cve:CVE-2020-9054
Returns all devices with the "CVE-2020-9054" cve
tags:"Mirai"
Returns all devices with the "Mirai" tag
tags:"RDP Scanner"
Returns all devices with the "RDP Scanner" tag
classification:malicious country:Belgium
Returns all compromised devices located in Belgium
classification:malicious rdns:*.gov*
Returns all compromised devices that include .gov in their reverse DNS records
organization:Microsoft classification:malicious
Returns all compromised devices that belong to Microsoft
(scan.port:445 and scan.protocol:TCP) os:Windows*
Return all devices scanning the Internet for port 445/TCP running Windows operating systems (Conficker/EternalBlue/WannaCry)
scan.port:554
Returns all devices scanning the Internet for port 554
-organization:Google web.useragents:*Googlebot*
Returns all devices crawling the Internet with "GoogleBot" in their useragent from a network that does NOT belong to Google
tags:"Siemens PLC Scanner" -classification:benign
Returns all devices scanning the Internet for SCADA devices who ARE NOT tagged by GreyNoise as "benign" (Shodan/Project Sonar/Censys/BinaryEdge/Google/Bing/etc)
classification:benign
Returns all "good guys" scanning the Internet
ja3.fingerprint:795bc7ce13f60d61e9ac03611dd36d90
Returns all devices crawling the Internet with a matching client JA3 TLS/SSL fingerprint
web.paths:"/HNAP1/"
Returns all devices crawling the Internet for the HTTP path "/HNAP1/"
8.0.0.0/8
Returns all devices scanning the Internet from the CIDR block 8.0.0.0/8