How To Dox An Ip
How to Dox | Cybrary
This article is the second of a two-part series on Doxing. The first article can be found here.
Doxing is essentially gathering sensitive information about a target that they generally wouldn’t want or expect disclosed. These details include everything from their name, email address, ZIP code, and even home and work addresses. This article demonstrates some techniques to gather intelligence about a specific target using various online resources., The collected information can be used against the target in different scenarios.
The following demonstrates an example of doxing:
Case ONE: Get the IP address of the target through tracking links
Get the IP address of a target. To get the IP address of a target, a free online service can be used. Go to and select the option “Invisible image” (see Figure 1).
In the next screen, IPLogger displays the tracking dashboard where one can customize a tracking link and view the URL used to display the tracking results (see Figure 2).
Send the tracking link to the target. Deceive the target by inserting the tracking link inside an email message or send it via a social media message (e. g., Facebook chat).
Once the recipient clicks the tracking URL, go back to the IP logger website and access the URL used for viewing statistics. The target IP address should appear here (see Figure 3).
Case TWO: Get the IP address of the target by investigating email message header (If there is a previous email communication with the target)
If your target has messaged you, you can get the IP from checking the email source. To do so for Gmail accounts, follow these steps:
Open the sender’s message in Gmail and click on “Show Original. ” Now search for ‘Received’ within the code (see Figure 4 & 5) and copy the IPV4 address of the sender’s device. Make sure to start reading the email source from bottom to top.
With a target IP address on hand, go to and enter it to gain insights into records, such as WHOIS information. (see Figure 6). This resource provides information, such as the area, postal division, state, nation, ISP, and working framework. Take note of these details and continue onward.
Figure 6 – Find IP address information using Important note when looking for the sender IP address on Gmail header
Gmail doesn’t include the sender’s IP address when the sender sends his/her email using the Gmail web interface (via web browsers). Nevertheless, Gmail may include the sender IP address if he/she uses an email client to send the message such as Microsoft Outlook or Mozilla Thunderbird, or when using the Gmail mobile application installed on iPhone and Android devices to send that email.
Now, to find target public posts on Twitter, use the @ operator. Here’s an example: @someone (this will retrieve all tweets that reference the ‘someone’ account).
One can search for all instances where this username is used by knowing one of the target social media profile usernames. The following two services can be used for this purpose.
To search within social media sites, use the symbol @ followed by a social media name; then enter a colon in the search query. For example, enter @facebook:Someone Name to search for the term “Someone Name” within Facebook).
To locate the target email address (if their name is known), enclose the target name with quotation marks. For example, enter “FirstName Lastname. ”
A personal picture can be used for a reverse image search. Simply go to Google Reverse Image Search and either paste the image URL in the search box or upload it to Google (see Figure 7).
People search engines are similar to typical search engines. They index online content but focus on personal details and store the results in huge databases to return information upon request. Search for a target using his/her full name, email address, or mailing address using any of the following people search engines:
a. b. c.
Search for additional information using public records. Public records consist of information that has been—mostly—produced by government entities and is meant to be non-confidential. There are many public records repositories, such as:
a. c. d. Doxing is the act of searching publicly available sources to find information (especially personally-identifying information) about a specific target. Open-source intelligence methods and techniques can be used to find such information by searching within government records, social media platforms, and any place where data is accessible your Cybersecurity or IT CareerAccelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry
How to Dox People Online – Helge Sverre
Doxing is a term used for the process of digging up profiles, pictures, addresses, emails and other relevant information from public sources, about an individual when you have very little information to start with, usually just a username or an email address.
Another word for doxing is Document Tracing and is also sometimes spelled Doxxing.
I use various doxing techniques to find emails and information about people when I need to contact them about an issue with their website, when they have not provided any means of contacting them through said website.
Legality of Doxing
Doxing may or may not be legal depending on your country and state laws, I am not a lawyer and I simply do not know, I assume no responsibility for the information I am about to share.
However using this information to harass or abuse an individual(that includes celebrities) is against the law and instantly makes you a dickhead, so don’t do it.
More information on legality:
If the person you are trying to dox happens to have a website you could try to do a WHOIS lookup on the domain name by using a service such as or any other website out there that provide you with a WHOIS lookup feature (there are a lot of them, even I have created one).
A WHOIS lookup will return various information about the domain owner like their name, email, phone number and address.
Sometimes people purchase WHOIS Privacy plans from their domain registrar to mask their names from the WHOIS information, if the person that you are trying to find information on has done this, you will usually see a generic “WHOIS PROTECTION LLC” or similar company name as the domain owner.
Doing a WHOIS lookup on a domain will ask the appropriate WHOIS server for the TLD (top-level domain) that the website is using, what that basically means in layman terms is that there are different servers for every domain ending(, and) that is currently in use, you may find a list over these servers on the official IANA webpage.
Something to note is that when you send an email to the email listed on domains that are protected with WHOIS Privacy, it sometimes will forward your email to the real owners email, do not rely on this to be true in every case though.
Reverse IP Domain Lookup
Since we’re talking about domains and websites, I thought I’d throw in a little advanced tips that could be very useful if your target has a website, It’s a trick called Reverse IP Domain Lookup, it is the process of using a search engine to look for websites that are hosted on the same IP address as the website of the individual you are trying to find information about.
John Smith has a kitten-hating website called, you are extremely against this website and want to find out what horrible person is running it, but John has purchased domain privacy and the WHOIS information for the domain is not useful to you.
What you could do then is to go to a Reverse IP Domain lookup site (list below) and type in the IP address of the domain (Open CMD and write ping then copy the IP address).
You will then get a list of websites that are hosted on the same IP, now, bear in mind that there is no guarantee that any of the websites that are hosted on the same IP Address actually belong to John Smith, but with some manual checking and looking through each of the websites you should be able to filter out the irrelevant websites and find the ones that likely belong to the kitten hating individual.
Here are some good, reliable websites that provide Reverse IP Domain Lookup services, I suggest that you cross-check between all of them:
Follow The Username
If the particular information that you’ve got about the person you are trying to dox is a username from a place like reddit, steam or a forum, you could try to copy-paste the username into Google or any other search engine and look for profiles on other websites that are using the same username.
It’s highly likely that the person has used the same username on multiple websites, if the person has shared personal details about himself using the same username somewhere else than you should be able to find it pretty easily with some clever Googling.
A quick and dirty way to search for a username on a bunch of popular websites at once is to use a website called KnowEm, it will take the username that you’ve specified and go out and check if it is registered on any of the 500 social networks that it has in it’s database.
Searching for the username on Skype may also prove successful and might give you the person’s full name and possibly a picture of the individual.
Facebook Email Lookup
If you’ve got the individuals Email ( or full name) then you can copy-paste it into the Facebook search bar and see if a profile comes up.
Facebook allows people to quickly find a profile if they have the email that the person used to create their account with, this can be a very quick way to find a lot of information about a person from one place.
Reverse Image Search
With the recent advances in technology doing a search based on an image has become quite trivial, lets imagine that the person that we want to find more information about is someone on a forum, he has a picture of himself as an avatar.
If you are using Google Chrome you can simply right click on this avatar and choose the option “Search Google for this image. ”, you will then be taken to a Google search result page where you will find links to other websites where the exact or a very similar image has been used, most of the time people have a single “profile picture” that they use everywhere.
This works wonders on dating sites where you often have to pay to be able to message people, although from personal experience, this is often not very effective and will just label you as a creepy stalker…. _.
Phone Number Search
If all you got is a phone number, or you’ve managed to find the phone number of the person you are digging up information about, then you could try various “reverse phone lookup” sites, there are a lot of bullshit websites that want you to pay for this information.
The legality of phone book websites in various countries differ slightly so there is no one website where you can lookup every phone number in the world, but here is a website that I found has a very neat list of websites in each respective country that provides a phone lookup service:
Real Name + Address Combinations
If you’ve got the real name of the person you are trying to find more information about, and you might have an idea of where he is located, you can start combining the name and part of the address like so:
“john smith us”
“john smith florida”
“john smith Osceola St”
This method also works well with email addresses and usernames, try various combinations of the username, email, name and address to get more and more information about your subject.
Tracing someone down on the internet is not as hard as people think.
It only takes a little bit of clever searching and maybe a few minutes of cross-checking information, it wouldn’t take an experienced “doxer” more than a few hours to have a complete profile of an individual.
Be careful about what information you share online.
This article was originally written on which was another website I owned and operated, but I shut it down and published this here instead.
What Is Doxxing and How Can You Prevent It? – Avast
What is doxxing?
The term “doxxing” originates from the word “documents. ” 1990s hacker culture shortened the term to “docs” and then “dox, ” with “dropping dox” referring to collecting personal documents or information, such as a person’s physical address, and then publishing them online. The hacker collective Anonymous helped popularize the term.
Today, the definition of doxxing can refer to publishing anyone’s information online, or can apply specifically to uncovering the real person behind an anonymous handle or username and exposing them online. Doxxing attacks usually involve harassment or revenge, and sometimes a sense of vigilante justice, such as doxxing people to reveal the racist or neo-Nazi comments they posted anonymously online.
While the concept is decades old, doxxing is still alive and well — and it can be very dangerous, especially as it becomes more mainstream. Once someone’s private information is out there, they can be targeted based on their physical address, job location, phone number, email, or other information. Doxxing attacks can range from the somewhat benign, such as fake mail sign-ups or pizza deliveries, to the far more dangerous, like harassing a person’s family or employer, swatting, identity theft, threats or other forms of cyberbullying, or even in-person harassment.
Doxxers can choose anyone as their victims, whether it’s someone they got into an argument with online, a journalist, or a celebrity.
One of the first doxxing campaigns began in 1997 when anti-abortion activitists in the US targeted abortion providers. This particularly insidious doxxing example involved a website called the Nuremberg Files, which published abortion providers’ personal information as a hit list, encouraging harm against them. A 2002 court case found that the site constituted a threat to incite violence, and it was shut down.
After the 2013 Boston Marathon bombing, thousands of people gathered on the online community Reddit to play detective. The Redditors ended up incorrectly identifying and doxxing several suspects — none of whom turned out to be involved in the bombing in any way.
A few years later, in 2017, white supremacists marched in Charlottesville, VA, inspiring some counter-protestors to dox participants. Several neo-Nazis lost their jobs after doxxers revealed their participation in the march. But some innocent people were incorrectly suspected of participating in the march and were flooded with hate mail and threats — for something they weren’t even involved in.
While the ethics of doxxing can be murky — after all, most of the information is publicly available online — it can quickly turn nasty, especially when a mob mentality springs up.
How does doxxing work?
Doxxing traditionally started with arguments online and escalated to one person sleuthing out information about an adversary. Recently, doxxing has begun to be used as a tool in culture wars, with hackers doxxing those who support opposing ideologies. Many celebrities and journalists have been doxxed, too, causing them to suffer from online mobs, death threats, and fears for their safety.
To dox someone, private information needs to be tracked down. And while many people think of the internet as anonymous, it’s important to understand that there are many ways you can be identified online.
Doxxers use various methods to collect information about their victims. By following breadcrumbs — small pieces of information about someone — scattered across the internet, a dedicated doxxer can assemble a useful puzzle that leads to uncovering the real person behind an alias, including the person’s name, physical address, email address, phone number, and more. Doxxers may also buy and sell personal info on the dark web.
Small pieces of information can be put together to uncover a real person behind an alias.
Doxxers can use various methods to discover your IP address, which is linked to your physical location. Doxxers can then use social engineering tricks on your internet service provider (ISP) to discover more information about you. There are many ways to accomplish this, but here’s just one example of how an IP dox (or an ISP dox) can work:
Let’s say you post a comment on a forum or a blog. The administrator of the forum or owner of the blog can see your IP address through the comment (that’s how they’re able to block users whose comments they may not want on their site). With your IP, the doxxer can easily discover who your ISP is. They can then use a call spoofing app to make their phone number display the ISP’s own number.
The doxxer calls the ISP, pretending to be a member of the tech support team — they fabricate a convincing story of trying to help a customer, but the service is down or they lost the connection. All they have is an IP address, but they can use that to request the rest of your customer information, which may include:
Your full name
ISP account number
Date of birth
Social security number
Sure, this requires a few steps, some manipulation, and a gullible ISP worker, but it’s just one method out of many that an experienced doxxer can use to uncover all of your personal information.
Social media doxxing
An easier tactic is social media doxxing. If your social media accounts are public, anyone can discover all kinds of information about you, such as your location, place of work, your friends, your photos, your likes and dislikes, places you’ve visited, the names of your family members, the names of your pets, and more.
A doxxer can find a large body of information about you, and may even discover the answers to your security questions — which would help them break into your other online accounts, such as your online banking account. That’s why you should make all your social media accounts private.
If you’re using online forums like Reddit, 4Chan, Discord, Youtube, or others, make sure you use different usernames and passwords for each service. If you use the same ones, a dedicated doxxer could search through your comments on all different platforms and use that information to compile a detailed picture of you. Also make sure not to reveal too much personal information, such as the name of the company you work for.
Data brokers exist to collect information about people and sell that information for profit. Data brokers gather their info from publicly available records (marriage licenses, DMV records, voter registration logs), loyalty cards (your online and offline buying behavior), online search histories (everything you search, read, or download), and from other data brokers. Many data brokers sell their information to advertisers, but there are also several people-search sites that offer comprehensive records about individuals for around $20 a pop. All a doxxer has to do is pay this small fee to get more than enough info to dox someone.
What is swatting?
Swatting, the demented cousin of doxxing, is when someone calls to report a “hostage situation” at their victim’s address. Then, when a SWAT team rushes in, people at the address are caught completely off-guard and are often hurt or even killed in the confusion. This happens often in gaming circles, when perpetrators want to interrupt other streamers as they play.
One tragic example of this involved a teenager who was upset about a $1. 50 bet he made over Call of Duty. To get revenge on his opponent, he reported a hostage situation at his opponent’s home — but he had an old address where his opponent no longer lived. Then, when heavily armed police showed up at what was essentially a random person’s home, they ended up shooting and killing a 28-year-old man who was not even involved in the game.
Swatting is a recent phenomenon, but it’s becoming increasingly dangerous. Many cities don’t know how to protect against swatting — but Seattle, WA has developed a good tactic. They’ve started an anti-swatting registry to allow people who are worried about getting swatted to list their address in a database. Then, if a call comes in, police check the registry before showing up at the address. That means they can be much more cautious and avoid causing an unnecessarily dangerous situation.
Is doxxing illegal?
Doxxing is multifaceted, and its legality is determined on a case-by-case basis. While there are no laws against finding publicly available information and compiling or publishing it — or even any specific anti-doxxing laws — there are other crimes (and cybercrimes) that doxxers can be charged for, depending on the nature of the case. These include stalking, harassment, identity theft, or incitement to violence.
In the US, the Interstate Communications Statute and the Interstate Stalking Statute may be applied to doxxing, depending on the details of a particular case. There are also no laws explicitly prohibiting swatting, although perpetrators can be charged under other laws.
Can you go to jail for doxxing someone?
Yes, you can go to jail for doxxing or swatting someone. The teenager mentioned above who reacted to losing a Call of Duty bet by falsely reporting a hostage situation was caught, charged with 52 criminal counts related to fake calls and threats (including an earlier fake bomb threat at the FBI), and is currently serving 20 years in prison.
Have I been doxxed?
If you’ve been doxxed, you’ll know it soon enough. Unfortunately, doxxers usually don’t publish someone’s personal information and then stay quiet about it. If you start receiving threatening messages, it’s time to lock down all of your accounts. Make sure to check if your Facebook account has been hacked and verify that your Gmail account is secure.
You should also check to see if your personal information is now for sale on the dark web — the restricted part of the internet that you need special means, like Tor, to access. It’s not easy to monitor the dark web yourself, so you may want to consider enlisting the help of a service. Avast BreachGuard scans the dark web 24/7, alerting you the moment the exposure of your personal information has been detected and helping you work quickly to secure your privacy.
Avast BreachGuard will assess the risk of exposure of your personal information.
What to do if you’ve been doxxed
If you’ve been doxxed, or if you think someone may be doxxing you, it’s time to act fast to stop the spread of your personal information. Here are a few simple steps you can take right away:
Document the evidence. Make sure to take screenshots of everything in case you need to report it to the police.
Report the harassment to whatever platform your info appears on. Sites like Facebook and Twitter have terms of service agreements that prevent doxxing, and they should respond to your request and suspend the account of the doxxer(s).
Report the cybercrime to the appropriate authorities.
Lock down your accounts. Change your passwords, use a password manager, enable multi-factor authentication where possible, and strengthen your privacy settings on every account you use.
Enlist a friend or family member for support. Doxxing can be emotionally taxing. Ask someone to help you navigate the issue so you’re not dealing with it on your own.
Consider changing your number. Depending on what information was exposed, you may want to consider changing your phone number, usernames, or other personally identifying info where possible.
Enlist a service to monitor for leaks of personal information. A service like Avast BreachGuard will monitor the dark web and alert you if any of your personal information has been exposed. It will also help you remove your info from data brokers’ databases, reducing the amount of information doxxers can find about you online. Get Avast BreachGuard today and find out if any of your personal information is at risk.
How to prevent doxxing
Getting doxxed can be traumatizing. Luckily, there are steps you can take to avoid leaking your personal information online, protect your private data, and prevent doxxing.
Protect your IP address with a VPN or proxy
Your IP address identifies you online. It can also show your physical address. While it won’t show your exact street address, it can identify your location inside a general area. You can easily hide your IP address by using either a VPN or a proxy. With either one of those tools, you connect to a server before connecting to the public internet. That means anyone trying to discover your IP address will see only the IP of the server, while your address remains hidden and protected.
A web proxy tool can provide this service for free, but a VPN like Avast SecureLine VPN provides additional privacy benefits: it encrypts your entire internet connection. That blocks anyone from snooping on what you’re doing online, which is especially important if you’re using unsecured public Wi-Fi networks. Our VPN also allows you to change your virtual location regularly, giving you increased anonymity and robust protection. Give Avast SecureLine VPN a spin today and enjoy a safe and secure online experience.
Avoid “log in with Facebook/Google” options
You see it all around the web these days, on everything from games to news sites to health apps and more: “sign in with Facebook” or “sign in with Google. ” The temptation to do so is understandable — who wants to create another unique login and password? But signing into a third-party site using Facebook or Google lets that website request more info about you. And the more sites you connect to with the same login credentials, the more of your personal information can be gathered and compiled in one place.
Signing into many different sites using just your Facebook or Google account can make you particularly vulnerable to a breach. If your account password is leaked, a hacker could then gain access to all the sites you’ve linked up. That makes it very easy for a hacker to get all your personal info, and much harder for you to lock down your accounts.
Keep social media profiles private
Our social media profiles include a wealth of information about us: our general location if not our full address, our work history, birthdate, friends, family members, photos, interests, and on and on. Having that much information publicly available would make doxxing you a breeze. Even if you don’t think you have any enemies out there, it’s still best to lock down your social media accounts. See our instructions to make your Facebook profile private and make sure to de-index your profile from search engines (#8 on our list). You should also tighten up your privacy settings on Instagram and any other social media services you use.
Use pseudonyms in online forums
If you use Reddit or other online forums, make sure you aren’t using your real name as your username. It’s best to avoid your name, birthdate, city, or any other identifying information in your handle. Reddit loves funny usernames anyway, so why not embrace your inner creativity and go with something like TheEarthIsATriangle or some other randomly adorable handle?
Using a pseudonym is just one way you can stay more anonymous while browsing. You should also choose a unique username for every service you use. If you reuse the same one, a doxxer could connect these separate accounts and mine them all for clues to your identity.
Request removal of your information online
As mentioned, data brokers compile and sell huge amounts of personal data on nearly everyone these days. Most people aren’t even aware that there are many different data broker companies that possess extensive files on them, including everything from their browsing history, online and offline buying habits, medical histories, financial histories, criminal histories, and much more.
And when data breaches inevitably happen, like the Equifax breach, your information can be leaked for all the world to see. If your details ever find their way to the dark web, they’ll likely remain there forever.
So what can be done? Well, if you’re able to identify each and every one of the data brokers that have your information, you can contact them individually to request they remove you from their database. But though they’re legally obligated to comply, they can make it a very time-consuming process.
That’s why you should be proactive and enlist a privacy service such as Avast BreachGuard. Avast BreachGuard will contact data brokers directly on your behalf and take care of the information removal process for you, before your personal info can be exposed. It’ll also monitor the dark web for leaks and alert you right away should one occur.
Protect your information with Avast BreachGuard
Avast BreachGuard protects your information in three distinct ways:
24/7 risk monitoring: Avast BreachGuard monitors the dark web and scans for data breaches. If your information gets leaked, we’ll alert you immediately so you can take steps to protect your information.
Personal info removal: Avast BreachGuard identifies the data brokers that have profiles on you and sends requests on your behalf to get your information removed.
Password protection: Avast BreachGuard scans your browser for weak or reused passwords to make sure you’re not using any that may have already leaked.
Doxxers won’t stand a chance if you have Avast on your side. Download Avast BreachGuard today to bolster your defenses, protect your privacy, and ensure your personal information isn’t exposed or weaponized against you.