{"id":5284,"date":"2025-01-20T23:04:45","date_gmt":"2025-01-20T23:04:45","guid":{"rendered":"https:\/\/osintme.com\/?p=5284"},"modified":"2025-01-20T23:05:13","modified_gmt":"2025-01-20T23:05:13","slug":"the-importance-of-favicons-in-website-osint-research","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2025\/01\/20\/the-importance-of-favicons-in-website-osint-research\/","title":{"rendered":"The importance of favicons in website OSINT research"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5284\" class=\"elementor elementor-5284\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c17949a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c17949a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bb588ac\" data-id=\"bb588ac\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-51b33fe elementor-widget elementor-widget-image\" data-id=\"51b33fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint.png?resize=150%2C150&amp;ssl=1\" class=\"attachment-thumbnail size-thumbnail wp-image-5348\" alt=\"favicon website osint\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint.png?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint.png?zoom=2&amp;resize=150%2C150&amp;ssl=1 300w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint.png?zoom=3&amp;resize=150%2C150&amp;ssl=1 450w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c69b800 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c69b800\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-aea3b1a\" data-id=\"aea3b1a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-84e570a elementor-widget elementor-widget-heading\" data-id=\"84e570a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">FAVICON OVERVIEW<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-970fd00 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"970fd00\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e8ef80b\" data-id=\"e8ef80b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d240ccc elementor-widget elementor-widget-text-editor\" data-id=\"d240ccc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Favicons on websites are graphic elements that show up in the form of a small icon &#8211; be it in a browser tab panel next to the website&#8217;s name, or in bookmarked links to websites.<\/p><p>You can also see favicons from the level of Google search, if you wrap a website&#8217;s name in quotation marks, such as seen in the search results below:<\/p><p><a href=\"https:\/\/www.google.com\/search?q=%22osintme.com%22\">&#8220;osintme.com&#8221;<\/a><\/p><p>Links to favicons on specific target websites can be located by viewing the webpage&#8217;s source code. To do so, go: right click &gt; view page source &gt; search \/ find in a page function (typically Ctrl + F) and then search for one or more of the following values:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-62571bc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"62571bc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c849ab1\" data-id=\"c849ab1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ae96a98 elementor-widget elementor-widget-text-editor\" data-id=\"ae96a98\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>file extension &#8211; for example<strong> .jpg, .png, .gif, .ico<\/strong> &#8211; traditionally, the dominant favicon file format has been .ico (&#8220;icon file&#8221;) and it still is frequently encountered, but you also have the commonly recognised image file extensions. The drawback of this approach to source code searching is that in a graphically rich website it will return multiple images that were embedded in it &#8211; not just the favicon.<\/li><li><strong>sizes=<\/strong> &#8211; searching for this value will allow you to return image files with a defined pixel size &#8211; favicons typically have specific sizes, for obvious reasons of fitting into browser tabs and bookmarks. Traditional favicon size is 16&#215;16 pixels, but baseline sizes of 32&#215;32 and 64&#215;64 pixels are also relatively common nowadays. Larger favicon sizes usually cater to mobile devices, smart TVs, etc.<\/li><li><strong>rel=&#8221;icon&#8221;<\/strong> &#8211; you are searching for a parameter that defines the image used as a favicon. Often this might be the quickest and the most convenient search value to go for.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0152d79 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0152d79\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2dcaf35\" data-id=\"2dcaf35\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-23a0576 elementor-widget elementor-widget-text-editor\" data-id=\"23a0576\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em><strong>FAVICON TYPES &amp; SIZES<br \/><\/strong><\/em><\/p><ul><li><em>Regular desktop browser favicon &#8211; 16&#215;16<\/em><\/li><li><em>Taskbar shortcut icon &#8211; 32&#215;32<\/em><\/li><li><em>Desktop shortcut icon &#8211; 96&#215;96<\/em><\/li><li><em>Google TV &#8211; 96&#215;96<\/em><\/li><li><em>iPhones &#8211; 120&#215;120; 180&#215;180<\/em><\/li><li><em>iPads &#8211; 152&#215;152; 167&#215;167<\/em><\/li><li><em>Chrome web store icon &#8211; 128&#215;128<\/em><\/li><li><em>Android Chrome icon &#8211; 196&#215;196<\/em><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1a44cc7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1a44cc7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4dc919f\" data-id=\"4dc919f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2669c60 elementor-widget elementor-widget-text-editor\" data-id=\"2669c60\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Favicons have several use cases, unrelated to our use case of website OSINT.<\/p><p>The most common of those include:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-85a434c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"85a434c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d7d20b1\" data-id=\"d7d20b1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b1801ca elementor-widget elementor-widget-text-editor\" data-id=\"b1801ca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Optimised browser tab navigation<\/li><li>Better user experience in browser and on the web<\/li><li>Increased search engine optimization score (SEO) for a website<\/li><li>Brand recognition &amp; reputation building<\/li><li>Browser activity tracking &#8211; see <a href=\"https:\/\/www.vice.com\/en\/article\/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online\/\">this Vice article<\/a> and a <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2021\/02\/browser-tracking-using-favicons.html\">blog post by Bruce Schneier<\/a>.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6c25a23 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6c25a23\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-612b40d\" data-id=\"612b40d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-92c06f4 elementor-widget elementor-widget-heading\" data-id=\"92c06f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">FAVICON EXAMINATION<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-27c6117 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"27c6117\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f3de447\" data-id=\"f3de447\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-502c34d elementor-widget elementor-widget-text-editor\" data-id=\"502c34d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>As I previously mentioned in a <a href=\"https:\/\/osintme.com\/index.php\/2021\/12\/06\/how-to-investigate-a-massive-phishing-campaign\/\">blog post on investigating phishing campaigns<\/a> from several years ago: in the case of fraudulent websites, a favicon is often copied or directly linked from the original page that is being impersonated, in order to bolster the impression of legitimacy.<\/p><p>The most obvious aim of favicon research in this case is to identify rogue websites that impersonate legitimate entities. Sadly, some of the tools used in the last example no longer work &#8211; so here&#8217;s a new set of investigative resources for 2025 &#8211; and hopefully beyond.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-08fb833 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"08fb833\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e10fef3\" data-id=\"e10fef3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f6457a6 elementor-widget elementor-widget-text-editor\" data-id=\"f6457a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong><a href=\"https:\/\/favicone.com\/\">Favicone<\/a><\/strong> &#8211; an API service that allows you to easily retrieve and serve favicons from any website. You basically insert the website name into the URL and should get a result immediately. Favicone also offers a quick explainer on what potential issues that might arise and why.<\/p><p><strong><a href=\"https:\/\/github.com\/TinkerSpaceTech\/Favicon-Grabber\">Favicon Grabber<\/a><\/strong> &#8211; similar idea and functionality as above &#8211; you append your target domain to the base URL. Subjectively, I found this tool slightly less reliable than Favicone, but it&#8217;s good to have a backup just in case.<\/p><p><strong><a href=\"http:\/\/www.favihash.com\/\">Favihash<\/a><\/strong> &#8211; this new tool for Predicta Labs does more than the above two. It allows you to calculate a favicon hash value across the clearnet \/ darknet sites and then identify other websites that share the same hash value. Favihash accepts inputs both from a URL and from a local machine. Hashes generated this way can later be searched against on services like Virus Total, Shodan, etc.<\/p><p><strong><a href=\"https:\/\/favicon-hash.kmsec.uk\/\">Favicon-hash<\/a><\/strong> &#8211; like Favihash, this tool allows users to upload a favicon image or work off a URL input with a favicon to generate hash values that are searchable on Virus Total, Shodan and Censys.<\/p><p>If for whatever reason you don&#8217;t want to use web-based tools, you can check out <a href=\"https:\/\/github.com\/sharsil\/favicorn\"><strong>Favicorn<\/strong><\/a> and <a href=\"https:\/\/github.com\/eremit4\/favihunter\"><strong>Favihunter<\/strong><\/a>. Both of these will require local installation and will run from the command line; they require a bit more work to set up, but they offer more insights in terms of hash value varieties.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-569e4ed elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"569e4ed\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8aa32ac\" data-id=\"8aa32ac\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6f60d9b elementor-widget elementor-widget-heading\" data-id=\"6f60d9b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">PRACTICAL APPLICATION<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-283a8ac elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"283a8ac\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e5f0e8a\" data-id=\"e5f0e8a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b7f3e54 elementor-widget elementor-widget-text-editor\" data-id=\"b7f3e54\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Let&#8217;s imagine we are investigating fake websites impersonating Amazon UK &#8211; or websites involved in phishing campaigns or spam distribution that pose as said entity.<\/p><p>The first step would be to locate the favicon on the Amazon UK website &#8211; which is pretty straightforward:<\/p><p><a href=\"https:\/\/www.amazon.co.uk\/favicon.ico\">https:\/\/www.amazon.co.uk\/favicon.ico<\/a><\/p><p>Then we calculate the hash values using one of the tools mentioned above&#8230;<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-45fa98e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"45fa98e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9497722\" data-id=\"9497722\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2245db6 elementor-widget elementor-widget-image\" data-id=\"2245db6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"270\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint-3.png?fit=300%2C270&amp;ssl=1\" class=\"attachment-medium size-medium wp-image-5350\" alt=\"favicon website osint 3\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint-3.png?w=680&amp;ssl=1 680w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint-3.png?resize=300%2C270&amp;ssl=1 300w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c54e888 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c54e888\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-569e1ca\" data-id=\"569e1ca\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b0c8ecf elementor-widget elementor-widget-text-editor\" data-id=\"b0c8ecf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>From there we can initiate a search for the favicon hash value <strong>1941681276<\/strong> and md5 hash value <strong>ca6619b86c2f6e6068b69ba3aaddb7e4<\/strong> with both Shodan and Censys.<\/p><p>You can see multiple legitimate websites and IP addresses associated with various Amazon services. However, the moment you filter the search results by country and head over to the high risk ones like russia, you get several hits like these:<\/p><p><a href=\"https:\/\/www.shodan.io\/host\/89.23.100.153\">https:\/\/www.shodan.io\/host\/89.23.100.153<\/a><\/p><p><a href=\"https:\/\/www.shodan.io\/search?query=http.favicon.hash%3A1941681276+country%3A%22RU%22\">http.favicon.hash:1941681276 country:&#8221;RU&#8221;<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4a35b78 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4a35b78\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2d3f6e4\" data-id=\"2d3f6e4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1df833c elementor-widget elementor-widget-image\" data-id=\"1df833c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"704\" height=\"544\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint-2.png?fit=704%2C544&amp;ssl=1\" class=\"attachment-large size-large wp-image-5349\" alt=\"favicon website osint 2\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint-2.png?w=704&amp;ssl=1 704w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2025\/01\/favicon-website-osint-2.png?resize=300%2C232&amp;ssl=1 300w\" sizes=\"(max-width: 704px) 100vw, 704px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9cec752 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9cec752\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1ca6989\" data-id=\"1ca6989\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c6ca311 elementor-widget elementor-widget-text-editor\" data-id=\"c6ca311\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>It appears that the above websites are already on the radar &#8211; see the Virus Total detections for the domains &#8211; Malicious, Spam and Phishing:<\/p><ul><li><a href=\"https:\/\/www.virustotal.com\/gui\/url\/93f15842322c9cd4492fba920d8a19f23b4bf0451ab90267ebee019ff2752e45\">Website 1 &#8211; lingshuimarathon[.]com<\/a><\/li><li><a href=\"https:\/\/www.virustotal.com\/gui\/url\/6b5fa949a611231d20652ef6fd0e578bc42500fdee3c54850d2c2a5c04f2f40c\">Website 2 &#8211; 3few[.]com<\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-205a018 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"205a018\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2076ddf\" data-id=\"2076ddf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1f96764 elementor-widget elementor-widget-text-editor\" data-id=\"1f96764\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Additional exploration of IP address 89.23.100.153 with Shodan (<strong><a href=\"https:\/\/www.virustotal.com\/gui\/ip-address\/89.23.100.153\">warning, malicious alert!<\/a><\/strong>) results in a hit for a similar Amazon-themed fake website, involved in an <em>&#8220;Amazon Gift Card Giveaway&#8221;<\/em> scam &#8211; see the <a href=\"https:\/\/search.censys.io\/hosts\/89.23.100.153?resource=hosts&amp;virtual_hosts=EXCLUDE&amp;q=%28services.http.response.favicons.md5_hash%3Aca6619b86c2f6e6068b69ba3aaddb7e4%29+and+location.country%3D%60Russia%60&amp;at_time=2025-01-18T17%3A42%3A35.298Z\">Censys results here<\/a>.<\/p><p>You can pivot quickly from it because we just found another favicon to focus on:<\/p><p><a href=\"https:\/\/www.shodan.io\/search?query=http.favicon.hash%3A-1255845316\">http.favicon.hash:-1255845316<\/a><\/p><p>Pulling these threads usually results in discovering multiple connected websites that can then be researched against various other parameters like registration timelines, hosting providers, technology stacks and more.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Find out how useful the favicon research is in website OSINT.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[80,168,82,28,79],"class_list":["post-5284","post","type-post","status-publish","format-standard","hentry","category-open-source-intelligence","tag-domain","tag-favicon","tag-phishing","tag-techniques","tag-website"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/5284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/comments?post=5284"}],"version-history":[{"count":61,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/5284\/revisions"}],"predecessor-version":[{"id":5368,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/5284\/revisions\/5368"}],"wp:attachment":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/media?parent=5284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/categories?post=5284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/tags?post=5284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}