fraud and trust-and-safety teams, and OSINT investigators. The typical user has a number pulled from a smishing report, a suspicious vishing call, or a fraud case and needs a fast reputation signal before deciding how to triage it. Lookups are rate-limited and monitored for abuse.
Each observation reports its own confidence, and the composite risk score (0–100) weights campaign recency, report volume, and corroboration. Use it as a triage indicator, not a verdict. Every result includes a "Copy result as text" action that produces a timestamped, source-linked summary you can paste straight into a case ticket or Slack thread for your audit trail.