Create a Web Search Query

  • Updated on Apr 23, 2026
  • Published on Jan 16, 2025
  • 2 minute(s) read
Prev Next

Problem: You’ve found a suspicious domain, IP, or pattern, but traditional tools only give you surface-level data. You need to dig deep, quickly, and effectively, uncovering connected infrastructure, historical records, similar phishing sites, or entire clusters of malicious assets.

Silent Push Solution: Create a Query is your primary entry point into Reconnaissance. Whether you need a fast one-off lookup or a sophisticated hunt, this powerful interface lets you search across massive datasets using Simple Search for quick wins or Advanced tools (SPQL + Constructor) for deep investigations.

Access Create a Query

From the dashboard, click Create a Query under the Getting Started With Reconnaissance section.

You’ll land directly in the Web Search interface — the most versatile search tool in Silent Push.

Interface for web search with options for various data sources and search fields.

Simple Search – Perfect for Quick Investigations

Ideal when you just need fast answers.

  1. Select one or more Datasources (Web Search is selected by default).

  2. Choose a Field Name (e.g., domain, ip, favicon_md5_hash).

  3. Select an Operator (equals, contains, etc.).

  4. Enter your Value.

  5. Click Search.

Example: Find domains containing a threat actor’s name
Field: domainOperator: containsValue: threatactor

Advanced Search – For Powerful Investigations

Switch to the Advanced Search tab (or use the Constructor / Command Line) when you need to combine multiple conditions.

Using the Constructor (UI Builder)

Visually build complex queries by adding expressions and linking them with AND/OR.

Command Line (SPQL)

Write queries directly for maximum flexibility.

Example: Find domains starting with “payments” in both web and dark web data
domain = "payments*" AND datasource = [webscan, torscan]

Saving & Managing Your Queries

After running a successful query:

  1. Click Save.

  2. Give it a clear name and choose Private or Shared.

  3. Add tags for easier filtering later.

To run saved queries later:

  • Go to Web SearchSaved tab.

  • Use the search box or filters (by tag, type, creation date, etc.).

  • Click any query to re-run it instantly.

Practical Use Case: Detecting Fake Banking Pages

Goal: Find phishing sites impersonating a real bank (e.g., aib.ie).

  1. Start with the legitimate domain to gather reference data (favicon, certificate, etc.).

  2. Use the Constructor or the Command Line to build the query:    

    • Match the bank’s favicon_md5_hash

    • Exclude the real certificate provider (ssl.subject_common_name != "DigiCert")

    • Exclude the real domain (domain != "aib.ie")

  3. Run the query and review the results.

  4. Enrich promising hits → pivot to their IPs → use Lookup PADNS to uncover entire clusters of phishing infrastructure.

Real customer outcome: One financial institution discovered dozens of fake banking sites hosted in unexpected countries and blocked them before customer credentials were stolen.

Tips

  • Stack multiple data sources for broader coverage.

  • Use now-7d for recent activity (e.g., scan_date > now-7d).

  • Save every high-value query — they become powerful reusable tools.

  • Combine with Live Scan for real-time validation of results.

Related articles