In the IT field, there are numerous applications with official product names. Using the product filter on Criminal IP makes it possible to identify which applications are running on a specific IP address.

To identify which applications are running on a specific IP address, simply use the product filter on Criminal IP. This filter allows you to search for open-source products like Nginx, ApacheMicrosoft IISLighttpd, and commercial software. For example, take a look at the following search result for SonicWall, often used as a firewall or VPN equipment.

product: filter can be found in IP details

product: filter can be found in IP details

product:sonicwall

Result when Searched product:sonicwall on Criminal IP Asset Search

Search results for “product:sonicwall” on Criminal IP Asset Search

 As seen on the search results page above, the login page for SonicWall is also displayed.

sonicwall login page

SonicWall login page

How to Search for Microsoft Exchange Servers

You can use the same approach to search for Microsoft Exchange servers. To narrow down your search results, you can add “port:443” to your filter, as the SMTP protocol (an email protocol used by Exchange servers) also uses this port. It is worth noting that in March 2021, the Microsoft Exchange server was hit hard by a zero-day vulnerability.

product: “microsoft exchange” port:443

Result when Searched product: “microsoft exchange” port:443 on Criminal IP Asset Search

Search results for “product: “microsoft exchange” port:443” on Criminal IP Asset Search

Outlook Login Page

Outlook Login Page

How to Search for VMware ESXi Servers

Currently, there are around 46,000 results when searching for VMware ESXi. If you want to narrow down your search only to include cases where port 443 and OVH hosting servers are used, you can use the following search query: “product: vmware vcenter server as_name: “ovh sas” port:443”. Our CIP team has previously written a blog post on the VMware ESXi attack surface vulnerability. If you want to learn more about it, click the provided link.

product: vmware vcenter server as_name: “ovh sas” port:443 

VMWare login page

VMware login page

Criminal IP’s Element Analysis feature enables you to check a complete list of products sorted by port.

Result when Searched port:443 on Criminal IP Element Analysis

Search results for “port:443” on Criminal IP Element Analysis


Source: Criminal IP