Silent Push offers two powerful tools, Web Search and Live Scan, that help users analyze web content and infrastructure, but they serve distinct purposes. Users often wonder if these tools are interchangeable or what distinguishes them. This comparison clarifies their differences, use cases, and how they complement each other.
Web Search
Web Search is a historical analysis feature within Silent Push subscriptions, scanning the clearnet and darkweb for infrastructure matching granular parameters. It returns a dataset from all past scan points, tracking the movement of threats over time and revealing content across redirect chains.
Live Scan
Live Scan is a real-time analysis tool that scans any URL, public or dark web, and delivers instant insights. It provides a live screenshot, HTML title, favicon, redirection details, SSL issuer data, and color-coded risk scores for domains and IPs, capturing the current state of a webpage.
Key differences
Aspect | Web Search | Live Scan |
|---|---|---|
Data Type | Historical, multi-point dataset | Real-time, single-point data |
Time Frame | Analyzes past scans (e.g., all scan points | Captures current state (e.g., “scan today”) |
Scope | Broad queries across infrastructure | One URL at a time |
Data Points | 100+ fields (e.g., WHOIS, Torscan | Screenshot, risk scores, SSL, etc. |
Use Case Speed | Trend analysis and deep pivoting | Immediate investigation |
Interface | Query Constructor, Command Line | Simple, Advanced, Dark Web options |
Example query |
| Scan |
Data type and Time frame: Web Search dives into historical data, showing how infrastructure has evolved (e.g., a domain’s IP changes over months), while Live Scan captures the present, offering a snapshot of a URL as it exists now—key for urgent threats like phishing.
Scope: Web Search casts a wide net, querying across domains, IPs, and data sources (e.g., webscan, torscan) to identify patterns, whereas Live Scan targets a specific URL for instant enrichment.
Data points: Web Search provides over 100 parameters (e.g., header hashes, geo location) for forensic analysis, while Live Scan delivers visual screenshots and real-time risk scores for quick validation.
Use case speed: Web Search suits strategic analysis (e.g., mapping an attack surface), while Live Scan excels at immediate action (e.g., blocking a suspicious link in minutes).
Interface: Web Search offers a query constructor or SPQL syntax for technical users, while Live Scan provides intuitive scan types (Simple, Advanced, Dark Web).
Are they interchangeable?
No, they aren’t interchangeable. Web Search is your detective, uncovering historical trends and broader infrastructure (e.g., all domains using a spoofed favicon), while Live Scan is your first responder: use it to investigate a single URL in real time (e.g., a reported phishing link). Using Web Search for real-time checks or Live Scan for historical analysis would limit their effectiveness.
How they complement each other
Workflow integration: Start with Web Search to identify suspicious domains (e.g.,
domain != "irs.gov" AND favicon_md5_hash = [IRS_hash]), then use Live Scan to inspect a flagged URL live, confirming a phishing page with a screenshot and risk score.Threat hunting: Web Search maps the landscape (e.g., attacker TTPs), while Live Scan verifies active threats, like a redirect chain leading to malware.
Brand protection: Web Search spots impersonation trends (e.g., PayPal favicon misuse), and Live Scan checks a specific fake site’s current content to take action.
Use Web Search for deep, historical insights and Live Scan for urgent, real-time URL checks. Together, they form a strong defense—Web Search finds the needle, and Live Scan confirms it’s sharp. Choose based on your need: long-term analysis or instant validation.