Home Blog
How to Do OSINT Reverse Phone Lookup

How to Do OSINT Phone Number Search Step by Step?

How to do OSINT reverse phone lookup? Learn all tricks and discover OSINT tools for phone number investigations in this article.

The phone number contains clues about its owner’s identity and helps you find more information when conducting an OSINT investigation. If we have the target’s phone number, we can search hundreds of online databases in just a few clicks.

At first glance, the phone number cannot give us much additional information. Still, the data we can get gives us further clues and shows new connections. By examining the phone number, we can understand whether this number is real or used to hide the owner’s identity. For example, if you want to buy something online, this information could help you figure out if your transaction is secure.

A phone number can be the starting point for finding out almost everything about you step by step. For example, knowing a person’s number, you can add it to your contacts and check it through all the most popular instant messengers. Instagram shows which of your contacts are on the platform, as well as other social platforms. There you can find someone’s real name, photos, email address, etc. We can continue the search further based on the real name or photo. It’s a little scary, but that’s the reality of today. Don’t panic: you just need to figure out how it works, and then you can easily ensure the security of your own data.

In this article, we will analyze how to perform OSINT intelligence by phone number using the example of one of the most popular and effective tools for OSINT – PhoneInfoga. But before we get started, we’d like to put a little emphasis on US phone numbers.

What is special about phone numbers in the USA?

Compared to phone numbers in other countries, U.S. phone numbers are unique. The matter is the information connected with their registered owners is publicly available in the USA.

Marketing databases, U.S. public records, and people trying to make money on this information have made U.S. numbers especially useful for researching or stalking.

Exploring a number involves using a piece of information already known to find new data, which in turn will lead to a third piece, and so on.

That is why researchers try to figure out phone numbers so that later they can find the address, email, and name of its owner. The goal can be to search for information about other people who lived with this person — a wife, roommate, friend, or ex-spouse. Simultaneously, the researcher will receive much additional information based on which they can get what they need.

Where to begin?

One of the most obvious and simple steps is to find a phone number on people’s search sites.

These resources have access to a large amount of data that can help link a phone number to its owner and address. The search results include the owner’s phone number, address, full name, and, possibly, email address.

X-Ray Contact

It is an OSINT instrument that can be mastered even by people with zero previous experience. This resource collects information about users from different databases, so you can identify a person if they are present in one of them. X-Ray Contact has four main entry channels: name, email, photo and a link to any social media you have. 

You don’t need to manually install this tool as it is available in one click using both PC and mobile devices online. 

Start searching

PhoneInfoga

PhoneInfoga is one of the most effective tools for scanning phone numbers using only free resources. The goal is to collect basic information such as country, region, carrier, and connection type on any international phone number with high accuracy.

We will not dwell on the installation in detail since there are too many instructions. You’d better use the manual “How to install PhoneInfoga.”

PhoneInfoga’s functions:

  • Checks if the phone number is real
  • Collects standard information such as country, line type, and carrier
  • Performs open-data intelligence (OSINT) using external APIs, Google Hacking, phone books, and search engines
  • Checks reputation information, social media, disposable phone numbers, etc.
  • Can scan multiple numbers at the same time
  • Uses custom formatting for more efficient OSINT investigation
  • Auto-follows multiple custom formats

PHONE NUMBER FORMATS

It is worth noting that the program itself accepts only the international format and the E164 format. E.164 numbers can have a maximum of 15 digits and are usually written with a “+” prefix.

For example:

E164: +12345XXXXX

International: +12 3 45 67 XX XX

The international format is similar to E164 but differs as it uses separators as spaces.

Other popular formats:

  • National: 12 34 56 XX XX
  • RFC3966: tel:+12-3-45-67-XX-XX
  • The out-of-country format from USA: 123 45 9 67 89 XX XX

In many other countries, local dialing may require adding a “0” in front of the person’s number. When formatted in E164, “0” shall be removed.

For example, the UK number in the standard local format:

The same phone number in the E164 format: 

CUSTOM FORMATTING

When we search for information by phone number, we indicate the format we are used to. There can be a problem because, for example, if we search for “+12345678910”, we won’t find web pages that list the number as: “(123) 456-78910”. To find more accurate results, you can use (optional) custom formatting. Try specifying a popular format in the country where the number belongs.

Here’s an example: the French usually write numbers like this: 12.34.56.78.90 or 12 34 56 78 90.

For US numbers, the most common format is 123-456-7890.

For the Russian Federation, this can be 8-123-456-78-90 or 8(123)456-78-90 or 8(123)456 78 90, etc.

Here are some examples of custom US phone number formatting:

+1 234-567-xxxx

(+1)234-567-xxxx

+1/234-567-xxxx

(123)456xxxx

(123)456-xxxx

(123)456.xxxx

(123)456xxxx

(123)456-xxxx

(123)456.xxxx

For European countries:

+1234 56 78 xx xx

+12345678xxxx

+12345 678 xxx x

(1234)568678xxxx

(+12)345 678 xxx x

+12/345648xxxx

(1234)568 678 xxx x

+12345-678-xxx-x

(+12)345648xxxx

(+12)34 56 78 xx xx

+12/345-678-xxx-x

+12/34-56-78-xx-xx

+1234-56-78-xx-xx

(123)41 56 78 xx xx

+12/34 56 78 xx xx

(+12)345-678-xxx-x

(+12)34-56-78-xx-xx

(1234)51-56-78-xx-xx

(1234)518-678-xxx-x

+12/345 678 xxx x

How to use PhoneInfoga for the reverse phone lookup

Now we know what the E164 format is and are ready to start searching. Example of a number in this format: +12345678910

To start searching by phone number, use the -n option, after which you need to specify the number in international format:

1     python3 phoneinfoga.py -n “+12345678910”

 Please note that you need the country code to search correctly. If you don’t know the code, check it out here.

The program has “scanners” or groups of data sources. You can search all at once or individually. Specify its name after the -s option. If not specified, the program will use the “all” values; that is, the search will be carried out on all scanners. The full list and description can be found here.

Available data sources (scanners):

  • numverify
  • ovh
  • footprints

Numverify provides standard but useful information such as country code, location, line type, and carrier.

Examples

[!] —- Fetching information for 12345678910 —- [!]

[*] Running local scan…

[+] International format: +1 234 567-89-10

[+] Local format: 2345678910

[+] Country found: USA(+1)

[+] City/Area: New York

[+] Carrier:

[+] Timezone: UTC/GMT -4 HOURS

[i] The number is valid and possible.

[*] Running Numverify.com scan…

[+] Number: (+1) 2345678910

[+] Country: USA 

[+] Location: New York

[+] Carrier:

[+] Line type: landline

(!) This is most likely a landline, but it can still be a fixed VoIP number.

OVH uses the OVH Telecom API to determine if the VoIP number is a customer of that company.

The footprints scanner uses the Google search engine and Google Dorks to find phone numbers all over the web. It allows you to search for scam reports, social media profiles, documents, and more.


Sometimes the program asks you to answer some queries:

  • Would you like to use an additional format for this number? (y/N)
  • Would you like to search for temporary number providers footprints? (Y/n)
  • Would you like to rerun OSINT scan? (e.g, to use a different format) (y/N)

Checking multiple numbers and saving the results to a file

The program supports checking multiple numbers. They need to be saved to a file: type one number per line and specify the path to this file after the -i option. To save the results to a file, specify the file name after the -o option.

1 python3 phoneinfoga.py -i num.txt -o results.txt –no-ansi

The source file must contain one phone number per line; otherwise, the program will skip numbers.

Finding traces

If you are not interested in information about the country, operator, and other similar data, you can enable only the search for traces on the Internet with the -s option:

1 python3 phoneinfoga.py -n +123456789 -s footprints

Custom intelligence format

Don’t you know where to look and what custom format to use? Let the tool try some custom formats for you based on the country code.

1 python3 phoneinfoga.py -n +123456789 -s any –recon

PhoneInfoga command brief


Try DEMO

Try for free