harvey
10-03-2013, 10:42 AM
INFORMATION
This guide will explain how to find dox, and prevent getting doxed. It is highly recommended that you read the Anonymous tutorial (http://link.cur.lv/anonymous-guide), and the Supa Sekret guide (http://link.cur.lv/sekret).
NOTE
The art of doxing is pretty easy to grasp, for getting basic information on your average person. You don't need to be a hyper internetfag to know how to dox.
When you are collecting dox on a person, determine what is important and what isn't when adding it to your dox file. Keep it formatted nice also, to read easily.
You can use Google or any search engine, and find their names, addresses, emails, and more, or you can use any of the websites below to help dox a person.
You also have to remember, everyone in this world is so hooked on social networking websites. A person will share their entire life on some social networks.
TEMPLATE
Here is an example of how your dox file should look:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/dox.png
NOTE: You can see here, it is separated in sections by each family member, and each section has sub-sections.
COLLECTING DOX
The websites listed below are only a few, of the many, that can be used to aid you in your doxing process:
GENERAL
• Advanced Background Checks (http://link.cur.lv/advancedbackgroundchecks) - Find almost everything out about a person.
ADDRESS
• Google Maps (http://link.cur.lv/google-maps) - Get a street view picture of a location.
• Spokeo (http://link.cur.lv/spokeo) - Search for a person by name/location.
• WhitePages (http://link.cur.lv/whitepages) - Search for a person by name/location.
IP ADDRESS
• IP Logger (http://link.cur.lv/iplogger) - Steal peoples IP address with an image. (NOTE: The name is obvious, but you can use a URL shortener, like TinyURL).
• IP-Tracker (http://link.cur.lv/iptracker) - Trace an IP address.
PHONE NUMBER
• FoneFinder (http://link.cur.lv/fonefinder) - Phone carrier or service provider lookup.
• WhitePages (http://link.cur.lv/whitepages-reverse-phone) - Search for a person by phone number.
URL
• URL2IP (http://link.cur.lv/url2ip) - Convert a URL to an IP address.
• WhoIS (http://link.cur.lv/whois) - Get general information about a website.
OTHER
• Check Usernames (http://link.cur.lv/checkusernames) - Search if a username exists on a number of websites.
SOCIAL ENGINEERING
While finding the basic information on a person, is a simple as going on Google and searching through a few pages of results, you can get so much more.
Using the art of social engineering, you could virtually get anything on anyone, if you have the skill. It's something that comes naturally, in my opinon.
You can use social engineering to get dox from a company or service that holds the persons dox, like a bank, or even social engineer the person you are doxing directly.
For example, lets make a scenario here. Using the dox template above, as an example, lets say John Smith put on gis facebook that he works at Walmart.
Now for the the dirty work. Spoofing my phone to appear as if it is coming from his Walmart, I call John Smith:
BOB : "Hello, may I speak to Alice please?"
ALICE : "Yes, this is her, can I ask who is calling?"
BOB : Hi Alice! My name is Bob, I am calling you from Walmart.
ALICE : "Oh, hello Bob! How may I help you?"
BOB : "I am the stores hiring manager, and it is our job, that we do a routine check on our current employees application credentials.
I just needed you to verify some information for me if thats ok."
ALICE : "Sure."
BOB : "I have here that your at 420 Lolitrolu Street, is that still your present address?"
ALICE : "Yes, it is."
BOB : "Ok, and lastly, I was having trouble verfiying the social security number provided on the application. Do you know it off the top of your head?"
ALICE : "Yeah, it is 123-45-6789"
BOB : "Ok, thank you Alice, you have a nice day."
Keep in mind, it will not be this simple at all, this was a very poor example, but should get you thinking in the right direction.
Social engineering big companies and 3rd parties requires a level of skill. Do not dive right into this, you can end up looking very stupid.
It's a simple concept, once you have a grasp on it, and can be applied to a lot of companies. You can pretend to be a tech or a supervisor, and request customer lookups.
HIDE DOX
You can prevent yourself from getting doxed very easily, but small mistakes you make could be bigger than you think, and easily expose yourself.
Do not use any social networking websites (Facebook, Twitter, YouTube, etc), and if you do, the least amount of information on it, the better.
If you use an email address, always use a secure, or temporary email address and ensure it is not published on the internet anywhere.
Check all websites for account privacy settings and enable the maximum privacy you can. This should be the 1st thing you do after registering for anything.
This can be a range of settings, but anything you sign up for, look if there are privacy features to that account.
For example, I can find your Facebook and look at all of your friends to determine what city and state you may possibly be in, if it is your real Facebook.
But Facebook gives you a privacy option of hiding your friends list. But if you wall or pictures aren't hidden, I can read the comments and posts and possibily pin point your location.
You have to think about everything, if you wish to remain anonymous, so udnerstand what you signing up for or accessing, and know what kind of privacy you have with it.
Do not use real information on anything at all. Your name, birthday, email, passwords, and so on, should be random, unique, and secure per account.
You shouldn't have an alias online, or a name or clean you keep representing and using on things. It should be random names, un-related to you in any way.
Always be behind a VPN or proxy. If your real IP address was exposed, on could easily trace you, or find your ISP and social engineer a lot of dox out of them.
Your IP address can be found by clicking a link, making accounts, using networked programs without a proxy/VPN.
An IP address can be pulled from answering a call o Skype, or even being in a online server on your XBOX.
When hiding your IP, do not use the same IP for IRL shit and talking to friends, as you would with your sekret, anonymous, internet shit you do.
If you did something questionable on the internet behind a cerain IP address that was also same as the one logged into your personal Facebook, then your exposed.
If you have your real IP hidden anonymous account, and then accidentally use your real IP or a comprimised proxy/VPN, the account is now exposed.
Any other account you used with that proxy/VPN/real IP is exposed, and your anonymity is ruined. Be aware of all network traffic going on, on your network.
You could be super anonymous, but live with your family, and they could be the ones to comprimise you, and your anonymity.
All 3rd party companies that hold your dox can very easily be social engineers to spill all the beans if found out.
For example, if your ISP or cell phone provider was exposed, those providers are not you, and can be social engineered.
Do not tell storys or talk about news in relation to yourself or where you are located.
There are ways to hide being doxed, and then there are ways to add some complexity to your own dox on the internet.
You have 3 options when using an alias online. None, random, and scapegoat, and they have have their benifits.
NONE
• No name, or anything to connect to you is left behind.
• No credits, or suspect.
• It is a mystery.
Random
• A random name for an alias, or all the time. (No alias).
• Fake dox can be generated at FakeNameGenerator (http://link.cur.lv/fakenamegenerator).
• Post fake dox on yourself on PasteBin (http://link.cur.lv/pastebin) and DoxBin (http://link.cur.lv/doxbin), from a made "Hacker", aka another random alias.
• Make a fake Facebook or social networking account with fake dox. (Make it look real, if featured, add friends in the same location as the fake dox.)
• Make a fake ID scan or SSN card scan, so it is looked at as "verified" dox.
• Random name every time makes it impossible to track and follow activities.
• It is a mystery.
Scapegoat
• Random target and their dox is used for everything online.
• Scapegoat should be a completely random real person in the world.
• Scapegoat is blamed and possibly monitored and watched because of your actions.
• Trolls the scapegoat for the rest of his life.
• The scapegoat will constant try to expose you. Do not make a single mitake
REMOVE DOX
Your dox can most likely be looked up on information websites, and your address, telephone number, and more, can be made public.
These websites are generally the first places people go, when doxing. The information can be requested for removal, with proof.
Websites that end with a "[!] require photo ID verification. You can black out all of the information except for the name, address, and dob.
• Acxiom.com (http://link.cur.lv/acxiom)
• Intelius.com (http://link.cur.lv/intelius) [!]
• Peekyou.com (http://link.cur.lv/peekyou)
• PeopleFinders.com (http://link.cur.lv/peoplefinders)
• PeopleSmart.com (http://link.cur.lv/peoplesmart)
• PrivateEye.com (http://link.cur.lv/privateeye)
• Radaris.com (http://link.cur.lv/radaris)
• Spoke.com (http://link.cur.lv/spoke)
• Spokeo.com (http://go.cur.lv/spokeo)
• USA-People-Search.com (http://link.cur.lv/usa-people-search)
• USSearch.com (http://link.cur.lv/ussearch) [!]
• Whitepages.com (http://link.cur.lv/white-pages)
• Zabasearch.com (http://link.cur.lv/zabaseach) [!]
• BeenVerified.com (http://link.cur.lv/beenverified) :
- Send an email to "[email protected]".
- Use the following template as your message :
Dear Been Verified Customer Support:
As per your privacy policy, please remove my listing from your databases:
a. First name:
b. Last name:
c. Middle initial:
d. Aliases & AKA's:
e. Current address:
f. Age:
g. DOB:
Thank you for your assistance.
- Allow your request to be completed. You will be notified by email.
• DOBSearch.com (http://link.cur.lv/dobsearch) [!] :
- Scan a valid photo ID. (Only name, address, and DOB need to be shown.)
- Fax the scan to 516-717-3017, with information on your removal request.
- Allow request to be completed in about 4-6 weeks
• Google Maps (http://link.cur.lv/google-maps) :
- Google the address in Google Maps.
- Click the picture of the home to make it larger.
- Click "Report Problem" in the bottom right.
- Select "Privacy Concern", and then the button by "My House".
- Give them an email address, for a confirmation, and click "Submit".
• MyLife.com (http://link.cur.lv/mylife) [!] :
- Call customer care at 1-888-704-1900, or send an email to "[email protected]".
- You may or may not be require to verify your identity by scanning a valid photo ID. (Only name, address, and DOB need to be shown.)
- Allow request to be completed in about 10 buisness days.
• PeopleLookup.com (http://link.cur.lv/peoplelookup) [!] :
- Scan a valid photo ID. (Only name, address, and DOB need to be shown.)
- Fax the scan to 425-974-6194, with information on your removal request.
- Allow request to be completed in about 4-6 weeks
This guide will explain how to find dox, and prevent getting doxed. It is highly recommended that you read the Anonymous tutorial (http://link.cur.lv/anonymous-guide), and the Supa Sekret guide (http://link.cur.lv/sekret).
NOTE
The art of doxing is pretty easy to grasp, for getting basic information on your average person. You don't need to be a hyper internetfag to know how to dox.
When you are collecting dox on a person, determine what is important and what isn't when adding it to your dox file. Keep it formatted nice also, to read easily.
You can use Google or any search engine, and find their names, addresses, emails, and more, or you can use any of the websites below to help dox a person.
You also have to remember, everyone in this world is so hooked on social networking websites. A person will share their entire life on some social networks.
TEMPLATE
Here is an example of how your dox file should look:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/dox.png
NOTE: You can see here, it is separated in sections by each family member, and each section has sub-sections.
COLLECTING DOX
The websites listed below are only a few, of the many, that can be used to aid you in your doxing process:
GENERAL
• Advanced Background Checks (http://link.cur.lv/advancedbackgroundchecks) - Find almost everything out about a person.
ADDRESS
• Google Maps (http://link.cur.lv/google-maps) - Get a street view picture of a location.
• Spokeo (http://link.cur.lv/spokeo) - Search for a person by name/location.
• WhitePages (http://link.cur.lv/whitepages) - Search for a person by name/location.
IP ADDRESS
• IP Logger (http://link.cur.lv/iplogger) - Steal peoples IP address with an image. (NOTE: The name is obvious, but you can use a URL shortener, like TinyURL).
• IP-Tracker (http://link.cur.lv/iptracker) - Trace an IP address.
PHONE NUMBER
• FoneFinder (http://link.cur.lv/fonefinder) - Phone carrier or service provider lookup.
• WhitePages (http://link.cur.lv/whitepages-reverse-phone) - Search for a person by phone number.
URL
• URL2IP (http://link.cur.lv/url2ip) - Convert a URL to an IP address.
