Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 43135214
+ 853344 DShield reports
+ 32 OTX pulses 		0.998
src login protocol: ssh
port: 22, 2222
src scan port: 22, 2222, 8022, 10022, 22222
src
15 blacklists  22scanner 2025-12-06 02:39:49 2026-05-17 15:43:21
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.56 -- AS208137
TW 3252143
+ 30261 DShield reports 		0.996
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
10 blacklists 2026-05-02 22:54:18 2026-05-17 16:30:58
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 36445182
+ 106600 DShield reports
+ 26 OTX pulses 		0.995
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
12 blacklists  22scanner 2025-11-19 15:20:59 2026-05-17 16:42:57
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 19370162
+ 207667 DShield reports
+ 25 OTX pulses 		0.995
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
12 blacklists 2025-10-05 10:37:13 2026-05-17 16:32:12
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.112 dns112.personaliseplus.com AS47890
RO 19637162
+ 216160 DShield reports
+ 18 OTX pulses 		0.994
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
13 blacklists 2025-10-04 21:56:26 2026-05-17 16:32:12
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 18376204
+ 256088 DShield reports
+ 8 OTX pulses 		0.994
src login protocol: ssh
port: 22, 2222
src
src scan port: 22
16 blacklists  80scanner 2025-11-06 15:20:09 2026-05-17 16:19:20
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.171 -- AS48090
AS47890
RO 22975173
+ 91558 DShield reports
+ 13 OTX pulses 		0.991
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
15 blacklists  22 2025-11-19 15:20:59 2026-05-17 16:41:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.46.255.86 -- AS47890
RO 10644163
+ 57779 DShield reports
+ 4 OTX pulses 		0.990
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists  22, 80, 2000scanner, eol-product 2026-03-11 22:22:32 2026-05-17 16:24:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
87.251.64.176 -- AS200730
US 60520142
+ 394892 DShield reports
+ 13 OTX pulses 		0.990
src login protocol: ssh
port: 22, 2222
src scan
src
4 blacklists 2026-04-21 16:30:41 2026-05-17 16:42:54
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
77.90.185.43 -- AS215476
AS213790
DE 2026482
+ 2422955 DShield reports 		0.978
src scan port: many
src
8 blacklists  111 2025-11-16 03:44:18 2026-05-17 16:40:27
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
77.90.185.235 -- AS215476
AS213790
DE 2066682
+ 2956646 DShield reports 		0.977
src scan port: many
src
8 blacklists  22, 111 2025-11-09 07:26:47 2026-05-17 16:40:57
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.184 -- AS48090
AS47890
RO 15078183
+ 177353 DShield reports
+ 7 OTX pulses 		0.970
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
15 blacklists  22scanner 2025-11-19 14:33:30 2026-05-17 14:58:21
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.158 -- AS208137
DE 19301184
+ 445557 DShield reports
+ 5 OTX pulses 		0.969
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
16 blacklists  22scanner 2025-12-29 18:58:08 2026-05-17 16:39:27
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
35.240.174.82 82.174.240.35.bc.googleusercontent.com AS396982
SG 1405143
+ 208295 DShield reports 		0.967
src login protocol: ssh
port: 22, 2222
src scan
src
10 blacklists  21, 22, 25, 53, 143, ...cloud, starttls, scanner, eol-product, database 2025-05-07 16:08:49 2026-05-17 16:03:26
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.182 -- AS48090
AS47890
RO 14826173
+ 170603 DShield reports
+ 8 OTX pulses 		0.967
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
15 blacklists  22scanner 2025-11-18 16:26:32 2026-05-17 16:38:52
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.65.148.58 176.65.148.58.ptr.pfcloud.network AS51396
NL 2289182
+ 5029182 DShield reports 		0.966
src scan port: many
src
src login protocol: ssh
7 blacklists  22 2025-12-06 16:58:20 2026-05-17 16:40:56
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
130.12.180.51 -- AS214943
AS202412
US 11219153
+ 277527 DShield reports 		0.965
src login protocol: ssh
port: 22, 2222
src botnet_drone
dst malware_distribution
src scan
src
6 blacklists  22, 80, 443eol-product 2025-12-20 07:34:46 2026-05-17 15:41:35
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.145 -- AS47890
RO 15372173
+ 228828 DShield reports
+ 4 OTX pulses 		0.965
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
16 blacklists  22scanner 2025-06-06 07:36:57 2026-05-17 16:24:21
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
167.71.239.213 -- AS14061
IN 1117101
+ 82548 DShield reports 		0.964
src login protocol: ssh
port: 22, 2222
src scan
src
6 blacklists  21, 22, 443, 3306database, self-signed, starttls, cloud 2026-03-13 05:02:01 2026-05-17 16:32:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.151 -- AS47890
RO 14506163
+ 235699 DShield reports
+ 2 OTX pulses 		0.963
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
16 blacklists 2025-06-06 07:43:00 2026-05-17 16:26:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield