Silent Push's Web Search (via Web Search and Live Scan) allows precise control over query time frames to focus on recent threats or historical trends. This article details supported date/time formats, parameters, and best practices for efficient investigations.
Time filtering in Web Scanner queries uses SPQL syntax in the Command Line interface or UI Constructor. Filters apply to data sources such as clearnet/Dark Web scans, ensuring results align with your timeframe (e.g., the last 24 hours for emerging risks).
Supported Date/Time Formats and Operators
SPQL supports flexible temporal operators for granularity:
Operators
since:– Results from this date onward (inclusive)until:– Results up to this date (exclusive)last_24_hours– Pre-built for immediate recencywithin_time:Xd– Relative (e.g.,7dfor past week)
Formats
YYYY-MM-DD(e.g.,since:2025-09-01)YYYY-MM-DDTHH:MM:SS(ISO 8601, e.g.,until:2025-09-29T12:00:00)Relative:
Xd/XM/XY/XH(e.g.,since:30d)
Note
All times are in UTC. Timezone offsets are not currently supported.
You can combine these with source-specific fields such as last_seen or date_added for even finer control.
Examples
Basic recent scan:
domain:example.com since:2025-09-22– Web content from the past weekPrecise window:
favicon_hash:abc123 until:2025-09-29T00:00:00 since:2025-09-01T00:00:00– Impersonation checks for SeptemberLive Scan relative: In the UI, toggle “Last 24 hours” for real-time URL analysis
API query:
GET /webscan?query="ip:192.0.2.1 within_time:1d"– IPs active today
Tips
Narrow time frames (e.g.,
7d) dramatically speed up large scans; very broad ranges (all-time) may be queued.Use Web Search for anything older than the last 24 hours.
Always test complex filters in Constructor mode to catch syntax errors early.