How To Dox Someone: A Noob Friendly Guide

We are living in the era of Cyber Security Threats, where the Internet is available...

How To Dox Someone: A Noob Friendly Guide

We are living in the era of Cyber Security Threats, where the Internet is available at our fingertips, we even don’t care about who is tracking us, who are selling our data, who has an eye on our Bank Accounts, Credit Cards, even without our absence we are just enjoying the technology,

But remember everyone is being tracked, Search Engines also knows who is located at where and who is Buying what

In a day there may be hundreds of cyber-attacks across the globe, including data leaks, malware threats and harassment,

Even Big Companies are not able to protect their user data, that’s a big issue in this era,

Among that Doxing is different..!
You might hear of Doxing in the News articles, or somewhere but don’t have clarity about Doxing then don’t worry this post will be a good guide for you,

In this post am going to tell you what is Doxing, how Hackers dox someone and tell you the process of Doxing.

What is doxing?

Doxxing is the process of investigating and posting personal information about an individual or organization on the internet.

The data includes sensitive information such as a person’s real name, date of birth, parents’ names, phone numbers, email addresses, websites, locations, IP addresses, and so on.

Hope you got a clear understanding of what does it mean to dox someone

What does dox mean?

Dox or Doxx is meant for documenting, its all about researching about someone and gathering the information using Publicly available Tools (Including Search Engines, Social Media) and posting them over the internet.

Recommended Guides on Cybersecurity

Is doxing illegal?

Doxing is not at all illegal because an attacker uses the information already publicly available for free

Let’s see the real-life examples

Back in 2011, Anonymous and Lulzsec Started Doxing the FBI employees

In 2015 Anonymous published hundred of ISIS Twitter Accounts by Doxing,

you may ask me “is it illegal to dox someone”

Doxing is Not Legal at all, but it depends on the situations

Suppose Doxing is useful at hunting terrorists but it’s bad if you’re Doxing someone for harming their personal life

Who can Dox?

Doxing can be done by anyone including you and me, but Doxing is mostly done by Hackers, Crackers, Journalists, Law enforces, Businesses and Organisations

Why they Dox?

There is no particular reason to dox, they do because they need your personal information,
Let’s take an example
You meet someone on a forum or Facebook group and wanted to buy any service from him, after taking your payment he flies away and never be back,

Then what usually one does

  • Tells others he was scammed by the guy
  • Tells others not to deal with that guy
  • If the scam was big enough then he goes to Cyber cell

But Hackers does the same, along with that they did something different that is Doxing..!

There are many reasons to dox anyone

Maybe they need the email or phone number to bypass a login, or they need your info for making a fake identity
(That information can be used in many wrong ways, we aren’t going deep)

So let’s see how to dox

How to dox someone?

Before Doxing someone there are a few more questions left to be answered

How easy is it to dox someone?

Doxing is not easy at all, it depends on your hard work and intelligence also on the target person

How long does it take to dox someone?

It depends on the person who you’re about to dox, also depends on your intelligence and hard work
Sometimes it may take a day, or some weeks, and several months
Before you try to dox someone you must have any one of the following info

  • Full name
  • Phone number
  • Email address
  • IP address
  • Any social media username

(The list is not limited but these are the basic clues that we use to dox someone) '

How to dox someone with their name and last name

If you have the target person’s Name then you can use that info for doxing,

Note:
There are a lot of tools out three on the internet, but first I recommend you to do some manual hunting

In my personal Doxing journey, Search Engines and a Blank Doc Sheet are my #1 Tools

So you have their name, just use google, bing & yahoo and search with their name

Make use of google dorks, that is worth our time

Now closely observe the Search Results, and go through the Social Media Accounts with that usernames, if any of the accounts are suspicious to you then, make a note of that profile URL, also if any other info is attached to the profile then note them also

Note:

Social Media Is Not Limited to Facebook and Twitter, it also includes various online forums, while using search engines, don’t just look for social media usernames also see the other publicly available information

To make our research easier, we have to make use of some tools but remember tools are always not free, still, you can make free ones

Research through PIPL

Pipl is an online tool that is especially used for finding information on Names & Social Media usernames
To search through Pipl

  • Just open pipl.com
  • Type the name or username in the search box
  • Apply additional filters
  • You will get some valuable info

The information you get is 60% accurate, you will get the phone numbers, email ids, business addresses, photo

Note down all the info in the Doc file

Tip:

Most of the time you will get false results, so keep testing with the filters, also make sure your suspension is worth your time

Research through Whitepages

White Pages

Whitepages.com is also a similar service like Pipl, you can use this tool to search a person using their name, phone numbers, and location

Research through other Tools

Make use of Truecaller if you’re about to investigate a Phone Number
Nowadays tools are not limited, here we are giving some similar tools, you can try out, by using these tools, you can even search with numbers or any social media, this will help a lot of you’re about to learn how to dox someone with the phone number or email

