Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 41501204
+ 914617 DShield reports
+ 49 OTX pulses 		0.999
src login protocol: ssh
port: 22, 2222
src scan port: 22, 2222, 8022, 10022, 22222
src
12 blacklists  22scanner 2025-12-06 02:39:49 2026-06-08 18:03:14
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
87.251.64.176 -- AS200730
US 116802152
+ 717186 DShield reports
+ 35 OTX pulses 		0.995
src login protocol: ssh
port: 22, 2222
src scan
src
4 blacklists  22 2026-04-21 16:30:41 2026-06-08 18:05:45
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 20339204
+ 277437 DShield reports
+ 11 OTX pulses 		0.995
src login protocol: ssh
port: 22, 2222
src
src scan port: 22
13 blacklists  80scanner 2025-11-06 15:20:09 2026-06-08 18:06:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.171 -- AS48090
AS47890
RO 23488173
+ 95033 DShield reports
+ 29 OTX pulses 		0.991
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
13 blacklists  22 2025-11-19 15:20:59 2026-06-08 17:58:38
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 35543182
+ 106535 DShield reports
+ 29 OTX pulses 		0.991
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
9 blacklists  22scanner 2025-11-19 15:20:59 2026-06-08 18:00:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
139.162.186.99 139-162-186-99.ip.linodeusercontent.com AS63949
DE 1290073
+ 113328 DShield reports 		0.980
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
src exploit
src
21 blacklists  22cloud 2025-04-12 02:01:32 2026-06-08 18:01:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.3 -- AS174
US 39674165
+ 285543 DShield reports 		0.976
src scan port: 445
src
src login protocol: ftp, ssh, telnet
port: 21, 22, 2222
src exploit protocol: ftp
16 blacklists  22, 500, 4500, 9002vpn 2022-12-08 21:05:49 2026-06-08 13:55:44
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.158 -- AS208137
DE 17898184
+ 485653 DShield reports
+ 8 OTX pulses 		0.976
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
13 blacklists 2025-12-29 18:58:08 2026-06-08 18:06:58
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
130.12.180.51 -- AS214943
AS202412
US 12195153
+ 357892 DShield reports 		0.975
src login protocol: ssh
port: 22, 2222
src botnet_drone
src scan
dst malware_distribution
src
5 blacklists  22, 80, 443eol-product 2025-12-20 07:34:46 2026-06-08 17:52:40
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
172.235.181.226 prod48client01.academyforinternetresearch.org AS63949
NL 1608174
+ 75409 DShield reports 		0.974
src scan
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
src
src exploit
18 blacklists  22cloud, cdn 2025-04-12 02:01:30 2026-06-08 18:01:31
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 20010162
+ 219025 DShield reports
+ 27 OTX pulses 		0.974
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-05 10:37:13 2026-06-08 17:57:13
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.112 dns112.personaliseplus.com AS47890
RO 20755152
+ 228085 DShield reports
+ 20 OTX pulses 		0.974
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
9 blacklists 2025-10-04 21:56:26 2026-06-08 17:58:10
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.56 -- AS208137
TW 7812153
+ 71782 DShield reports
+ 2 OTX pulses 		0.973
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
10 blacklists 2026-05-02 22:54:18 2026-06-08 18:02:18
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
172.104.241.98 prod50client01.academyforinternetresearch.org AS63949
DE 1239984
+ 106454 DShield reports 		0.973
src scan port: many
src login protocol: http, ssh, telnet, vnc
port: 22, 23, 80, 2222
src exploit
src
21 blacklists  22cloud 2025-04-12 02:31:32 2026-06-08 10:56:23
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.13 -- AS174
US 38969155
+ 289867 DShield reports 		0.972
src scan
src
src login protocol: ftp, ssh, telnet, vnc
port: 21, 22, 23, 2222
src exploit protocol: ftp
16 blacklists  22, 500, 9002vpn 2024-12-11 02:13:13 2026-06-08 13:53:59
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
185.156.73.233 -- AS210848
AS211736
ZA 4846174
+ 230898 DShield reports
+ 15 OTX pulses 		0.972
src login protocol: ssh
port: 22, 2222
src scan
src
13 blacklists  22, 111 2025-05-15 03:41:41 2026-06-08 16:13:45
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
64.23.161.101 bed.census.shodan.io AS14061
US 25954145
+ 163526 DShield reports 		0.972
src scan port: 21, 135
src
src login protocol: ftp, ssh, vnc
port: 21, 22, 2222
src exploit protocol: ftp
13 blacklists  22, 500cloud, vpn 2025-09-22 02:16:28 2026-06-08 18:07:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
143.198.150.150 deimos.census.shodan.io AS14061
US 26360145
+ 162713 DShield reports 		0.972
src scan port: 135, 445
src
src login protocol: ftp, ms-sql-s, ssh, telnet, vnc
port: 21, 22, 23, 1433, 2222
src exploit protocol: ftp
12 blacklists  500, 9002cloud, vpn 2025-09-22 03:27:28 2026-06-08 18:07:20
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
152.32.226.205 test1233.asia AS135377
HK 113674143
+ 21642 DShield reports
+ 1 OTX pulses 		0.971
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
src
src exploit protocol: http
18 blacklists  111 2026-05-12 09:36:46 2026-06-08 18:05:40
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.2 -- AS174
US 38814155
+ 277926 DShield reports 		0.971
src scan port: 135
src
src login protocol: ftp, ssh, telnet, vnc
port: 21, 22, 2222
src exploit protocol: ftp
16 blacklists  22, 500, 4500, 9002vpn 2022-12-08 05:10:54 2026-06-08 13:55:19
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield