Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 35076174
+ 468694 DShield reports
+ 9 OTX pulses 		1.000
src login protocol: ssh
port: 22
src scan port: 22, 2222, 8022, 51922
src
15 blacklists 2025-12-06 02:39:49 2026-02-13 12:40:23
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 10323163
+ 116185 DShield reports
+ 7 OTX pulses 		0.999
src login protocol: ssh
src scan port: 22
10 blacklists 2025-10-05 10:37:13 2026-02-13 12:40:23
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
91.215.85.88 -- AS200593
RU 104749152
+ 1732349 DShield reports 		0.998
src login protocol: ssh
port: 22
5 blacklists  135, 137, 5985, 50100 2025-11-14 08:31:47 2026-02-13 12:40:23
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.120.22.52 -- AS198953
RU 4019132
+ 92792 DShield reports
+ 11 OTX pulses 		0.998
src login protocol: ssh
src scan port: many
6 blacklists 2026-01-16 11:03:58 2026-02-13 12:35:23
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.159 -- AS208137
DE 11314143
+ 74626 DShield reports
+ 5 OTX pulses 		0.995
src login protocol: ssh
port: 22
src scan port: 22
11 blacklists  3389self-signed 2025-12-30 18:59:58 2026-02-13 12:40:23
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 7100142
+ 95264 DShield reports
+ 2 OTX pulses 		0.994
src login protocol: ssh
src scan port: 22
12 blacklists  22 2025-11-19 15:20:59 2026-02-13 12:35:41
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.171 -- AS48090
AS47890
RO 6120143
+ 226475 DShield reports
+ 4 OTX pulses 		0.992
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists  22scanner 2025-11-19 15:20:59 2026-02-13 12:39:49
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.56 -- AS48090
AS47890
US 6433143
+ 340154 DShield reports
+ 5 OTX pulses 		0.992
src scan port: 22
src login protocol: ssh
port: 22
14 blacklists  22scanner 2025-06-06 22:18:48 2026-02-13 12:41:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 2622144
+ 183708 DShield reports 		0.991
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  22, 80scanner 2025-11-06 15:20:09 2026-02-13 12:29:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.72 -- AS48090
AS47890
US 5862142
+ 352809 DShield reports
+ 121 OTX pulses 		0.987
src login protocol: ssh
src scan port: 22
15 blacklists  22scanner 2025-01-05 11:23:47 2026-02-13 12:28:00
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.95 -- AS48090
AS47890
US 14394183
+ 165582 DShield reports
+ 4 OTX pulses 		0.982
src scan port: 22
src login protocol: ssh
port: 22
16 blacklists 2025-04-16 06:10:40 2026-02-13 12:39:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
94.154.35.215 -- AS214943
AS214976
AS202412
NL 1316792 0.982
src login protocol: ssh
port: 22
3 blacklists  135, 137, 139, 445, 5985, ... 2026-01-26 15:00:07 2026-02-13 12:40:35
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
147.139.164.196 -- AS45102
ID 2505113
+ 9036 DShield reports
+ 2 OTX pulses 		0.981
src login protocol: ssh
src scan port: 22
src
5 blacklists  21, 22, 80, 443, 3306eol-product, database, self-signed, cloud 2024-10-17 09:08:32 2026-02-13 11:35:13
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
179.43.133.154 hostedby.privatelayer.com AS51852
CH 21691102
+ 77405 DShield reports 		0.981
src login protocol: ssh
port: 22
1 blacklist  135, 137, 445, 5985, 10000, ... 2025-09-02 11:59:39 2026-02-13 11:15:12
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.145 -- AS47890
RO 10880194
+ 160858 DShield reports
+ 1 OTX pulses 		0.976
src login protocol: ssh
port: 22
src scan port: 22
16 blacklists  22scanner 2025-06-06 07:36:57 2026-02-13 12:26:32
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
104.248.242.212 -- AS14061
DE 812103
+ 2884 DShield reports
+ 4 OTX pulses 		0.967
src login protocol: ssh
src scan port: 22
src
4 blacklists  22cloud 2026-01-04 12:41:38 2026-02-13 11:55:54
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
149.100.11.243 -- AS174
ES 8026183
+ 24525 DShield reports
+ 6 OTX pulses 		0.965
src login protocol: ssh, telnet
src scan port: 22, 23, 80, 2222, 3389
src
7 blacklists  80eol-product, scanner 2025-04-23 18:49:59 2026-02-13 12:01:35
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.184 -- AS48090
AS47890
RO 7117163
+ 82289 DShield reports
+ 2 OTX pulses 		0.964
src login protocol: ssh
port: 22
src scan port: 22
15 blacklists  22scanner 2025-11-19 14:33:30 2026-02-13 11:03:11
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
45.91.64.6 -- AS214664
RU 23233225
+ 46049 DShield reports
+ 7 OTX pulses 		0.962
src login protocol: ftp, ssh, telnet
port: 21
src scan port: many
src
13 blacklists 2025-12-18 12:59:28 2026-02-13 12:40:50
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
130.12.180.51 -- AS214943
AS202412
US 3403133
+ 21151 DShield reports 		0.961
src botnet_drone
src login protocol: ssh
port: 22
dst malware_distribution
4 blacklists  22 2025-12-20 07:34:46 2026-02-13 12:15:22
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield