LIVE CAPTCHA
Waiting for challenges...
LIVE BLOCKED
Monitoring...
Whsipder
zero trust for telecom
Outbound Protection

Kill the threat
before the call connects.

A lightweight SIP media proxy that drops in front of your existing infrastructure. Whsipder intercepts outbound call traffic at the network edge, scores every call across multiple detection layers in under 50ms, and continues with GPU-accelerated audio analysis post-answer — including live transcription, deepfake detection, and brand impersonation detection.

Request a DemoSee Detection Layers
Multi
Scoring layers
<50ms
Pre-call decision
60+
Keyword patterns
49
Brand spoof patterns
Drop-in media proxy. Zero config.
Point your outbound SIP trunk at Whsipder. It inspects, scores, and forwards — your existing softswitch, dial plans, and routing logic stay exactly as they are. One box. One change. Done.
Pre-Call Detection

Multi-layer scoring. <50ms. Before media flows.

Every outbound call is scored across multiple independent detection layers before it connects. Each layer produces a weighted suspicion score. The combined result: ALLOW, CAPTCHA, or BLOCK.

Identity & Attestation
Caller ID verification against known brand spoofing patterns. Deep attestation parsing across all trust levels — fully verified, partially verified, and unverified gateway calls. Certificate chain validation, origination mismatch detection, and neighbor spoofing analysis.
Caller ID verificationAttestation analysisCertificate validationNeighbor spoofingDisplay name analysis
Behavioral Analysis
Real-time velocity tracking, sequential dialing detection, and temporal pattern analysis. Catches robocall behavior that metadata-only systems miss entirely.
Call velocity trackingSequential dialingTemporal patternsDuration profiling
Infrastructure Fingerprinting
Proprietary fingerprint derived from multiple protocol-level characteristics. Same dialer platform = same fingerprint, regardless of caller ID or IP rotation. Reputation learning degrades known-bad fingerprints over time.
Platform fingerprintReputation learningProtocol analysisMedia analysisIP reputationProxy chain detection
Active Traps
Honeypot numbers that trigger instant source-level blocks. Zero tolerance — any call to a trap number identifies the source as a robocaller.
Honeypot networkThreat intel feeds
Infrastructure Fingerprinting

Same platform. Same fingerprint. Every time.

Robocallers rotate numbers and IPs constantly — but they can't rotate their dialer platform. Whsipder builds a proprietary fingerprint from multiple protocol-level characteristics that uniquely identify the underlying infrastructure. Change your caller ID all you want — we already know who you are.

How It Works
Inbound SIP signaling
  |
  v
Extract protocol-level characteristics
  |
  v
Generate deterministic infrastructure fingerprint
  |
  v
Lookup fingerprint reputation
  |
  ├─ Known-good  ──> Trust boost
  ├─ Unknown     ──> Neutral
  └─ Known-bad   ──> Score penalty
  |
  v
Same platform across different calls?
  └─ Link into campaign ──> Block entire operation
Why it works
Robocallers can spoof caller ID. They can rotate IPs. They can change display names. But they can't change the structural characteristics of their dialer platform without rebuilding their entire infrastructure. The fingerprint identifies the platform itself — not the call metadata.
Reputation learning
Every fingerprint accumulates a reputation score over time. Legitimate platforms build trust. Known-bad fingerprints get progressively penalized — one bad actor using a platform poisons the fingerprint for all calls from that same infrastructure. Reputation decays naturally, so reformed platforms can recover.
Platform detection
Cheap VoIP dialers, auto-dialers, and cloud PBX platforms each have distinct protocol fingerprints. A legitimate enterprise PBX looks nothing like a disposable SIP trunk running through a VPN. Whsipder learns the difference automatically.
Cross-call correlation
When a fingerprint appears across multiple blocked calls — different numbers, different IPs, same infrastructure — Whsipder links them into a campaign. One confirmed robocaller exposes the entire operation. This is how you catch networks, not just individual calls.
Post-Answer Audio

GPU-accelerated. Real-time. Every call.

Once connected, Whsipder captures the outbound audio stream for real-time AI analysis — live transcription, keyword matching, and brand impersonation detection.

Live Transcription
GPU-accelerated speech-to-text on every connected call. Multi-language support with automatic detection. Voice activity detection for efficient processing.
Keyword & Script Detection
60+ weighted keywords across multiple scam categories — warranty scams, urgency tactics, government impersonation, tech support, and more.
Brand Impersonation
Real-time transcript matching against known impersonated brands. Dynamic blocklist managed via API. Catches brand impersonation before the victim engages.
Voice CAPTCHA

Prove you're human. Before the call connects.

Borderline calls get an audio CAPTCHA challenge. Multiple difficulty levels with dynamic generation. Automated systems fail — humans pass naturally.

Decision Flow
Outbound call intercepted
  |
  v
[16-Layer Scoring] ──> Score: 0-100
  |
  ├─ Low risk   ──> ALLOW   ──> Connect
  ├─ Borderline ──> CAPTCHA ──> Pass? Connect : Drop
  └─ High risk  ──> BLOCK   ──> Reject
  |
  v (if connected)
[Audio Analysis]
  ├─ Live transcription
  ├─ Keyword / brand detection
  └─ Mid-call BLOCK if threat confirmed
Live Dashboard

Full visibility. Instant control.

Real-time monitoring with live scoring feeds, active transcription, one-click call termination, and per-trunk configuration — all from a single pane.

Live
Real-time streaming feed
16
Per-layer score breakdown
1-click
Call termination
Export
Full CDR export
Per-Trunk Configuration
Independent BLOCK and CAPTCHA thresholds per trunk. Whitelist trusted sources. Override layer weights. All changes take effect instantly — no restarts.
Detection Engine Tuning
Enable/disable any detection layer independently. Adjust per-layer weights via UI sliders. Score normalization adapts automatically.
Roadmap

What's next.

Voice fingerprinting, long-term storage, and GeoIP anomaly detection are live. External threat intelligence is in progress. Reputation databanks are next.

Voice Fingerprinting
shipped
Voice profiles of known robocall actors. Same voice across different numbers = same robocaller.
Long-Term Storage
shipped
Full CDR and scoring history persisted to PostgreSQL. Historical queries, trend analysis, and compliance-ready data retention.
Reputation Databank
planned
Persistent reputation profiles and relationship graphs linking numbers, IPs, voices, and campaigns to identify robocall networks.
GeoIP Anomaly Detection
shipped
Datacenter vs. residential classification. Geographic anomaly detection — signaling from one region, media from another.
External Threat Intelligence
in progress
Integration with industry databases and threat intelligence feeds. Pluggable architecture for custom threat sources.
Ready to kill robocalls at the source?

See Whsipder in action — live scoring, real-time transcription, and threat blocking on actual call traffic.

Request a Demo