• WhoIS (http://link.cur.lv/whois) - Get general information about a website.
OTHER
• Check Usernames (http://link.cur.lv/checkusernames) - Search if a username exists on a number of websites.
SOCIAL ENGINEERING
While finding the basic information on a person, is a simple as going on Google and searching through a few pages of results, you can get so much more.
Using the art of social engineering, you could virtually get anything on anyone, if you have the skill. It's something that comes naturally, in my opinon.
You can use social engineering to get dox from a company or service that holds the persons dox, like a bank, or even social engineer the person you are doxing directly.
For example, lets make a scenario here. Using the dox template above, as an example, lets say John Smith put on gis facebook that he works at Walmart.
Now for the the dirty work. Spoofing my phone to appear as if it is coming from his Walmart, I call John Smith:
BOB : "Hello, may I speak to Alice please?"
ALICE : "Yes, this is her, can I ask who is calling?"
BOB : Hi Alice! My name is Bob, I am calling you from Walmart.
ALICE : "Oh, hello Bob! How may I help you?"
BOB : "I am the stores hiring manager, and it is our job, that we do a routine check on our current employees application credentials.
I just needed you to verify some information for me if thats ok."
ALICE : "Sure."
BOB : "I have here that your at 420 Lolitrolu Street, is that still your present address?"
ALICE : "Yes, it is."
BOB : "Ok, and lastly, I was having trouble verfiying the social security number provided on the application. Do you know it off the top of your head?"
ALICE : "Yeah, it is 123-45-6789"
BOB : "Ok, thank you Alice, you have a nice day."
Keep in mind, it will not be this simple at all, this was a very poor example, but should get you thinking in the right direction.
Social engineering big companies and 3rd parties requires a level of skill. Do not dive right into this, you can end up looking very stupid.
It's a simple concept, once you have a grasp on it, and can be applied to a lot of companies. You can pretend to be a tech or a supervisor, and request customer lookups.
HIDE DOX
You can prevent yourself from getting doxed very easily, but small mistakes you make could be bigger than you think, and easily expose yourself.
Do not use any social networking websites (Facebook, Twitter, YouTube, etc), and if you do, the least amount of information on it, the better.
If you use an email address, always use a secure, or temporary email address and ensure it is not published on the internet anywhere.
Check all websites for account privacy settings and enable the maximum privacy you can. This should be the 1st thing you do after registering for anything.
This can be a range of settings, but anything you sign up for, look if there are privacy features to that account.
For example, I can find your Facebook and look at all of your friends to determine what city and state you may possibly be in, if it is your real Facebook.
But Facebook gives you a privacy option of hiding your friends list. But if you wall or pictures aren't hidden, I can read the comments and posts and possibily pin point your location.
You have to think about everything, if you wish to remain anonymous, so udnerstand what you signing up for or accessing, and know what kind of privacy you have with it.
Do not use real information on anything at all. Your name, birthday, email, passwords, and so on, should be random, unique, and secure per account.
You shouldn't have an alias online, or a name or clean you keep representing and using on things. It should be random names, un-related to you in any way.
Always be behind a VPN or proxy. If your real IP address was exposed, on could easily trace you, or find your ISP and social engineer a lot of dox out of them.
Your IP address can be found by clicking a link, making accounts, using networked programs without a proxy/VPN.
An IP address can be pulled from answering a call o Skype, or even being in a online server on your XBOX.
When hiding your IP, do not use the same IP for IRL shit and talking to friends, as you would with your sekret, anonymous, internet shit you do.
If you did something questionable on the internet behind a cerain IP address that was also same as the one logged into your personal Facebook, then your exposed.
If you have your real IP hidden anonymous account, and then accidentally use your real IP or a comprimised proxy/VPN, the account is now exposed.
Any other account you used with that proxy/VPN/real IP is exposed, and your anonymity is ruined. Be aware of all network traffic going on, on your network.
You could be super anonymous, but live with your family, and they could be the ones to comprimise you, and your anonymity.
All 3rd party companies that hold your dox can very easily be social engineers to spill all the beans if found out.
For example, if your ISP or cell phone provider was exposed, those providers are not you, and can be social engineered.
Do not tell storys or talk about news in relation to yourself or where you are located.
There are ways to hide being doxed, and then there are ways to add some complexity to your own dox on the internet.
You have 3 options when using an alias online. None, random, and scapegoat, and they have have their benifits.
NONE
• No name, or anything to connect to you is left behind.
• No credits, or suspect.
• It is a mystery.
Random
• A random name for an alias, or all the time. (No alias).
• Fake dox can be generated at FakeNameGenerator (http://link.cur.lv/fakenamegenerator).
• Post fake dox on yourself on PasteBin (http://link.cur.lv/pastebin) and DoxBin (http://link.cur.lv/doxbin), from a made "Hacker", aka another random alias.
• Make a fake Facebook or social networking account with fake dox. (Make it look real, if featured, add friends in the same location as the fake dox.)
• Make a fake ID scan or SSN card scan, so it is looked at as "verified" dox.
• Random name every time makes it impossible to track and follow activities.
• It is a mystery.
Scapegoat
• Random target and their dox is used for everything online.
• Scapegoat should be a completely random real person in the world.
• Scapegoat is blamed and possibly monitored and watched because of your actions.
• Trolls the scapegoat for the rest of his life.
• The scapegoat will constant try to expose you. Do not make a single mitake
REMOVE DOX
Your dox can most likely be looked up on information websites, and your address, telephone number, and more, can be made public.
These websites are generally the first places people go, when doxing. The information can be requested for removal, with proof.
Websites that end with a "[!] require photo ID verification. You can black out all of the information except for the name, address, and dob.
• Acxiom.com (http://link.cur.lv/acxiom)
• Intelius.com (http://link.cur.lv/intelius) [!]
• Peekyou.com (http://link.cur.lv/peekyou)
• PeopleFinders.com (http://link.cur.lv/peoplefinders)
• PeopleSmart.com (http://link.cur.lv/peoplesmart)
• PrivateEye.com (http://link.cur.lv/privateeye)
• Radaris.com (http://link.cur.lv/radaris)
• Spoke.com (http://link.cur.lv/spoke)
• Spokeo.com (http://go.cur.lv/spokeo)
• USA-People-Search.com (http://link.cur.lv/usa-people-search)
• USSearch.com (http://link.cur.lv/ussearch) [!]
• Whitepages.com (http://link.cur.lv/white-pages)
• Zabasearch.com (http://link.cur.lv/zabaseach) [!]
• BeenVerified.com (http://link.cur.lv/beenverified) :
- Send an email to "[email protected]".
- Use the following template as your message :
Dear Been Verified Customer Support:
As per your privacy policy, please remove my listing from your databases:
a. First name:
b. Last name:
c. Middle initial:
d. Aliases & AKA's:
e. Current address:
f. Age:
g. DOB:
Thank you for your assistance.
- Allow your request to be completed. You will be notified by email.
• DOBSearch.com (http://link.cur.lv/dobsearch) [!] :
- Scan a valid photo ID. (Only name, address, and DOB need to be shown.)
- Fax the scan to 516-717-3017, with information on your removal request.
- Allow request to be completed in about 4-6 weeks
• Google Maps (http://link.cur.lv/google-maps) :
- Google the address in Google Maps.
- Click the picture of the home to make it larger.
- Click "Report Problem" in the bottom right.
- Select "Privacy Concern", and then the button by "My House".
- Give them an email address, for a confirmation, and click "Submit".
• MyLife.com (http://link.cur.lv/mylife) [!] :
- Call customer care at 1-888-704-1900, or send an email to "[email protected]".
- You may or may not be require to verify your identity by scanning a valid photo ID. (Only name, address, and DOB need to be shown.)
- Allow request to be completed in about 10 buisness days.
• PeopleLookup.com (http://link.cur.lv/peoplelookup) [!] :
- Scan a valid photo ID. (Only name, address, and DOB need to be shown.)
- Fax the scan to 425-974-6194, with information on your removal request.
- Allow request to be completed in about 4-6 weeks