Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 35176174
+ 468694 DShield reports
+ 9 OTX pulses 		1.000
src login protocol: ssh
port: 22
src scan port: 22, 2222, 8022, 51922
src
15 blacklists 2025-12-06 02:39:49 2026-02-13 17:03:37
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 10366163
+ 116185 DShield reports
+ 7 OTX pulses 		0.999
src login protocol: ssh
src scan port: 22
10 blacklists 2025-10-05 10:37:13 2026-02-13 17:05:55
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
91.215.85.88 -- AS200593
RU 104956152
+ 1732349 DShield reports 		0.998
src login protocol: ssh
port: 22
5 blacklists  135, 137, 5985, 50100 2025-11-14 08:31:47 2026-02-13 17:05:55
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.120.22.52 -- AS198953
RU 4060132
+ 92792 DShield reports
+ 12 OTX pulses 		0.998
src login protocol: ssh
src scan port: many
6 blacklists 2026-01-16 11:03:58 2026-02-13 17:06:11
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.159 -- AS208137
DE 11359143
+ 74626 DShield reports
+ 5 OTX pulses 		0.995
src login protocol: ssh
port: 22
src scan port: 22
11 blacklists  3389self-signed 2025-12-30 18:59:58 2026-02-13 16:49:42
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 7177142
+ 95264 DShield reports
+ 3 OTX pulses 		0.994
src login protocol: ssh
src scan port: 22
12 blacklists  22 2025-11-19 15:20:59 2026-02-13 17:04:00
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.56 -- AS48090
AS47890
US 6495143
+ 340154 DShield reports
+ 5 OTX pulses 		0.994
src scan port: 22
src login protocol: ssh
port: 22
14 blacklists  22scanner 2025-06-06 22:18:48 2026-02-13 17:06:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.171 -- AS48090
AS47890
RO 6195143
+ 226475 DShield reports
+ 4 OTX pulses 		0.993
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists  22scanner 2025-11-19 15:20:59 2026-02-13 17:06:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 2650144
+ 183708 DShield reports 		0.991
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  22, 80scanner 2025-11-06 15:20:09 2026-02-13 16:24:35
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.72 -- AS48090
AS47890
US 5924142
+ 352809 DShield reports
+ 121 OTX pulses 		0.989
src login protocol: ssh
src scan port: 22
15 blacklists  22scanner 2025-01-05 11:23:47 2026-02-13 17:06:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.95 -- AS48090
AS47890
US 14450183
+ 165582 DShield reports
+ 4 OTX pulses 		0.982
src scan port: 22
src login protocol: ssh
port: 22
16 blacklists 2025-04-16 06:10:40 2026-02-13 17:06:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
94.154.35.215 -- AS214943
AS214976
AS202412
NL 1323792 0.982
src login protocol: ssh
port: 22
3 blacklists  135, 137, 139, 445, 5985, ... 2026-01-26 15:00:07 2026-02-13 17:07:42
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
147.139.164.196 -- AS45102
ID 2519113
+ 9036 DShield reports
+ 3 OTX pulses 		0.981
src login protocol: ssh
src scan port: 22
src
5 blacklists  21, 22, 80, 443, 3306eol-product, database, self-signed, cloud 2024-10-17 09:08:32 2026-02-13 16:42:51
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
179.43.133.154 hostedby.privatelayer.com AS51852
CH 21691102
+ 77405 DShield reports 		0.981
src login protocol: ssh
port: 22
1 blacklist  135, 137, 445, 5985, 10000, ... 2025-09-02 11:59:39 2026-02-13 11:15:12
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.158 -- AS208137
DE 9908145
+ 89962 DShield reports
+ 2 OTX pulses 		0.980
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  22scanner 2025-12-29 18:58:08 2026-02-13 17:05:40
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.145 -- AS47890
RO 10890194
+ 160858 DShield reports
+ 1 OTX pulses 		0.976
src login protocol: ssh
port: 22
src scan port: 22
16 blacklists  22scanner 2025-06-06 07:36:57 2026-02-13 15:10:08
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.182 -- AS48090
AS47890
RO 16552194
+ 75710 DShield reports
+ 1 OTX pulses 		0.972
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists 2025-11-18 16:26:32 2026-02-13 17:05:55
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
104.248.242.212 -- AS14061
DE 819103
+ 2884 DShield reports
+ 4 OTX pulses 		0.969
src login protocol: ssh
src scan port: 22
src
4 blacklists  22cloud 2026-01-04 12:41:38 2026-02-13 16:33:50
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.65.148.29 176.65.148.29.ptr.pfcloud.network AS51396
NL 826451
+ 149437 DShield reports 		0.968
src scan port: 8332, 8545
4 blacklists  22, 80scanner 2026-01-08 22:28:08 2026-02-13 17:07:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
149.100.11.243 -- AS174
ES 8026183
+ 24525 DShield reports
+ 6 OTX pulses 		0.965
src login protocol: ssh, telnet
src scan port: 22, 23, 80, 2222, 3389
src
7 blacklists  80eol-product, scanner 2025-04-23 18:49:59 2026-02-13 16:42:34
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield