Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 40713224
+ 841727 DShield reports
+ 59 OTX pulses
0.999
src login protocol: ssh
port: 22, 2222
src scan port: 22, 2222, 8022, 10022, 22222
src
12 blacklists  22 2025-12-06 02:39:49 2026-07-02 20:46:55
193.46.255.86 -- AS47890
RO 16099214
+ 69861 DShield reports
+ 4 OTX pulses
0.985
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
10 blacklists  22, 80, 2000scanner, eol-product 2026-03-11 22:22:32 2026-07-02 21:41:33
2.57.121.25 hosting25.tronicsat.com AS47890
RO 19253173
+ 179440 DShield reports
+ 27 OTX pulses
0.979
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-05 10:37:13 2026-07-02 21:35:34
2.57.121.112 dns112.personaliseplus.com AS47890
RO 19399163
+ 187671 DShield reports
+ 20 OTX pulses
0.978
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-04 21:56:26 2026-07-02 21:35:34
45.148.10.200 -- AS48090
NL 571352
+ 167722 DShield reports
+ 2 OTX pulses
0.976
src scan port: 80, 443, 8080
src
14 blacklists 2026-05-27 20:08:57 2026-07-02 21:38:08
150.254.160.250 rutherfordium.man.poznan.pl AS9112
PL 1712 0.969
20 blacklists 2026-06-28 09:40:40 2026-06-29 06:26:57
176.32.193.16 -- AS197834
AM 57544234
+ 113321 DShield reports
+ 10 OTX pulses
0.969
src scan port: many
src login protocol: rdp, redis, ssh, telnet
port: 22, 23, 2222
src
15 blacklists 2026-03-12 10:40:05 2026-07-02 21:43:50
45.148.10.157 -- AS48090
NL 7996152
+ 10938 DShield reports
+ 50 OTX pulses
0.968
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
12 blacklists 2026-01-21 16:55:29 2026-07-02 21:38:08
45.148.10.151 -- AS48090
NL 8012142
+ 11129 DShield reports
+ 50 OTX pulses
0.966
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
12 blacklists 2026-01-21 16:55:29 2026-07-02 21:38:08
45.148.10.147 -- AS48090
NL 7955152
+ 11105 DShield reports
+ 51 OTX pulses
0.963
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
12 blacklists 2026-01-21 16:55:29 2026-07-02 21:38:08
172.235.181.217 prod47client01.academyforinternetresearch.org AS63949
NL 1261894
+ 61410 DShield reports
0.963
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
20 blacklists 2025-04-12 02:01:33 2026-07-02 21:41:06
45.148.10.141 -- AS48090
NL 7937142
+ 10962 DShield reports
+ 50 OTX pulses
0.961
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
12 blacklists 2026-01-21 16:12:25 2026-07-02 21:38:08
31.132.90.3 -- AS197556
KZ 25870653
+ 32061 DShield reports
0.957
src scan port: 22, 23, 80, 443, 2222, 2375
15 blacklists 2026-06-03 13:16:16 2026-07-02 21:42:29
94.154.35.215 -- AS214943
AS214976
AS202412
NL 113441152
+ 357877 DShield reports
0.956
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  10004, 10030, 10051, 10089, 10181, ... 2026-01-26 15:00:07 2026-07-02 21:31:32
207.90.244.10 -- AS174
US 36196135
+ 221438 DShield reports
0.955
src scan
src
14 blacklists  22, 500, 9002vpn 2023-06-22 02:59:30 2026-07-02 21:41:00
207.90.244.21 -- AS174
US 39307135
+ 280587 DShield reports
0.953
src scan
src
15 blacklists  22, 123, 500, 9002vpn 2025-06-20 19:12:40 2026-07-02 21:43:39
155.103.69.40 static-155-103-69-40.whitelabelservices.us AS44382
US 7765144
+ 139920 DShield reports
0.953
src login protocol: ssh
port: 22, 2222
src scan port: 22
8 blacklists 2026-06-18 19:11:48 2026-07-02 21:42:39
195.178.110.232 -- AS48090
BG 663125
+ 15224 DShield reports
+ 4 OTX pulses
0.951
src login protocol: ssh, telnet
port: 22, 2222
src
src scan port: 22
9 blacklists 2026-06-24 20:32:22 2026-07-02 20:33:49
116.99.49.208 dynamic-adsl.viettel.vn AS7552
VN 5522273
+ 3994 DShield reports
0.950
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
16 blacklists  53, 8123, 8291iot 2026-05-20 18:19:47 2026-07-02 21:43:48
207.90.244.22 -- AS174
US 39667145
+ 277807 DShield reports
0.950
src scan
src
13 blacklists  22, 123, 500, 4500, 9002vpn 2025-04-17 23:09:24 2026-07-02 21:43:39