--- title: "How to Use Web Search" slug: "how-to-use-web-search" tags: ["Historical Scans", "Phishing Detection", "Web Search"] updated: 2025-12-10T17:08:43Z published: 2025-12-10T17:08:43Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # How to Use Web Search Every domain you look up in Silent Push comes with complete historical web searches — page titles, server banners, detected technologies, favicons, certificates, HTTP headers, and more, going back years. And every blue value is a one-click pivot across the entire global Web Search database. ### Open Any Domain in Total View Search any domain or IP. Click the result, and you’re now in Total View. Scroll down and click the **Web Search** tab. The moment the tab loads, you get: - All historical scan dates for this domain/IP - Live-captured metadata from every scan - Full timeline of when the site changed ### Expand Any Scan Date Click the Expand arrow next to any date, even if the title looks the same. You now see everything Silent Push captured at that exact moment: - Page Title & Meta Description - Server banner & full HTTP headers - Detected technologies (CMS, frameworks, libraries) - Favicon (with MD5/SHA256 hash) - SSL/TLS certificate details (CN, issuer, validity) - Redirect chains - Full response snapshot ### One-Click Pivot on Anything Blue - Click a blue **favicon hash** to instantly see every other site using the identical favicon (actor branding gold) - Click a blue **certificate serial** to find every domain using the same cert - Click a blue **technology** (e.g., “Apache/2.4.41” or “WordPress 6.1”) to reveal the actor’s full tech stack footprint - Click a blue **server banner** to uncover every server running the same configuration [Web Scanner.mov](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Web%20Scanner.mov) ### Real-World Example Workflows **Who else is using this exact phishing kit template?** - Open **Total View > Web Search > Expand the latest scan,** then click the blue favicon hash to see 200+ identical phishing pages instantly. **Did the actor rotate certificates to evade blocking?** - Look at the certificate history, click an old cert serial to reveal every other domain that used it before the switch. **Is this part of a bigger campaign using the same server setup?** - Click the blue server banner or specific tech (e.g., “nginx/1.18.0”) to expose hundreds of related malicious hosts. ### Tips - Always expand multiple scan dates — actors frequently swap pages overnight. - Favicon hash is usually the single most powerful pivot in Web Search. - Combine with the PADNS tab to see which IPs served the same favicon over time. - Combine with the Certificates tab for even deeper cert-based pivots.