Post Filters
| Use case | Query |
|---|---|
| Search for posts that indicate illegal activity in darknet marketplaces | text:"Selling credit card" AND site.type:market |
| Search for mentions of an organization in a specific site | title:”ACME Resorts” AND site.domain:raidforums.com |
| Search for content in a specific language on a darknet message board or forum | (language:russian site.type:discussions |
| Search for content that was published in a certain time frame from a specific source | site.name:4chan (published:>1596240000000 published:<1599550000000) |
| Search for posts that include routers' default gateway IP (might indicate a cyber risk ) | enriched.ip.value:(127.0.0.1 OR 192.168.0.1 OR 10.0.0.1) |
Thread Filters
| Use case | Query |
|---|---|
| Searching for a group/channel in one of the chat networks | thread.url:"https://t.me/Fullz" |
| Searching for posts from a specific section in the site | thread.site_section:"https://raidforums.com/Forum-Databases" |
| Searching for a thread with a specific topic and a minimum count of participants and comments | thread.title:"openbullet" thread.participants_count:>5 thread.replies_count:>10 |
Extended Filters
| Use case | Query |
|---|---|
| Searching for external links on sites with specific suffixes | extended.external_link:*.onion |
| Searching for content related to drug trafficking in login-protected sites | extended.required_login:true enriched.category:drugs |
| Filter by network | extended.network:telegram |
Enriched Filters
| Use case | Query |
|---|---|
| Filter by category | enriched.category:financial |
| Searching for mentions of emails from a specific domain | enriched.email.value:*@acme.com |
| Searching for specific phone values | enriched.phone.value:*15159992896 |
| Searching for credit card leaks | enriched.credit_card.count:>5 enriched.category:pii |