One real US number per identity. No carrier fingerprinting.
Your threat intelligence team maintains a dozen sock puppet identities. Each needs a real US number for platform verification. JoltSMS gives you a dedicated non-VoIP number per identity — with webhook OTP delivery and full audit trail.
- Real carrier SIM numbers — not VoIP-flagged by Telegram, Signal, or Twitter/X
- One dedicated number per sock puppet identity, no shared pools
- Webhook delivery routes OTP codes directly to your tooling or SIEM
- Full audit trail: every SMS timestamped, accessible, and attributable to the right identity
Every inbound OTP arrives in a shared, auditable team inbox — no personal phones involved.
How OSINT teams accidentally create single points of failure in their identity infrastructure
Most OSINT teams start small — a few sock puppet accounts, each verified on an analyst's personal phone. It works until the first analyst leaves, a platform flags the number as recycled, or a VoIP check silently kills the verification flow. By then, months of identity-building effort are tied to a number that no longer exists or a phone that walked out the door.
| Problem | What it looks like for cybersecurity & osint teams |
|---|---|
| VoIP detection blocking account creation | Telegram, Signal, and Twitter/X perform carrier lookups. A VoIP number fails silently — the verification SMS never arrives, and the sock puppet account can't be created. |
| Analyst departure kills live identities | When the analyst who verified the account leaves, their personal SIM leaves with them. The identity is locked out and months of community infiltration work is lost. |
| Shared number pools blow sock puppet cover | Re-using numbers across multiple identities is an operational security failure. Threat actors cross-reference numbers; shared pools create attribution trails between identities. |
| No audit trail for compliance or legal review | Law enforcement partnerships and SOC 2 audits require documented evidence of which number was used for which identity, by which analyst, and when. Personal phones provide none of this. |
| Verification codes buried in personal SMS apps | OTP codes landing on an analyst's iPhone or Android require manual retrieval, manual hand-off, and introduce human error at the most critical step of identity setup. |
Turn identity infrastructure from a personal phone problem into a documented company system
JoltSMS gives cybersecurity and OSINT teams a scalable way to provision dedicated non-VoIP US numbers for each sock puppet identity. Numbers are company-owned, persist through analyst turnover, deliver OTP codes via webhook directly to your tooling, and generate a full audit log of every SMS received — satisfying the documentation requirements of both internal security governance and external compliance frameworks.
- Dedicated non-VoIP real-SIM US number per identity — passes carrier type lookups on Telegram, Signal, Twitter/X, Reddit, Discord, and LinkedIn
- Webhook delivery routes inbound OTP codes to your SIEM, custom tooling, or secure inbox in real time
- Numbers stay with the company account, not tied to any individual analyst
- Full SMS audit log with timestamps — attributable by identity, not by personal device
- Team Access roles (Owner, Manager, Viewer) so each analyst sees only the numbers relevant to their active investigations
Each identity gets its own number. All numbers live in the company account.
Common ways cybersecurity and OSINT teams use JoltSMS
Sock Puppet Identity Infrastructure
A threat intelligence team managing 10-20 active sock puppet accounts assigns one JoltSMS number per identity. When Telegram or Signal requires re-verification, the OTP lands in the team's webhook endpoint automatically — no analyst phones involved, no identity loss on personnel change.
Red Team & Adversary Emulation
During a red team engagement, operators need US phone numbers to register accounts on target platforms without triggering VoIP detection. JoltSMS provides dedicated real-SIM numbers for each engagement persona, with webhook delivery feeding codes directly into the operator's toolchain.
Compliance-Backed OSINT Operations
A managed security service provider running OSINT investigations for legal or law enforcement clients needs a documented chain of custody for every number used. JoltSMS generates a timestamped SMS log per number — satisfying audit requirements without analyst personal devices ever entering the evidence trail.
How a cybersecurity team provisions a number for a new sock puppet identity
Create the identity profile
Define the sock puppet's persona, platform targets (Telegram, Reddit, Twitter/X), and the analyst responsible for managing it.
Provision a dedicated JoltSMS number
Sign in to JoltSMS and request a new US number. Choose the area code to match the persona's backstory. The number is real-SIM — not VoIP, not virtual, not shared.
Configure webhook delivery
Set the webhook endpoint to your team's internal tooling, SIEM, or secure notification channel (Slack, Discord, or custom HTTP endpoint). OTP codes route there automatically on arrival.
Register the sock puppet account
Use the JoltSMS number as the phone number during account creation. The platform sends an OTP; it lands in your webhook within seconds.
Tag and document in JoltSMS
Add the identity name, platform, and investigation label as notes or tags on the number. This creates the audit trail associating a number with a specific identity and operation.
Rotate or release when the operation closes
When the operation concludes, release the number. The SMS history and audit log remain associated with that operation in your account.
Analyst-level access control for sensitive identity infrastructure
OSINT operations require compartmentalization. Not every analyst needs to see every identity's number or SMS history. JoltSMS Team Access lets the team lead grant visibility on a per-number basis — Owners control billing and provisioning, Managers handle day-to-day operations, and Viewers can read SMS codes without modifying anything. Numbers shared with an analyst appear in their dashboard in real time without revealing any numbers outside their scope.
- Owner role: team lead or operations manager controls provisioning, billing, and team membership
- Manager role: active analysts can configure numbers, update tags, and manage webhook delivery for their assigned identities
- Viewer role: read-only access for analysts who need to retrieve OTP codes but shouldn't modify identity configurations
- Invite analysts by email — no credential sharing, no shared SMS apps, no personal phones in the loop
Route OTP codes where your team's tooling already lives
OSINT analysts don't want to poll a dashboard when a sock puppet account needs re-verification during an active operation. JoltSMS delivers incoming SMS to the notification channel your team already monitors — including Slack channels dedicated to specific operations, Discord servers for red team comms, or direct webhook delivery into your custom tooling or orchestration layer.
- Slack — route OTP codes to a private operations channel, one channel per active investigation if needed
- Discord — deliver codes to a secure team server for red team operations that already coordinate on Discord
- Email — async audit trail for compliance review, legal hold, or post-operation reporting
- Webhooks — direct HMAC-signed HTTP delivery to your SIEM, orchestration layer, or custom identity-management tooling
FAQ for cybersecurity & osint teams
JoltSMS provides real physical SIM cards on US carrier networks — not VoIP, not virtual numbers, not cloud telephony. Carrier type lookups performed by platforms like Telegram, Signal, and Twitter/X during phone number registration will see a real mobile carrier, not a VoIP provider. We can't guarantee acceptance on every platform at all times — platform policies change — but real-SIM numbers are materially more reliable than VoIP or virtual number alternatives for this purpose. The non-VoIP distinction is exactly why OSINT practitioners choose JoltSMS over cheaper alternatives.
Give your OSINT team a proper phone number infrastructure
Stop tying sock puppet identities to analyst phones. Provision dedicated non-VoIP numbers your team owns.