Use favicon searches

  • Updated on May 16, 2023
  • Published on Mar 4, 2023
  • 1 minute(s) read
Prev Next

Favicons are small icons that appear as content in a browser's address bar, and next to the website name in tabs.

Favicons are used by threat actors to create a sense of legitimacy for fake websites that host malware, or are designed to harvest credentials.

Silent Push features a search facility that identifies any instances of your organization's favicons, or similair images, being used elsewhere on the Internet.

  1. Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - Favicon

  2. Specify an IPv4 address

  3. Specify a netmask to search across a broad range of IPv4 addresses

  4. Use the In or Not In button to find records where the specified IPv4 address is either 'in' or 'not in' the designated subnet

  5. Specify an MD5 hash

  6. Specify a MurmurHash

  7. Automatically calculate an mmh3 hash from a URL and search for the same

  8. Limit the number of results to return

  9. Click Search

  10. (Optional) Click Copy Raw Data to use the results elsewhere

  11. (Optional) Click Copy API URL to integrate an API endpoint into your existing security stack

Saving queries

Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

  1. Specify the query parameters

  2. Click Save Query

  3. Give your query a Name

  4. Specify a Description to add more context

  5. Click Save