Once you’ve run a Live Scan, the results offer a wealth of data: screenshots, redirect chains, risk scores, SSL details, and content hashes. This guide shows you how to manipulate and pivot this data to uncover threats and strengthen your security.
This data directly impacts your safety. A screenshot might reveal a phishing form targeting your personal info, while risk scores help prioritize which URLs to block. For organizations, it streamlines incident response, enabling you to contain threats quickly and protect your team from malicious domains.
View Scan Highlights
Check the top section for:
Searched URL and final URL after redirects.
Redirect Chain (e.g., hidden phishing layers).
Silent Push Risk Scores (domain and IP).
ASN Information.
Spoof detection example
Start with a legitimate domain (e.g.,
irs.gov
) via Web Scanner.Expand results, add
favicon_md5_hash = [IRS_hash]
andssl.subject_common_name != "UST"
(legit issuer), then set domain!= "irs.gov"
.Run the query, copy a suspicious URL (e.g., a Let’s Encrypt site), and paste it into Live Scan.
See a screenshot of a fraud page and enrich its IP/domain data.
Add to Web Scanner Query
Left-click a blue result, select Add to Query Column, and pick an operator (e.g.,
=
orcontains
).A new tab opens with a Web Search query, letting you refine your search.
View Raw Data
Click Basic Raw Data, then Copy Raw Data to the clipboard for deeper analysis.
Assess Risk Scores
See risk scores for
origin_domain
andorigin_ip
next to the screenshot.Left-click to pivot for more details (see Risk Scoring).
Explore Redirect Chains
View the full chain from origin to final URL at the top of the results.
Copy specific data using the copy icon next to each entry.
Real-World Use
SOC analysts use pivots to track phishing links.
IR teams map breach vectors via redirect chains.
Threat analysts build predictive models from enriched data.
Historical Context
Click Scan History after a scan to access Web Scanner's historical dataset for the URL, appended with the data source (public or .onion). For example, scanning https://www.silentpush.com
and checking the history auto-executes a query for past data.