Web Search tab

New
  • Updated on Oct 27, 2025
  • 3 minute(s) read
Prev Next

A domain surfaces in your alerts, example.com linked to a Phishing kit. Is it a one-off scan hit, or part of a broader campaign with evolving web assets? Sifting through real-time snapshots misses the historical trail of content shifts and infra moves.

The Web Search tab aggregates Scan Data in Total View, providing a searchable interface and results table for a domain's online presence. Below the Domain Wide View toggle, it reveals historical web content, response codes, and timestamps—ideal for tracking threat evolution without separate queries.

Available for Domains and IPv4, this tab draws from Silent Push’s scan database, contrasting Live Scan's real-time focus by delivering a full historical dataset from all scan points. It complements the detailed guides under Web Data > Web Search, covering advanced query construction, data sources, and use cases, for instance, correlating an IP change in results with an Infrastructure Variance shift.

Why is it useful?

Web content analysis reveals attacker tactics, ranging from phishing pages to exposed directories; however, isolated scans lack context. This tab enables risk assessment and property verification by surfacing historical scans, helping teams identify trends such as repeated favicon hashes that signal kit reuse.

Security analysts use it to validate anomalies (e.g., outdated response codes indicating dormant threats), while defenders monitor subdomains for exposures. Customize queries for targeted views, export for reports, or save to feeds—streamlining workflows from Total View to escalation.

How does it work?

The web scanning engine collects and indexes data in-house, creating searchable historical datasets that rely on no third-party sources. The tab queries this database, returning results such as HTML hashes, headers, and scan dates for the domain and its subdomains.

Unlike Live Scan's on-demand snapshot, Web Search provides directional intel: Track infra movements (e.g., server header changes) or TTPs over time. Domain Wide View expands to subdomains; Basic Raw Data mode delivers unprocessed details (e.g., full HTTP responses) for verification. It ties to other tabs—an IP in results might align with PADNS resolutions—enabling unified analysis.

Generate a set of results

Enter a domain (e.g., example.com) in the search bar to open Total View, and click the Web Search tab. The search interface appears below the Domain Wide View toggle; input parameters (e.g., hostname or data source) are used to populate the results table. Filter by scan date or response code, and toggle Basic Raw Data for unfiltered views.

Example

  • Queryexample.com in Web Search: Results show scans from 2025-09-01, with a 200 response for www.example.com (HTML hash: abc123, server: Apache/2.4.41), and a 404 for api.example.com (timestamp: 2025-08-31).

  • Domain Wide View includes subdomains: A favicon MD5 match (d41d8cd98f00b204e9800998ecf8427e) across blog.example.com, flagging potential kit sharing. Outdated scans (e.g., 301 redirect on 2025-07-15) suggest infra drift.

Tips

The tab centralizes actions for efficient handling: Copy results to the clipboard, customize columns (e.g., add favicon path), or download as CSV for reporting. Save findings to a Feed or Draft Feed to monitor trends, such as recurring open directories.

  • Customize queries: Use the ‘Edit the query' option in the Web Search tooltip to adjust the data source or hostname, focusing on specific subdomains.

  • Analyze results: Check response codes and scan_dates to identify outdated or failed scans.

  • Export data: Use Download or Copy for reporting, and Basic Raw Data for unfiltered details.

  • Save findings: Save to a Feed or Draft Feed to monitor trends or escalate issues.

For anomalies, pivot:

  • A suspicious header? Chain to Infrastructure Variance for ASN ties.

  • Standalone Web Data > Web Search offers SPQL syntax and Dark Web scans. Use Query Constructor for complex filters or Query Multiple Data Sources for broader hunts.