Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 41071204
+ 850739 DShield reports
+ 49 OTX pulses 		0.998
src login protocol: ssh
port: 22, 2222
src scan port: 22, 2222, 8022, 10022, 22222
src
11 blacklists  22 2025-12-06 02:39:49 2026-06-26 20:50:11
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 19687173
+ 194505 DShield reports
+ 27 OTX pulses 		0.984
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-05 10:37:13 2026-06-26 20:40:06
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.112 dns112.personaliseplus.com AS47890
RO 20145163
+ 202454 DShield reports
+ 20 OTX pulses 		0.983
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
9 blacklists 2025-10-04 21:56:26 2026-06-26 20:51:38
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.46.255.86 -- AS47890
RO 15880214
+ 69317 DShield reports
+ 4 OTX pulses 		0.978
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
11 blacklists  22, 80, 2000eol-product 2026-03-11 22:22:32 2026-06-26 20:50:00
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.25 -- AS174
US 37326145
+ 270542 DShield reports 		0.972
src scan
src
15 blacklists  22, 123, 500, 4500vpn 2025-04-17 23:19:22 2026-06-26 20:50:45
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
141.98.83.240 -- AS209588
PA 4745143
+ 13619 DShield reports 		0.970
src login protocol: ssh
port: 22, 2222
src scan port: 22
8 blacklists  6100, 6134, 6432, 6561, 6661, ... 2026-06-15 19:53:12 2026-06-26 20:50:00
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
212.227.235.203 ip212-227-235-203.pbiaas.com AS8560
ES 2065123
+ 1790 DShield reports 		0.968
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
16 blacklists 2026-06-18 00:04:02 2026-06-26 20:39:36
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
139.162.186.99 139-162-186-99.ip.linodeusercontent.com AS63949
DE 1293773
+ 98051 DShield reports 		0.967
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
22 blacklists  22cloud 2025-04-12 02:01:32 2026-06-26 20:51:06
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
220.197.14.60 -- AS4837
CN 202160113
+ 3582 DShield reports 		0.966
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
14 blacklists 2026-06-16 12:23:41 2026-06-26 20:46:50
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.32.193.16 -- AS197834
AM 57332224
+ 113568 DShield reports
+ 6 OTX pulses 		0.964
src scan port: many
src login protocol: ssh, telnet
port: 22, 23, 2222
src
15 blacklists 2026-03-12 10:40:05 2026-06-26 20:50:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
31.132.90.3 -- AS197556
KZ 25482853
+ 21803 DShield reports 		0.963
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: telnet
port: 23
15 blacklists 2026-06-03 13:16:16 2026-06-26 20:51:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
204.76.203.206 204.76.203.206.ptr.pfcloud.network AS51396
NL 2865652
+ 1665139 DShield reports 		0.963
src scan port: many
src
12 blacklists 2025-05-17 20:54:30 2026-06-26 15:10:56
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
5.101.64.6 scan.f6.security AS34665
RU 14299214
+ 32564 DShield reports
+ 2 OTX pulses 		0.962
src scan port: many
src
12 blacklists 2025-06-20 09:15:42 2026-06-26 20:47:49
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.22 -- AS174
US 39391145
+ 277514 DShield reports 		0.961
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
13 blacklists  22, 123, 500, 4500, 9002vpn 2025-04-17 23:09:24 2026-06-26 20:51:04
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.20 -- AS174
US 39499105
+ 276994 DShield reports 		0.960
src scan
src
14 blacklists  22, 123, 500, 9002vpn 2025-04-17 23:01:18 2026-06-26 20:49:19
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.27 -- AS174
US 39915145
+ 277328 DShield reports 		0.958
src scan
src
16 blacklists  22, 123, 500, 4500, 9002vpn 2025-04-17 23:25:56 2026-06-26 20:50:13
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
88.151.33.203 -- AS41608
NL 31145053
+ 2128 DShield reports 		0.957
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23
15 blacklists 2026-06-07 23:41:14 2026-06-26 20:44:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
81.226.129.67 81-226-129-67-no2662.tbcn.telia.com AS3301
SE 346283
+ 2768 DShield reports 		0.955
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
17 blacklists  22 2026-06-05 13:55:40 2026-06-26 20:45:00
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
91.224.92.17 srv-91-224-92-17.serveroffer.net AS133398
AS209605
GB 3600184
+ 24054 DShield reports 		0.955
src login protocol: ssh
port: 22, 2222
src scan port: 22
src botnet_drone
9 blacklists  3389self-signed, eol-os 2026-06-15 23:49:32 2026-06-26 20:47:20
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.21 -- AS174
US 38956135
+ 278326 DShield reports 		0.955
src scan
src
15 blacklists  22, 123, 500, 9002vpn 2025-06-20 19:12:40 2026-06-26 20:49:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield