Getting started 6-minute read

Reading a Scan Report

Paste one identifier and get one verdict card. Here is what the Scan report checks, what each verdict means, and where it stops.

In short

The Scan box auto-detects whether you typed a phone number, email, domain, IP, or username, runs the matching check, and shows a single card: a verdict, the signals behind it, and links to dig deeper. The verdict describes the identifier, never the person. Treat it as a fast first pass that tells you where to look next, not a decision.

One box, five kinds of input

Most lookups start the same way: you have one piece of information about someone or something and you want a quick read on it. The Scan box takes that single value and works out what it is, so you do not have to pick a tool first:

A phone number in +E.164 form goes to the carrier and line-type check.
An email address is validated and its domain is assessed for risk.
A domain gets its DNS and email-authentication posture, and optionally a threat and certificate-age check.
A public IP is looked up against free reputation feeds.
A username is checked across 24 platforms for a public profile.

The detection follows strict rules, so an input is only ever sent to a check it actually fits. When something is genuinely ambiguous, like a token that could be a domain or a handle, the report says so and offers a one-click way to re-run it the other way rather than guessing silently.

The four verdicts

Every Scan lands on one of four labels. They are deliberately about the identifier and its technical signals, never a judgment of a person:

Clear Nothing in the available signals stood out. This is not a clean bill of health, just an absence of flags.
Worth a look One or more signals are worth verifying against another source before you rely on them.
Needs attention Several signals are unusual. Investigate before drawing any conclusion.
Not enough signal The check could not gather enough to judge, often because a service was unreachable. It is never a substitute for "Clear".

A username scan is a special case: a found profile is a lead, not a fault, so usernames never read as "Needs attention". The most matches you will see is "Worth a look".

How to read the signals

The verdict is a summary; the signals below it are where the value is. What you see depends on the entity:

Email: whether the domain exists and receives mail, whether it is a disposable or free provider, how old the domain is, its SPF and DMARC posture, and whether it looks like a brand it is not.
Domain: whether it resolves and handles mail, its SPF and DMARC and DNSSEC posture, and, on request, threat-feed listings and when it first appeared in Certificate Transparency logs.
IP: the network and hosting provider it belongs to, whether it is a Tor exit, and any listings on free reputation feeds for proxies, spam, or active botnet command-and-control.
Phone: whether the number is valid and reachable and its line type, since a non-fixed VoIP line is worth a closer look in some hiring and fraud contexts.
Username: which platforms have a public profile at that handle, grouped by category, with sites that could not be checked shown honestly as unknown rather than absent.

Each signal carries a short note on why it matters, so the report explains itself rather than expecting you to know what DMARC or a datacenter ASN implies.

What it deliberately does not do

The honest framing is the point, so it is worth being explicit about the limits:

It does not identify a person. An email, handle, or number is a string, and different people share them.
It does not store what you scan. Results live in volatile memory for a few minutes and nothing is logged.
A failed or rate-limited check shows "Not enough signal", never a red verdict invented from a missing answer.
It is a snapshot. Reputation, profiles, and DNS records change, so a result reflects this moment.

Using it responsibly

The right way to use any single signal is to corroborate it and then ask, rather than to decide:

Open the linked detail and confirm a signal before you weigh it. The pivots take you straight into the per-type tab for the full picture.
Treat "Worth a look" or "Needs attention" as a prompt for an ordinary follow-up question, not a verdict on a person.
Run the same process for everyone. A check you only apply to some people is a bias waiting to happen.
Never make a consequential decision on this alone. It is one weak signal among several.

Scan something

Paste a phone, email, domain, IP, or username and get a one-look report in seconds. No login, nothing stored.

Open the Scan box →

This guide is educational and describes how the Scan report combines publicly available signals. It is not legal advice or a recommendation about any specific person, account, or organization.

A Scan verdict is a weak signal, not a verdict on a person. It does not establish identity, character, creditworthiness, or fitness for a job, housing, or insurance. Never make a consequential decision about someone based on a single signal. Corroborate any concern with independent evidence and give the person a chance to explain.

If you use checks like these in hiring or other consequential decisions, you may have obligations under fair-use and anti-discrimination laws (for example FCRA and EEOC guidance in the United States, and comparable rules elsewhere). Apply the same process to everyone, document your reasons, follow your organization's policies, and consult qualified counsel before acting.