Work with Live Scan data

Updated
  • Updated on Sep 24, 2025
  • Published on Apr 2, 2024
  • 1 minute(s) read
Prev Next

Once you’ve run a Live Scan, the results offer a wealth of data: screenshots, redirect chains, risk scores, SSL details, and content hashes. This guide shows you how to manipulate and pivot this data to uncover threats and strengthen your security.

This data directly impacts your safety. A screenshot might reveal a phishing form targeting your personal info, while risk scores help prioritize which URLs to block. For organizations, it streamlines incident response, enabling you to contain threats quickly and protect your team from malicious domains.

View Scan Highlights

Check the top section for:

  • Searched URL and final URL after redirects.

  • Redirect Chain (e.g., hidden phishing layers).

  • Silent Push Risk Scores (domain and IP).

  • ASN Information.

Spoof detection example

  • Start with a legitimate domain (e.g., irs.gov) via Web Scanner.

  • Expand results, add favicon_md5_hash = [IRS_hash] and ssl.subject_common_name != "UST" (legit issuer), then set domain != "irs.gov".

  • Run the query, copy a suspicious URL (e.g., a Let’s Encrypt site), and paste it into Live Scan.

  • See a screenshot of a fraud page and enrich its IP/domain data.

Add to Web Scanner Query

  • Left-click a blue result, select Add to Query Column, and pick an operator (e.g., = or contains).

  • A new tab opens with a Web Search query, letting you refine your search.

View Raw Data

  • Click Basic Raw Data, then Copy Raw Data to the clipboard for deeper analysis.

Assess Risk Scores

  • See risk scores for origin_domain and origin_ip next to the screenshot.

  • Left-click to pivot for more details (see Risk Scoring).

Explore Redirect Chains

  • View the full chain from origin to final URL at the top of the results.

  • Copy specific data using the copy icon next to each entry.

Real-World Use

  • SOC analysts use pivots to track phishing links.

  • IR teams map breach vectors via redirect chains.

  • Threat analysts build predictive models from enriched data.

Historical Context

Click Scan History after a scan to access Web Scanner's historical dataset for the URL, appended with the data source (public or .onion). For example, scanning https://www.silentpush.com and checking the history auto-executes a query for past data.