Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 41090224
+ 848951 DShield reports
+ 49 OTX pulses
0.998
src login protocol: ssh
port: 22, 2222
src scan port: 22, 2222, 8022, 10022, 22222
src
12 blacklists  22 2025-12-06 02:39:49 2026-06-29 21:52:28
2.57.121.112 dns112.personaliseplus.com AS47890
RO 19816163
+ 195480 DShield reports
+ 20 OTX pulses
0.983
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-04 21:56:26 2026-06-29 21:50:28
2.57.121.25 hosting25.tronicsat.com AS47890
RO 19497173
+ 186771 DShield reports
+ 27 OTX pulses
0.983
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-05 10:37:13 2026-06-29 21:48:29
193.46.255.86 -- AS47890
RO 16136214
+ 69644 DShield reports
+ 4 OTX pulses
0.979
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
11 blacklists  22, 80, 2000eol-product 2026-03-11 22:22:32 2026-06-29 21:47:52
31.132.90.3 -- AS197556
KZ 25678953
+ 26597 DShield reports
0.969
src scan port: 22, 23, 80, 443, 2222, 2375
15 blacklists 2026-06-03 13:16:16 2026-06-29 21:52:59
220.197.14.60 -- AS4837
CN 265723113
+ 4987 DShield reports
0.967
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
14 blacklists 2026-06-16 12:23:41 2026-06-29 21:51:39
95.59.142.69 -- AS9198
KZ 28968594
+ 4802 DShield reports
0.963
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
18 blacklists  22, 443, 3306, 33060database, eol-product, self-signed 2026-06-04 01:48:05 2026-06-29 21:52:50
94.154.35.215 -- AS214943
AS214976
AS202412
NL 114771162
+ 362020 DShield reports
0.962
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  10004, 10030, 10051, 10089, 10181, ... 2026-01-26 15:00:07 2026-06-29 21:54:24
45.148.10.200 -- AS48090
NL 535652
+ 148787 DShield reports
+ 2 OTX pulses
0.962
src scan port: 80, 443, 8080
src
14 blacklists 2026-05-27 20:08:57 2026-06-29 21:50:39
45.153.34.112 -- AS51396
AS197170
NL 31568183
+ 565745 DShield reports
0.959
src login protocol: ssh
port: 22, 2222
src scan port: 22
10 blacklists 2026-04-27 07:57:31 2026-06-29 21:48:15
207.90.244.22 -- AS174
US 39630145
+ 278362 DShield reports
0.959
src scan
src
13 blacklists  22, 123, 500, 4500, 9002vpn 2025-04-17 23:09:24 2026-06-29 21:53:48
77.83.246.97 200635.ip-ptr.tech AS215540
PL 37638964
+ 3774 DShield reports
0.958
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
17 blacklists  22 2026-06-09 19:30:23 2026-06-29 21:43:04
88.151.33.203 -- AS41608
NL 32780763
+ 2527 DShield reports
0.958
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23
15 blacklists 2026-06-07 23:41:14 2026-06-29 21:47:29
212.127.90.201 -- AS35179
PL 38533343
+ 8290 DShield reports
0.958
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
17 blacklists 2026-06-10 08:21:27 2026-06-29 21:45:09
45.156.87.204 -- AS51396
AS197170
NL 29555163
+ 564340 DShield reports
+ 1 OTX pulses
0.958
src login protocol: ssh
port: 22, 2222
src scan port: 22
9 blacklists  22 2026-04-27 07:53:37 2026-06-29 21:47:45
91.224.92.17 srv-91-224-92-17.serveroffer.net AS133398
AS209605
GB 4328184
+ 34691 DShield reports
0.957
src scan port: 22
src login protocol: ssh
port: 22, 2222
src botnet_drone
9 blacklists  3389self-signed, eol-os 2026-06-15 23:49:32 2026-06-29 21:54:39
207.90.244.25 -- AS174
US 37577145
+ 273321 DShield reports
0.957
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
15 blacklists  22, 123, 500, 4500vpn 2025-04-17 23:19:22 2026-06-29 21:51:29
64.23.214.73 mechanicus.census.shodan.io AS14061
US 29510145
+ 158974 DShield reports
0.956
src scan
src
14 blacklists  22cloud 2025-09-22 03:39:39 2026-06-29 21:54:57
178.16.54.226 -- AS209800
AS214943
AS214976
AS202412
NL 25528162
+ 73008 DShield reports
0.956
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  137, 5985, 10001, 10009, 10021, ... 2026-02-02 12:45:30 2026-06-29 21:44:02
176.65.139.216 -- AS51396
AS214472
LU 9622164
+ 124281 DShield reports
0.955
src login protocol: ssh
port: 22, 2222
src scan port: 22
9 blacklists 2026-05-25 16:52:03 2026-06-29 21:53:27