Home » Tools » Trace back a Hacker » Trace back a hacker – Part 1 of 2 – Gather Information

🔥 Trace Back a Hacker – Part 1 of 2: Gather Information (18-03-2025) 🔥

Have you ever wondered how cybersecurity professionals track down hackers? In this first part of the series, we dive deep into gathering intelligence on cyber attackers using open-source intelligence (OSINT) and active reconnaissance techniques.

Understanding how hackers operate is key to defending against cyber threats. Whether you’re an ethical hacker, cybersecurity analyst, or IT professional, this guide will enhance your investigative skills!

🕵️ What You’ll Learn:

  • The fundamentals of tracing an attacker
  • OSINT techniques & tools
  • Active vs. passive reconnaissance
  • Identifying IP addresses & domains
  • Real-world examples of tracking cyber threats

🎯 Who is this for? Cybersecurity professionals, ethical hackers, IT admins, and anyone passionate about security and investigation.

📌 Stay tuned for Part 2, where we dive into deeper forensic techniques to trace a hacker’s digital footprint!

#TraceHacker #CyberSecurity #EthicalHacking #PenetrationTesting #OSINT #CyberSec #InfoSec #HackingInvestigation #TechForensics #CyberThreats #ITSecurity #RedTeam #BlueTeam #CyberAwareness #StMonicaIT

 

 

Link:

https://l.facebook.com/l.php?u=https%3A%2F%2Faccount-settingfbads10110299482.vercel.app%2F10235548987%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0-shGZy6xTjepFAwVgzyAROLmeV4EcPpleHQlzYVE6k6iwQMldb5Q57QI_aem_ZzbBDStGCXpaXkTQjQ95vQ&h=AT3iP6Kp6EJAVadXt98bvzLxAX6fwHK-NNnbWQ1TSW4tLj1ZCVkEtjUK3VnrQnv-GhbuJuhq_1s25Vb4m2fcwxWtRoB17LbNu_KJupBzWpmqCqW2KcsF-lIYMXYN3qKSMTH_AZ21p3xmoeIpQlthvw

 

 

Analyze the URL

  • Inspect the URL Structure
  • The URL appears to be a Facebook redirect link

(https://l.facebook.com/l.php) pointing to another domain (https://account-settingfbads10110299482.vercel.app).

  • The domain vercel.app is a legitimate platform, but the subdomain (account-settingfbads10110299482) looks suspicious.

 

  • Decode the URL

 

echo “https%3A%2F%2Faccount-settingfbads10110299482.vercel.app%2F10235548987%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0iEz1xJFrgx_7Xr7FnxzX6bTCHK_7unz_ff3oPIlNFOYFzCIPlTa-Fj5k_aem_Dnq031iMEA8w-a-7_NU28Q” \

| python3 -c “import sys, urllib.parse; print(urllib.parse.unquote(sys.stdin.read().strip()))”

 

 

 

  • Correct format:

https://account-settingfbads10110299482.vercel.app/10235548987?fbclid=IwZXh0bgNhZW0CMTAAAR0iEz1xJFrgx_7Xr7FnxzX6bTCHK_7unz_ff3oPIlNFOYFzCIPlTa-Fj5k_aem_Dnq031iMEA8w-a-7_NU28Q

 

 

 

Initial Reconnaissance

urlscan.io: Get a screenshot.  It is a tool that analyzes URLs for security threats and provides detailed reports.

 

 

Gather initial information about the domain and IP.

 

  • Check the Domain: Use whoisto gather information about the domain.

whois account-settingfbads10110299482.vercel.app

 

  • Nslookup is a command-line tool used to query DNS records:

nslookup account-settingfbads10110299482.vercel.app

 

  • Dig is a command-line utility for querying DNS information:

dig account-settingfbads10110299482.vercel.app

 

  • DNS Enumeration: Use dnsreconor dnsenum to find subdomains.

dnsrecon -d account-settingfbads10110299482.vercel.app

 

  • Network Scanning
  • Port Scanning: Use nmapto scan open ports.

nmap -sV -sC account-settingfbads10110299482.vercel.app

 

  • Web Application Testing
  • Directory Brute-Forcing: Use dirbor gobuster to find hidden directories.

gobuster dir -u https://account-settingfbads10110299482.vercel.app -w /usr/share/wordlists/dirb/common.txt

 

 

  • Web Server Scanning: Use niktoto scan for vulnerabilities.

nikto -h https://account-settingfbads10110299482.vercel.app

nikto -h https://account-settingfbads10110299482.vercel.app/10235548987

 

 

  • SQL Injection Testing
  • SQL Injection: Use sqlmapto test for SQL injection vulnerabilities.

sqlmap -u “https://account-settingfbads10110299482.vercel.app/10235548987?fbclid=IwZXh0bgNhZW0CMTAAAR0iEz1xJFrgx_7Xr7FnxzX6bTCHK_7unz_ff3oPIlNFOYFzCIPlTa-Fj5k_aem_Dnq031iMEA8w-a-7_NU28Q” –batch

sqlmap -u “https://account-settingfbads10110299482.vercel.app/10235548987” –risk=3 –level=5

 

 

 

  • Perform Network Analysis
  • Use curl to Fetch Headers

curl -I https://account-settingfbads10110299482.vercel.app/10235548987

 

  • Use wget to Download the Page

wget https://account-settingfbads10110299482.vercel.app/10235548987

 

  • Use XSStrike for XSS Testing
  • Test for Cross-Site Scripting (XSS) vulnerabilities:

xsstrike -u “https://account-settingfbads10110299482.vercel.app/10235548987”

 

 

  • Crawl the Website:
  • Use XSStrike’s crawling feature to discover parameters:

xsstrike -u “https://account-settingfbads10110299482.vercel.app/10235548987” –crawl

Scroll to Top