--- title: "Control Time Frames in Web Search Queries" slug: "control-time-frames-in-web-search-queries" updated: 2025-11-05T21:00:00Z published: 2025-11-05T21:00:00Z canonical: "help.silentpush.com/control-time-frames-in-web-search-queries" stale: true --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Control Time Frames in Web Search Queries Silent Push's Web Search (via Web Search and Live Scan) enables precise control over query time frames, allowing users to focus on recent threats or historical trends. This article details supported date/time formats, parameters, and best practices for efficient investigations. Time filtering in Web Scanner queries uses [SPQL syntax](/v1/docs/syntax) in the [Command Line interface](/v1/docs/command-line-utility) or UI Constructor. Filters apply to data sources, such as clearnet/Dark Web scans, ensuring results align with your timeframe (e.g., the Last 24 hours for emerging risks). ## Supported Date/Time Formats and Operators SPQL supports flexible temporal operators for granularity: - Operators: - `since`: – Results from this date onward (inclusive). - `until`: – Results up to this date (exclusive). - `last_24_hours` – Pre-built for immediate recency. - `within_time:Xd` – Relative (e.g., 7d for past week). - Formats: - **YYYY-MM-DD** (e.g., since:`2025-09-01` for September 1, 2025 onward). - **YYYY-MM-DDTHH:MM:SS** (ISO 8601, e.g., until:2025-09-29T12:00:00 for noon today). - **Relative**: Xd/Y/M/H (days/years/months/hours, e.g., since:30d). - **UTC Default**: All times in UTC; no timezone offsets supported yet. Combine with fields like `last_seen` or `date_added` for source-specific filtering. ### Examples 1. **Basic Recent Scan**: `domain:example.com since:2025-09-22` – Web content from the past week. 2. **Precise Window**: `favicon_hash:abc123 until:2025-09-29T00:00:00 since:2025-09-01T00:00:00` – Impersonation checks in September. 3. **Live Scan Relative**: In UI, toggle “Last 24 hours” for real-time URL analysis. 4. **API Query**: `GET /webscan?query="ip:192.0.2.1 within_time:1d"` – IPs active today. > [!TIP] > **Tips** > > - **Performance**: Narrow frames (e.g., 7d) speed up large scans; broad ones (e.g., all-time) may queue. > - **Live Scan Limitation**: Real-time only; no historical filters; use Web Search for archives. > - **Validation**: Test in Constructor mode for syntax errors. A real-time analysis tool that scans a specific URL to capture current data, such as screenshots, HTML titles, favicons, redirect chains, and SSL details, for immediate threat validation. A hidden part of the internet, accessible only through special software, where illicit activities, such as the sale of stolen data or malware, often occur, monitored by threat intelligence teams. A collection of threat intelligence records, such as IPs or domains, first identified within the past 24 hours, indicating newly observed potential threats.