How to Track Down Anyone Using Only Their Phone Number โ Complete OSINT Guide
One-Line Flow: Got a phone number? This guide turns those 10 digits into a name, face, address, social accounts, and embarrassing data breaches โ grab your target number and start at Phase 1.

What The Hell is Phone Number OSINT?
A phone number isnโt just digits. Itโs a master key.
People use the same number for everything. Banking apps. Social media. Two-factor auth. Job applications. Dating profiles. Every single platform theyโve ever signed up for.
That means one number connects to:
- Their real name
- Their face
- Where they live
- Where they work
- Who they know
- What accounts they have
- What data breaches theyโre in
This guide walks you through every method to extract that info. From basic Google tricks to tools that would make a private investigator jealous.
Before You Start: Donโt Be a Creep
Real talk โ this knowledge is powerful. Use it for:
- Verifying sketchy callers
- Investigating scams and fraud
- Journalism and research
- Checking your own digital footprint
- Security work with proper authorization
Donโt use it for:
- Stalking your ex
- Harassing anyone
- Doxxing people
- Any illegal bullshit
Laws exist. GDPR, CCPA, computer fraud acts. Violate them and youโre the one getting investigated.
Now letโs get into it.
Phase 1: Basic Recon โ Figure Out What Youโre Working With
Before you go deep, get the basics.
Carrier and Line Type
First question: is this a real cell phone, a landline, or some VoIP burner?
This matters because VoIP numbers (Google Voice, TextNow) are harder to trace. Real mobile numbers link to carrier databases with actual identity verification.
Free tools:
- FreeCarrierLookup.com โ enter number, get carrier and line type
- NumLookup โ same deal, sometimes catches what others miss
What youโll learn: carrier name (Verizon, Vodafone, Jio, whatever), whether itโs mobile/landline/VoIP, and sometimes the original registration state or region.
Format That Number Right
International format matters. Tools choke on weird formatting.
Always convert to: +[Country Code][Number]
Examples:
- US:
+14155552671 - UK:
+447911123456 - India:
+919876543210
Get this wrong and half your tools return nothing.
Phase 2: Google-Fu โ Search Engines Are Your First Weapon
Google indexes more than you think. People paste their numbers everywhere โ invoices, forum posts, business listings, leaked documents.
The Exact Match Trick
Put the number in quotes. This forces Google to find that exact sequence:
"555-123-4567"
Try every format variation:
"5551234567"
"(555) 123-4567"
"+15551234567"
"555.123.4567"
People format numbers inconsistently. Search all versions.
Combine With Context
Add keywords to narrow results:
"555-123-4567" "invoice"
"555-123-4567" "contact"
"555-123-4567" "resume"
"555-123-4567" linkedin
"555-123-4567" facebook
Filter Out The Garbage
People search sites like Whitepages dominate results with useless previews. Exclude them:
"555-123-4567" -site:whitepages.com -site:spokeo.com -site:truepeoplesearch.com
Now you get the unique mentions โ forum posts, business directories, leaked pastebins.
DuckDuckGo As Backup
Google personalizes results. DuckDuckGo doesnโt. Run the same searches there โ youโll often find different results.
Phase 3: People Search Engines โ The Aggregators
These sites scrape public records, social media, and data broker databases. Theyโre hit or miss, but worth checking.
The main players:
- Whitepages โ US-focused, shows name/address previews
- TruePeopleSearch โ actually free, US only
- FastPeopleSearch โ another free US option
- ThatsThem โ email and address correlation
- Spokeo โ aggregates social profiles (paywalled for details)
How to use them:
Enter the phone number. Note any names or addresses that come up. Donโt trust any single result โ these databases mix current data with decade-old records.
Treat everything as a lead, not a fact. Cross-reference before you believe anything.
The catch: Most good data is paywalled now. Free tiers show just enough to confirm a hit exists, then demand $20-40 for actual details.
Phase 4: Social Media โ Where People Actually Live Online
Social platforms are goldmines because people voluntarily connect their real identities to phone numbers.
Facebook โ The Forgotten Password Trick
This is one of the most reliable techniques and itโs been working for years.
How it works:
- Go to facebook.com/login
- Click โForgotten password?โ
- Enter the phone number (international format)
- Watch what happens
Possible outcomes:
- โNo account foundโ โ number isnโt linked to Facebook
- Partial profile reveal โ Facebook shows a blurred photo and masked name like โJo** Sm**hโ
That partial info is huge. You now know:
- An account exists
- First name starts with those letters
- What they roughly look like (even blurred photos reveal gender, age range, glasses, etc.)
Pro tip: Right-click the blurred image, inspect element, and check the src attribute. Sometimes the actual image URL is less obscured than whatโs displayed.
Donโt actually reset the password. Thatโs illegal. Youโre just using the lookup to confirm association.
Facebook Contact Upload Method
Alternative approach:
- Create a throwaway Facebook account (use a burner email)
- Add the target number to your phone contacts with a fake name
- Let Facebook sync your contacts
- Check โPeople You May Knowโ suggestions
Facebookโs algorithm connects phone contacts to accounts. If the number is linked, their profile appears in suggestions.
Instagram and TikTok
Both platforms have phone-based friend finding:
- Add target number to your phone contacts
- Open the appโs โFind Friendsโ or โSync Contactsโ feature
- See if their profile appears
This works because these apps encourage connecting phone contacts to find friends. Most people leave this enabled.
LinkedIn
LinkedInโs phone search is garbage through the interface, but Google works:
site:linkedin.com "555-123-4567"
People sometimes list phone numbers in their contact info sections. Recruiters and salespeople especially.
Twitter/X
Phone search is disabled in the UI, but the data exists in their backend. Try:
site:twitter.com "555-123-4567"
Also useful: if you find a username through other methods, check if theyโve ever tweeted their number.
Phase 5: Truecaller โ The Crowdsourced Monster
Truecaller is the most comprehensive phone directory that shouldnโt exist.
How It Actually Works
When you install Truecaller, it uploads your entire contact list to their servers. Every name youโve saved for every number.
Multiply that by 400+ million users.
The result: a database where your number is tagged with whatever name your contacts saved you as. Your mom saved you as โSweetieโ? That might be in there. Your dealer saved you as โTuesday Guyโ? Possibly in there too.
Using It For OSINT
Web version: Go to truecaller.com/search, enter the number.
What you get:
- Name (as crowdsourced from contacts)
- Location (city-level)
- Spam report count
- Sometimes a profile photo
- Sometimes alternative numbers
Accuracy reality check: The name might be a nickname, might be outdated, might be wrong. Someoneโs bitter ex might have saved them as โCheating Assholeโ and thatโs what shows up.
Always verify Truecaller results through other sources.
Truecaller For Automation
TruecallerJS lets you query Truecaller programmatically. Youโll need to authenticate with a real account, but then you can script bulk lookups.
Phase 6: Epieos โ The Account Linker
Epieos is clever as hell.
It doesnโt hack anything. It just queries public APIs and services โ like password reset flows and contact lookup features โ to see what accounts are linked to a phone number.
What It Reveals
Enter a phone number and Epieos might show:
- Linked Google account: Profile name, photo, sometimes last activity
- Linked Facebook account: Profile ID and name
- Other services: Depending on what their APIs leak
This works because platforms like Google and Facebook have features that check โdoes this phone number have an account?โ โ Epieos just asks that question systematically.
Why This Is High-Confidence Data
Unlike people search sites that aggregate old data, Epieos queries live platform APIs. If it says a Google account exists for that number, a Google account exists for that number.
The platforms themselves are confirming the link.
Phase 7: The Silent Account Checkers
These tools check if phone numbers are registered on platforms without alerting the target. No notifications, no โsomeone tried to log into your accountโ emails.
Ignorant โ The Stealthy One
Ignorant is the most underrated phone OSINT tool.
It silently checks Snapchat, Instagram, and Amazon through password reset endpoint exploitation. The target never knows you looked.
pip install ignorant
ignorant +15551234567
Itโll tell you which platforms have accounts linked to that number. No alerts sent. Clean reconnaissance.
Phunter โ Multi-Source French Connection
Phunter combines multiple lookups including French โPages Blanchesโ directory access and Amazon verification with automated CAPTCHA solving.
Good for European numbers especially.
Email2PhoneNumber โ The Reverse Technique
Email2PhoneNumber works backwards. If you have someoneโs email, it harvests partially-masked phone digits from password reset pages across multiple sites.
Hereโs the clever part: it then uses NANPA (North American Numbering Plan Administration) data to eliminate impossible number combinations and brute-forces the remainder.
Martin Vigo showed at DEF CON that combining eBay and LastPass password resets alone can leak 7 of 10 digits. The remaining combinations are small enough to test.
Phase 8: PhoneInfoga โ The Open Source Standard
PhoneInfoga is the most comprehensive open-source phone OSINT tool.
What It Does
- Validates number format and identifies country/carrier
- Generates Google dorks automatically
- Checks multiple data sources
- Provides a web interface for easy use
- Offers a REST API for automation
Installation
# Using Go
go install github.com/sundowndev/phoneinfoga/v2@latest
# Or grab the binary from releases
# Or use Docker
docker pull sundowndev/phoneinfoga
Usage
# Basic scan
phoneinfoga scan -n +15551234567
# Start web interface
phoneinfoga serve
# Then open http://localhost:5000
The Google Ban Problem
PhoneInfoga hammers Google with searches. Google will eventually block you.
The fix: When you get blocked, complete a CAPTCHA manually in your browser. PhoneInfoga can capture the GOOGLE_ABUSE_EXEMPTION cookie and use it to bypass blocks temporarily.
Phase 9: Telegram โ OSINT Paradise
Telegram is uniquely valuable for phone OSINT because:
- Accounts are tied to phone numbers
- Privacy settings are often left default
- A massive ecosystem of OSINT bots exists
- User activity and group memberships are often visible
Bellingcatโs Phone Number Checker
telegram-phone-number-checker is the professional standard.
It checks if phone numbers have Telegram accounts and returns:
- Username (if set)
- Profile photo
- Last online status
- Display name
This is the tool journalists and investigators actually use.
Russian OSINT Bots
The Russian-speaking OSINT community has built Telegram bots that query parsed breach databases. These return data you wonโt find anywhere else.
Key bots:
- @Smart_SearchBot โ full names, addresses, emails, social networks from phone numbers
- @Quick_OSINT_bot โ similar comprehensive lookups
- @HimeraSearch โ covers phones, emails, vehicle registration
- @GetPhone_bot โ direct leaked database searches
- @karma_cybersec_bot โ Ukrainian bot for Telegram ID and phone correlation
Warning: These bots query breach data. Using them may violate laws in your jurisdiction. The data they return was likely obtained illegally at some point. Understand the legal implications.
Manual Telegram Reconnaissance
Even without bots:
- Add the number to your phone contacts
- Open Telegram and sync contacts
- Check if they appear in your contact list
- View their profile for photo, bio, username, last seen
If their privacy allows, you can see their profile photo history by clicking through different photos theyโve used.
Phase 10: WhatsApp โ 2.4 Billion Users Canโt Hide
WhatsApp is the worldโs largest messaging platform. Everyoneโs on it. Everyoneโs number is their account.
The Contact Save Method
- Save the target number to your phone contacts
- Open WhatsApp
- Go to Contacts, let it sync (or force refresh in settings)
- Find the contact
What you can see (depending on their privacy settings):
| Setting | Everyone | My Contacts | Nobody |
|---|---|---|---|
| Profile Photo | |||
| Last Seen | |||
| About/Status |
Most people leave defaults, which means โEveryoneโ for most settings.
Profile Photo Intelligence
That profile photo is gold. Save it and:
- Reverse image search with Yandex Images (better for faces than Google)
- Check backgrounds for location clues โ landmarks, workplaces, car models
- Note metadata if lucky (rare on WhatsApp but worth checking with exiftool)
The Group Addition Bypass
Hereโs a trick that sometimes bypasses privacy settings:
- Create a new WhatsApp group
- Add yourself and the target number
- Before sending any messages, observe their profile info
- Exit the group immediately
During group creation, WhatsApp sometimes shows profile information that would normally be hidden from non-contacts.
This is inconsistent โ WhatsApp patches it periodically โ but worth trying.
Status Analysis
Profile name patterns tell stories:
| Pattern | Likely Meaning |
|---|---|
| โJohn Smithโ | Real name โ high value |
| โJS Plumbingโ | Business owner |
| โ~J-S~โ | Personal nickname |
| Location flex | |
| โAvailable 24/7โ | Business or hustle |
The โAboutโ section often contains LinkedIn handles, Instagram usernames, business info, or philosophical quotes that help build a profile.
Last Seen Patterns
If visible, last seen reveals lifestyle patterns:
- Consistently online at 2am? Night owl or different timezone
- Active during business hours only? Probably a work phone
- Last seen a week ago? Inactive account or dead phone
- Never shows last seen? Privacy conscious (notable in itself)
Phase 11: African FinTech Apps โ The Identity Goldmine
OPay, PalmPay, and similar apps dominate African mobile finance. Theyโre OSINT goldmines because financial regulations require real identity verification.
The โSend Moneyโ Reconnaissance Method
These apps verify recipients before transfers complete. You can exploit this:
OPay Method:
- Install OPay (use a burner device if paranoid)
- Go to Transfer โ To OPay User
- Enter the target phone number
- Before confirming payment, observe what appears
What you might see:
- Full registered name (KYC verified)
- Username if they set one
- Verification badge
- Sometimes profile photo
- Sometimes location
Cancel before sending anything. You just wanted the lookup.
PalmPay Method:
Same flow. Send Money โ Enter number โ Note the recipient name that appears for confirmation.
Airtime Purchase Verification
Another technique using the same principle:
- Go to โBuy Airtimeโ in any financial app
- Enter the target phone number
- The app shows โConfirm: Send to [FULL NAME]?โ
- Cancel the transaction
Youโve just confirmed their registered name with their carrier. MTN, Airtel, Glo โ they all do KYC. That name is government-ID verified.
Regional App Coverage
This technique works across multiple apps:
Africa:
- MTN Mobile Money (35+ countries, 95-100% accuracy)
- Airtel Thanks/Money (Africa, Asia)
- M-Pesa (Kenya, Tanzania, etc.)
- OPay, PalmPay (Nigeria)
India:
- Paytm, PhonePe, Google Pay โ UPI IDs often ARE the phone number (
phonenumber@paytm) - Start a UPI transfer, see the registered name
Brazil:
- PIX system โ keys can be phone numbers
- Mercado Pago, PicPay show recipient names
Southeast Asia:
- GrabPay, GCash (Philippines), Maya, Touch 'n Go (Malaysia)
Why This Works
Financial regulations (KYC/AML) require these apps to verify identity. When you โsend moneyโ to a number, the app confirms youโre sending to the right person by showing their verified name.
Youโre not hacking anything. Youโre using a consumer protection feature for reconnaissance.
Phase 12: HLR Lookups โ Telecom Infrastructure Intelligence
HLR (Home Location Register) lookups query carrier infrastructure directly. This is how telecom companies validate numbers internally.
What HLR Actually Does
When you run an HLR lookup, the system sends an SRIforSM (Send Routing Info for Short Message) query through SS7 infrastructure to the carrierโs database.
The response contains:
| Data Point | What It Means |
|---|---|
| Valid/Invalid | Does this number actually exist? |
| Active/Inactive | Is it currently in service? |
| Carrier | Which network owns the number |
| Roaming Status | Are they traveling internationally? |
| Connected Network | If roaming, which foreign carrier? |
| Porting Status | Has number been transferred to different carrier? |
| IMSI (sometimes) | International Mobile Subscriber Identity |
OSINT Value
The roaming detection is powerful. If someone claims theyโre in New York but their HLR shows theyโre roaming on a carrier in Dubai, thatโs valuable intelligence.
HLR Services
- HLR Lookup โ 220+ networks, free credits on signup
- HLR-Lookups โ 100 free evaluation queries
- SigPloiter/HLR-Lookups โ open source, DIY option
Deep-HLR combines HLR data with reputation scores, social media correlation, and portability status in one tool.
Phase 13: CNAM โ Caller ID Names
CNAM (Caller ID Name) is the system that makes your phone display โJOHN SMITHโ when someone calls instead of just a number.
The Dirty Secret
Thereโs no central CNAM database. About 12+ independent databases exist, and each carrier only updates one of them.
This means:
- The same number returns different names depending on where you query
- Updates are inconsistent (some carriers refresh monthly, others weekly)
- About 50% of lookups return actual names, the rest show โWireless Callerโ
Why Itโs Still Useful
When CNAM returns a real name, itโs often the actual registered account holder name โ not a crowdsourced nickname like Truecaller.
Free CNAM tools:
- Quality Voice Dataโs Caller ID Testing Tool
- Various VoIP providers offer CNAM dips in their APIs
Technical Flow
When a call comes in:
- Originating carrier sends only the phone number
- Terminating carrier queries their LIDB (Line Information Database)
- LIDB returns a 15-character max name string
- Your phone displays it
The 15-character limit is why names often appear truncated.
Phase 14: Data Breaches โ The Dark Goldmine
Every major breach contains phone numbers. Check if your targetโs number appears in leaked datasets.
Breach Search Tools
Have I Been Pwned โ haveibeenpwned.com
- Primarily email-based but some breaches include phone data
- Free, legitimate, widely trusted
Intelligence X โ intelx.io
- Searches across pastes, breaches, darknet sources
- Phone number search available
- Freemium with limited free searches
DeHashed โ dehashed.com
- Full breach database search by phone number
- Paid service, but comprehensive
Snusbase โ snusbase.com
- 16+ billion records
- Direct phone number search
- Paid subscription
LeakCheck โ leakcheck.io
- 7+ billion records
- Freemium model
What Breaches Reveal
When a phone number appears in breaches, you often get:
- Associated email addresses
- Passwords (that people reuse everywhere)
- Physical addresses
- Full names
- Account usernames
- Whatever else that service collected
One phone number in one breach can give you the key to finding all their other accounts.
Pastebin and Paste Sites
Hackers dump data on paste sites. Search them:
- Pastebin โ search directly
- psbdmp.ws โ Pastebin dump search engine
- grep.app โ searches GitHub and paste sites
Search formats:
"5551234567"
"+15551234567"
Phase 15: Number Recycling โ The Haunted Numbers
Phone numbers get reassigned. When someone gives up a number, after 45 days (in the US) carriers can give it to someone new.
Why This Matters For OSINT
You might be investigating a number that now belongs to someone completely different.
A Princeton study found:
- 66% of sampled available numbers were still linked to accounts on Amazon, Facebook, PayPal, etc.
- 100 numbers had associated email addresses in breach databases
- Within one week, 19 of 200 test numbers received sensitive communications meant for previous owners
Detecting Recycled Numbers
Conflicting information is the red flag. If Truecaller says โJohnโ but Facebook says โMariaโ and breach data shows โAlexโ โ that number has likely been recycled through multiple owners.
Check porting history through HLR services that show porting dates. A number thatโs been ported multiple times has had multiple owners.
Services detecting recycling:
- Telesign โ detects reassignment through carrier data
- TMT ID โ number deactivation and recycling APIs
- GSMA is developing a standardized Number Recycling API
Phase 16: VK and Russian Platforms
If your target has any connection to Russia or former Soviet states, VKontakte (VK) is essential.
VK Phone Lookup
The password recovery page reveals partial information:
- Go to connect.vk.com/restore/
- Enter the phone number
- See partial email/phone associated with account
Additional VK tools:
- vk.barkov.net/mobilephones.aspx โ direct phone lookup for VK accounts
- KogdaVSeti โ last login time detection
- vk5.city4me.com โ reveals hidden friends
- vkdia.com โ shows which friends someone chats with most
Russian Data Bots Revisited
The Telegram bots mentioned earlier are particularly effective for Russian/CIS numbers because:
- Russian data protection enforcement isโฆ different
- Massive historical breach data exists
- The OSINT community there has been building these tools for years
Phase 17: SS7 โ The Protocol That Exposes Everyone
SS7 (Signaling System 7) is the protocol that makes phone networks work globally. It was designed in the 1970s-80s when โany network participant was implicitly trusted.โ
The Problem
Thereโs no authentication. If you can send SS7 messages, carriers trust them. This allows:
- Location tracking with just a phone number
- SMS interception
- Call interception
- Voicemail access
Whatโs Actually Accessible
You personally canโt send SS7 messages (probably). But:
- Some countries sell SS7 access via โGlobal Title leasingโ
- Government agencies use it routinely
- Commercial surveillance vendors offer it as a service
- Criminal organizations have access
SRLabs research found location tracking succeeds approximately 70% globally with just a phone number.
2024-2025 Bypass Attacks
Carriers deployed SS7 firewalls after earlier disclosures. Researchers then found that manipulating the TCAP layer with โextended tag encodingโ bypasses these firewalls.
Itโs an arms race.
OSINT Implications
You wonโt be doing SS7 attacks unless youโre a nation-state or working for one. But knowing this exists helps you understand:
- Why phone-based 2FA is considered weak
- Why high-value targets use Signal/secure messengers
- What capabilities exist for well-resourced adversaries
Phase 18: Ring Patterns and Voicemail Reconnaissance
Low-tech but revealing.
Call Analysis
| Pattern | What It Means |
|---|---|
| 1 ring โ busy | Likely blocked or manually rejected |
| Multiple rings โ voicemail | Normal behavior |
| Multiple rings โ busy | Conference call or forwarded to busy line |
| Fast busy (reorder tone) | Network issues or terminated service |
| Endless ringing | Voicemail disabled, phone off, or abandoned number |
T-Mobile lets users set call rejection to return busy signals instead of voicemail โ intentional obfuscation.
Voicemail Intelligence
SpyDialer retrieves voicemail greetings. The greeting often reveals:
- The personโs voice (confirms identity)
- Their name (if they recorded a personal greeting)
- Their workplace (professional greetings)
- Their personality and communication style
Warning: SpyDialer causes a brief ring on the targetโs phone. Not invisible.
Carrier Fingerprinting
Default voicemail prompts vary by carrier:
โThe person you are calling is not available. Please leave a message after the tone.โ
vs.
โHi, youโve reached the Verizon voicemail ofโฆโ
The specific wording can confirm carrier even when other methods fail.
Phase 19: Reverse Image Search From Profile Photos
Found a photo through any of these methods? Now trace it further.
Best Tools
Yandex Images โ yandex.com/images/
- Far superior to Google for faces
- Russian platform = less privacy filtering
- Upload the image or paste URL
Google Images โ images.google.com
- Good for finding the same image on different sites
- Weaker for face matching
TinEye โ tineye.com
- Finds exact and modified matches
- Shows oldest instance (helps find original source)
PimEyes โ pimeyes.com
- Facial recognition search engine
- Controversial but effective
- Paid service
What Youโre Looking For
- Same photo on other platforms โ Instagram pic also on LinkedIn means same person
- Photo background clues โ office logos, street signs, landmarks
- EXIF data โ GPS coordinates, camera info, timestamps (usually stripped but worth checking)
- Oldest instance โ where did this photo originate?
Phase 20: Username Correlation
Found a username through any method? Trace it everywhere.
The Logic
People reuse usernames. john_smith_87 on Instagram is probably john_smith_87 on Twitter, GitHub, and that sketchy forum they forgot about.
Tools
Sherlock โ github.com/sherlock-project/sherlock
sherlock john_smith_87
Checks 400+ sites for that username.
WhatsMyName โ whatsmyname.app
- Web-based username search
- Good for quick checks
Namechk โ namechk.com
- Username availability checker
- Shows which platforms have that username taken
Social Searcher โ social-searcher.com
- Searches social media content by keyword
- Can find posts mentioning specific usernames
Phase 21: Government and Regulatory Databases
Public records often include phone numbers.
UK
Ofcom Numbering Data โ ofcom.org.uk/numbering-data
- Weekly updated, 54MB download
- Complete telephone number allocations
- Shows carrier assignments for every UK number range
Canada
Canadian Numbering Administrator โ cnac.ca
- CO code status lookups
- Area code complex maps
- Shows carrier assignments for Canadian numbers
US
NANPA (North American Numbering Plan) โ nationalnanpa.com
- Number allocation data
- Area code assignments
- Porting administration records
Court Records
CourtListener RECAP Archive โ courtlistener.com/recap/
- Millions of federal court documents
- Searchable by text content
- Phone numbers appear in filings, exhibits, contracts
This is huge. PACER only searches by party name. RECAP lets you search actual document text โ including phone numbers mentioned in evidence.
Phase 22: Automation and Pipelines
For serious OSINT work, automate everything.
Maltego Transforms
Maltego is the professional OSINT visualization platform. Phone number transforms:
- PhoneSearch Transforms โ returns names, social profiles, related persons (law enforcement grade)
- LoginsoftOSINT Transforms โ detects disposable numbers, finds registered apps
- IPQualityScore Transforms โ fraud scoring and phone validation
n8n Workflows
n8n-nodes-osint-industries integrates phone enrichment into workflow automation.
Build pipelines that:
- Take a phone number input
- Query multiple sources automatically
- Aggregate results
- Generate reports
PhoneInfoga REST API
phoneinfoga serve
# API available at http://localhost:5000
# POST to /api/v2/numbers
Script it into your existing tools.
Python Libraries
- phonenumbers โ Googleโs library for parsing, formatting, validating
- truecallerpy/truecallerjs โ Truecaller API access
- ignorant โ silent account checking
Phase 23: Building The Complete Profile
Youโve gathered fragments from a dozen sources. Now synthesize them.
The Confidence Framework
Rate each piece of information:
| Confidence | Criteria | Example |
|---|---|---|
| High | Multiple independent sources agree | Name from Truecaller matches Facebook partial matches LinkedIn |
| Medium | Single reliable source or partial corroboration | Name from Epieos alone, or Truecaller + breach data match |
| Low | Single unreliable source, no corroboration | Name from one people-search site only |
The Final Dossier
For each investigation, document:
Confirmed:
- Full name (confidence level)
- Location (city/state)
- Verified accounts (with profile URLs)
Likely:
- Workplace
- Associated emails
- Social connections
Possible:
- Additional names (aliases, maiden names)
- Previous addresses
- Family members
Contradictory Data:
- Conflicting names from different sources
- Evidence of number recycling
- Possible confusion with similar numbers
Source Documentation
Always note:
- What tool/method found each piece
- When you found it
- The exact data returned
This matters for verifying your work and understanding reliability later.

Complete Tool Reference
GitHub Tools
| Tool | URL | Purpose |
|---|---|---|
| PhoneInfoga | github.com/sundowndev/phoneinfoga | All-in-one phone OSINT |
| Ignorant | github.com/megadose/ignorant | Silent account checking |
| Phunter | github.com/N0rz3/Phunter | Multi-source + European directories |
| email2phonenumber | github.com/martinvigo/email2phonenumber | Reverse phone from email |
| Deep-HLR | github.com/e-m3din4/deep-hlr | HLR + social correlation |
| telegram-phone-number-checker | github.com/bellingcat/telegram-phone-number-checker | Telegram account lookup |
| TruecallerJS | github.com/sumithemmadi/truecallerjs | Truecaller API |
| PhoneIntel | github.com/phoneintel/phoneintel | Batch processing |
| NumSpy | github.com/spyboy-productions/numspy | Indian number OSINT |
| Sherlock | github.com/sherlock-project/sherlock | Username search |
| HLR-Lookups | github.com/SigPloiter/HLR-Lookups | DIY HLR queries |
Web Services
| Service | URL | What It Does |
|---|---|---|
| Epieos | epieos.com | Account linking via APIs |
| Truecaller | truecaller.com/search | Crowdsourced caller ID |
| Intelligence X | intelx.io | Breach/paste/darknet search |
| HLR Lookup | hlrlookup.com | Carrier infrastructure queries |
| FreeCarrierLookup | freecarrierlookup.com | Basic carrier ID |
| Yandex Images | yandex.com/images/ | Reverse image search |
| WhatsMyName | whatsmyname.app | Username search |
Telegram Bots
| Bot | Purpose |
|---|---|
| @Smart_SearchBot | Full profile from phone |
| @Quick_OSINT_bot | Comprehensive lookups |
| @HimeraSearch | Phones, emails, vehicles |
| @GetPhone_bot | Breach database search |
The Methodology Flowchart
๐ฑ Phone Number Input
โ
๐ Format to International (+1...)
โ
โโโโโโโโดโโโโโโโ
โ ๐ Basic โ
โโโโโโโโฌโโโโโโโ
โ
๐ก Carrier ID (FreeCarrierLookup)
โ
๐ฏ Google Dorks (all format variations)
โ
โโโโโโโโดโโโโโโโ
โ โก Quick โ
โโโโโโโโฌโโโโโโโ
โ
๐ Truecaller โ Name lead
๐ Epieos โ Linked accounts
๐ ๏ธ PhoneInfoga โ Comprehensive scan
โ
โโโโโโโโดโโโโโโโ
โ ๐ฒ Social โ
โโโโโโโโฌโโโโโโโ
โ
๐ต Facebook password reset โ Partial profile
๐ฌ WhatsApp contact add โ Photo, status, last seen
โ๏ธ Telegram checker โ Username, profile
๐ป Instagram/Snapchat (Ignorant) โ Account exists?
โ
โโโโโโโโดโโโโโโโ
โ ๐ฌ Deep โ
โโโโโโโโฌโโโโโโโ
โ
๐ Breach databases โ Emails, passwords, addresses
๐ก HLR lookup โ Carrier, roaming, porting
๐ฐ Financial apps โ KYC-verified names
โ
โโโโโโโโดโโโโโโโ
โ ๐ Correlateโ
โโโโโโโโฌโโโโโโโ
โ
๐ผ๏ธ Reverse image search on found photos
๐ค Username search (Sherlock)
๐งฉ Cross-reference all data points
โ
โโโโโโโโดโโโโโโโ
โ ๐ Report โ
โโโโโโโโฌโโโโโโโ
โ
โ
Confidence-rated profile with source documentation
Protecting Yourself
Run every technique in this guide against your own phone number. Seriously.
Audit Yourself
- Search your number on every tool mentioned
- Check breach databases for your number
- See what Truecaller shows
- Try the Facebook password reset on yourself
- Check WhatsApp privacy settings
Reduce Your Exposure
Use separate numbers:
- Primary number for trusted contacts only
- Secondary number for signups and services
- Burner numbers for anything sketchy
Privacy settings:
- WhatsApp: Set photo, last seen, about to โMy Contactsโ
- Telegram: Same approach
- Facebook: Remove phone from searchable info
Financial apps:
- Use different numbers if possible
- Disable social features
- Review what info appears when others send you money
Consider:
- Google Voice for a free secondary US number
- Prepaid SIMs for compartmentalization
- MySudo or similar for multiple identities
Final Thoughts
A phone number is an identity anchor. Every service connects to it. Every login texts it. Every contact list uploads it.
The tools and techniques here arenโt secret โ theyโre just not obvious. Anyone willing to spend an hour can find more than most people realize is public.
Use this knowledge to protect yourself. Use it for legitimate investigations. Donโt be the reason someone needs protection from people like you.
Now go audit your own digital footprint before someone else does.

!