--- title: "How to Use Live Scan for Effective Threat Detection" slug: "how-to-use-live-scan-for-effective-threat-detection" description: "You can one-click pivot on domains and IPs returned in a set of Live Scan results, and perform additional DNS queries from within the results set." tags: ["live scan", "Redirect Chain", "Risk Scores"] updated: 2025-12-30T16:18:22Z published: 2025-12-30T16:18:22Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # How to Use Live Scan for Effective Threat Detection Once you’ve run a Live Scan, the results offer a wealth of data: screenshots, redirect chains, risk scores, SSL details, and content hashes. This guide shows you how to manipulate and pivot this data to uncover threats and strengthen your security. This data directly impacts your safety. A screenshot might reveal a phishing form targeting your personal info, while risk scores help prioritize which URLs to block. For organizations, it streamlines incident response, enabling you to contain threats quickly and protect your team from malicious domains. ## View Scan Highlights Check the top section for: - Searched URL and final URL after redirects. - Redirect Chain (e.g., hidden layers of phishing). - Silent Push Risk Scores (domain and IP). - ASN Information. ## Spoof Detection Example - Start with a legitimate domain (e.g., `irs.gov`) via Web Scanner. - Expand results, add `favicon_md5_hash = [IRS_hash]` and `ssl.subject_common_name != "UST"` (legit issuer), then set domain `!= "irs.gov"`. - Run the query, copy a suspicious URL (e.g., a Let’s Encrypt site), and paste it into Live Scan. - See a screenshot of a fraud page and enrich its IP/domain data. ## Add to Web Search Query - Left-click a blue result, select **Add to Query Column**, and pick an operator (e.g., `=` or `contains`). - A new tab opens with a Web Search query, letting you refine your search. ## View Raw Data - Click **Basic Raw Data**, then **Copy Raw Data** to the clipboard for deeper analysis. ## Assess Risk Scores - See risk scores for `origin_domain` and `origin_ip` next to the screenshot. - Left-click to pivot for more details (see [Risk Scoring](/v1/docs/how-silent-push-calculates-risk-scores)). ## Explore Redirect Chains - View the full chain from origin to final URL at the top of the results. - Copy specific data using the copy icon next to each entry. ## Real-World Use - SOC analysts use pivots to track phishing links. - IR teams map breach vectors via redirect chains. - Threat analysts build predictive models from enriched data. ## Historical Context Click **Scan History** after a scan to access the Web Search’s historical dataset for the URL, appended with the data source (public or .onion). For example, scanning `https://www.silentpush.com` and checking the history auto-executes a query for past data. ### A real-time analysis tool that scans a specific URL to capture current data, such as screenshots, HTML titles, favicons, redirect chains, and SSL details, for immediate threat validation. Autonomous System Number, a unique numeric identifier assigned to an Autonomous System (AS) for managing IP address routing within and between networks on the internet Unprocessed query results in JSON format, containing detailed threat intelligence data for further analysis or integration.