Skip to main content

Unmasking phishing pages: the power of favicon hunting



Phishing attacks continue to be a pervasive threat in the realm of information security, targeting individuals and organizations alike. As specialized professionals in the field, it is essential to stay updated on the latest phishing trends and techniques. This article presents an overview of the most abused favicons in the urldna database.

understanding favicons as phishing indicators:

Favicons, the small icons associated with websites, play a crucial role in phishing detection. Attackers often replicate legitimate favicons to create deceptive phishing pages, aiming to trick users into believing they are interacting with trusted websites. By familiarizing ourselves with commonly abused favicons, we can enhance our ability to identify and combat phishing attempts effectively.

Based on an analysis of recent phishing campaigns, the following chart showcases the top 10 abused favicons in our databases:

FaviconAbused BrandPhash
ImageMicrosoftb34cb3b34c4cb391
ImageDHLbe6cc1913e6c9193
ImageFacebook9cb344474e6c1b9b
ImageSTEAMd43a23ec5c05e1f9
ImagePUBGbe044dcd873ba196
ImageBET365c1f53e2278cb4696
ImageROBLOXc4690b6f26cd7923
ImageWELLSFARGOc0b93f46c4bb91d1
ImageM&T Bankaa54d5af2e90417d
ImageDISCORD92cb3d658acb9aa1

All product names, logos, brands, trademarks and registered trademarks are property of their respective owners.

How to search for a Favicon on urldna:

search_by_favicon

In order to find website in urldna database that have a specific favicon you can use this query:

favicon: Favicon hash

It's important to note that the hash is phash.
Here also a quick script in python that you can use to calculate the phash of a favicon:

from PIL import Image
import imagehash

# Load the image
image_path = 'path_to_image.jpg'  # Insert the image path here
image = Image.open(image_path)

# Calculate the pHash
phash = imagehash.phash(image)

# Print the pHash
print("pHash:", phash)

You can use the hash that you obtain to query for results on urldna database.

Happy Hunting!!

Photo by Philipp Katzenberger on Unsplash

Comments

Popular posts from this blog

Unleash the Power of Brand Monitoring

We're thrilled to unveil our latest feature that puts you in control – brand monitoring! This groundbreaking function is designed to empower our registered users to keep a vigilant eye on their brand effortlessly. The best part? It's absolutely free for all our registered members. Start your monitoring today on https://urldna.io How It Works: Monitoring your brand is now a breeze with just a few simple steps. All you need are a few essential elements: Rule Name: Give your monitoring rule a catchy and memorable name. For instance, let's create a rule for the urlDNA brand – "urlDNA Monitoring Magic." Brand Assets: Provide us with the visual identity of your brand. Upload screenshots, logos, favicons – everything that defines your brand's unique essence. Watch as our advanced algorithm scours our extensive database to pinpoint occurrences related to your brand. Tags: Supercharge your monitoring by adding relevant keywords. For our urlDNA example, include "ur

Guide to Using the Search Function on urldna.io

The search function on urldna.io allows you to find specific information about URLs or domains using either a direct search or a custom query language. This guide will walk you through the process of using the search function effectively. You can click on the magnifying glass icon next to each attribute to search for that value. Direct Search To perform a direct search, simply type the word that you want to search directly into the search bar. Example:  example  will find all the submitted urls that cointain example. Custom Query Language The Custom Query Language allows you to perform more specific searches using attributes, operators, and values. The basic structure of a Custom Query Language search is:  ATTRIBUTE OPERATOR VALUE Available Attributes The following attributes can be used in the Custom Query Language searches: domain : Scan a domain submitted_url : Submitted URL category : Page category target_url : Redirected URL device : Device type (MOBILE or DESKTOP) user_agent : W