Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 40527224
+ 842887 DShield reports
+ 49 OTX pulses
0.991
src scan port: 22, 2222, 8022, 10022, 22222
src login protocol: ssh
port: 22, 2222
src
12 blacklists  22 2025-12-06 02:39:49 2026-07-01 05:03:49
2.57.121.25 hosting25.tronicsat.com AS47890
RO 19422173
+ 185118 DShield reports
+ 27 OTX pulses
0.975
src login protocol: ssh
port: 22, 2222
src scan port: 22
8 blacklists 2025-10-05 10:37:13 2026-07-01 05:07:59
94.154.35.215 -- AS214943
AS214976
AS202412
NL 116727162
+ 369173 DShield reports
0.973
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  10004, 10030, 10051, 10089, 10181, ... 2026-01-26 15:00:07 2026-07-01 04:59:10
77.83.246.97 200635.ip-ptr.tech AS215540
PL 41772074
+ 4196 DShield reports
0.971
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
17 blacklists  22 2026-06-09 19:30:23 2026-07-01 04:40:12
31.132.90.3 -- AS197556
KZ 25764753
+ 30389 DShield reports
0.970
src scan port: 22, 23, 80, 443, 2222, 2375
15 blacklists 2026-06-03 13:16:16 2026-07-01 05:06:40
150.254.160.250 rutherfordium.man.poznan.pl AS9112
PL 1712 0.970
20 blacklists 2026-06-28 09:40:40 2026-06-29 06:26:57
193.46.255.86 -- AS47890
RO 15768214
+ 69670 DShield reports
+ 4 OTX pulses
0.968
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
11 blacklists  22, 80, 2000eol-product 2026-03-11 22:22:32 2026-07-01 04:57:41
2.57.121.112 dns112.personaliseplus.com AS47890
RO 19408163
+ 190442 DShield reports
+ 20 OTX pulses
0.968
src login protocol: ssh
port: 22, 2222
src scan port: 22
8 blacklists 2025-10-04 21:56:26 2026-07-01 04:34:25
209.99.185.239 -- AS402253
CH 34710973
+ 9166 DShield reports
0.963
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 23
17 blacklists 2026-05-12 09:41:03 2026-07-01 04:58:44
91.92.33.248 -- AS207043
DE 52742
+ 88029 DShield reports
0.962
src scan port: 80, 443, 8080, 8443
src
15 blacklists  22, 443, 1337self-signed 2026-06-23 14:52:59 2026-07-01 04:29:36
172.235.181.217 prod47client01.academyforinternetresearch.org AS63949
NL 1260794
+ 61410 DShield reports
0.961
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
20 blacklists 2025-04-12 02:01:33 2026-07-01 05:01:12
45.148.10.200 -- AS48090
NL 550852
+ 161613 DShield reports
+ 2 OTX pulses
0.960
src scan port: 80, 443, 8080
src
14 blacklists 2026-05-27 20:08:57 2026-07-01 05:05:49
152.32.174.171 -- AS135377
HK 8227183
+ 5722 DShield reports
0.960
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
17 blacklists 2026-05-13 17:34:06 2026-07-01 04:59:37
220.197.14.60 -- AS4837
CN 266816113
+ 5663 DShield reports
0.955
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
14 blacklists 2026-06-16 12:23:41 2026-06-29 22:10:57
176.32.193.16 -- AS197834
AM 57641234
+ 114633 DShield reports
+ 6 OTX pulses
0.954
src scan port: many
src login protocol: ssh, telnet
port: 22, 23, 2222
src
15 blacklists 2026-03-12 10:40:05 2026-07-01 05:08:29
207.90.244.20 -- AS174
US 39553105
+ 278277 DShield reports
0.954
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
14 blacklists  22, 123, 500, 9002vpn 2025-04-17 23:01:18 2026-07-01 05:04:53
207.90.244.21 -- AS174
US 39432135
+ 282746 DShield reports
0.952
src scan
src
15 blacklists  22, 123, 500, 9002vpn 2025-06-20 19:12:40 2026-07-01 05:04:39
172.185.40.47 -- AS8075
US 74698553
+ 20449 DShield reports
0.949
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23
19 blacklists  22cloud 2026-03-25 12:07:27 2026-07-01 04:53:08
95.59.142.69 -- AS9198
KZ 289879114
+ 5146 DShield reports
0.947
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
18 blacklists  22, 443, 3306, 33060database, eol-product, self-signed 2026-06-04 01:48:05 2026-06-30 17:19:05
207.90.244.22 -- AS174
US 39427145
+ 277442 DShield reports
0.947
src scan
src
13 blacklists  22, 123, 500, 4500, 9002vpn 2025-04-17 23:09:24 2026-07-01 05:07:49