How to dox someone with IP adresses

Case ONE: Get the IP address of the target through tracking links

  1. Get the IP address of a target. To get the IP address of a target, a free online service can be used. Go to https://iplogger.org and select the option “Invisible image” (see Figure 1).
alt_text
  1. The tracking dashboard, where one can customize a tracking link and observe the URL used to display the tracking results, is shown by IPLogger in the following screen (see Figure 2).
alt_text
  1. Send the tracking link to the target. Deceive the target by inserting the tracking link inside an email message or send it via a social media message (e.g., Facebook chat).
  2. Once the recipient clicks the tracking URL, go back to the IP logger website and access the URL used for viewing statistics. The target IP address should appear here (see Figure 3).
alt_text

Case TWO: Get the IP address of the target by investigating email message header (If there is a previous email communication with the target)

If your target has messaged you, you can get the IP from checking the email source. To do so for Gmail accounts, follow these steps:

  • Open the sender’s message in Gmail and click on “Show Original.” Now search for ‘Received’ within the code (see Figure 4 & 5) and copy the IPV4 address of the sender’s device. Make sure to start reading the email source from bottom to top.
alt_text
alt_text
  • With a target IP address on hand, go to https://www.ipaddress.com/ and enter it to gain insights into records, such as WHOIS information. (see Figure 6). This resource provides information, such as the area, postal division, state, nation, ISP, and working framework. Take note of these details and continue onward.
alt_text

Figure 6 – Find IP address information using https://www.ipaddress.com

Important note when looking for the sender IP address on Gmail header

When using the Gmail web interface to send an email, Gmail omits the sender’s IP address (via web browsers). However, if the sender uses an email client to send the message, such as Microsoft Outlook or Mozilla Thunderbird, or when using the Gmail mobile application installed on an iPhone or an Android device to send that email, Gmail may include the sender’s IP address.

  1. Now, to find target public posts on Twitter, use the @ operator. Here’s an example: @someone (this will retrieve all tweets that reference the ‘someone‘ account).
  2. One can search for all instances where this username is used by knowing one of the target social media profile usernames. The following two services can be used for this purpose.

a. https://checkusernames.com b. https://namechk.com

  1. To search within social media sites, use the symbol @ followed by a social media name; then enter a colon in the search query. For example, enter @facebook:Someone Name to search for the term “Someone Name” within Facebook).
  2. To locate the target email address (if their name is known), enclose the target name with quotation marks. For example, enter “FirstName Lastname.”
  3. A reverse image search can be performed on a personal photograph. Go to Google Reverse Image Search and either upload the image there or paste the image’s URL into the search box (see Figure 7).
alt_text
  1. Similar to standard search engines are people search engines. In order to provide information on demand, they index web content with an emphasis on personal information and store the findings in sizable databases. Use one of the following persons search engines to look up a target using his or her complete name, email address, or mailing address:

a. https://www.truthfinder.com b. https://www.411.com c. https://pipl.com

  1. Search for additional information using public records. Public records consist of information that has been—mostly—produced by government entities and is meant to be non-confidential. There are many public records repositories, such as:

a. https://www.genealogybank.com/explore/newspapers/all 

b. https://www.familysearch.org/search/collection/1202535 

c. http://www.melissadata.com/lookups/deathcheck.asp 

d. http://www.obitsarchive.com

Doxing is the process of looking through publicly accessible sites for details (particularly personally identifying details) about a particular target. Such information can be located via open-source intelligence tools and tactics by searching through public databases, social media sites, and other places where data is available.

Doxing Through Hacked Databases

Using Hacked Databases for Doxing

This is one of my favourite methods, in this methods, we have to search and investigate the victim’s email, Username or any clue to check whether his data might be leaked anywhere

Sometimes Hackers Hacks into different websites and dump their database then makes it public,

In this method, we will check whether his data is leaked online and collect the information

There are some tools to do a job, there is a Command-line tool, I recommend you to give a try,

Here is the tool: https://github.com/Ekultek/WhatBreach/blob/master/README.md

(Try Other tools too, but most of them will be Paid)

Dox Someone with his Photo

This method is extremely helpful when you’re about to check if the person is fake or original profile
Not only that it also good for reverse engineering,

In this method, we are basically checking whether the same photo is shared anywhere over the internet
I personally recommend you to the tool Google Image Search

Reverse image search

Just Put The Photo and observe the search results

Another tool is http://smallseotools.com
Use the reverse image search to collect some useful data with different search engines

Not least, If you want to find the information of your victim’s through his Website, then there is no secret, you can use who is Lookup Service to find the address, email, phone number and so on

Here is the tool I use the most: http://whois.domaintools.com/

Note that, the website owner should not be used Who is Privacy protection.

Conclusion:

I hope you learnt, how to dox people,
in this post, I tried my best to give you there comprehensive guide to doxing, and I think the tools are enough to dox but don’t limit them.

⚠ This article was only for educational purposes

Recommended Articles: