Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 34005174
+ 468694 DShield reports
+ 8 OTX pulses 		1.000
src login protocol: ssh
port: 22
src scan port: 22, 2222, 8022, 51922
15 blacklists 2025-12-06 02:39:49 2026-02-12 02:19:03
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
91.215.85.88 -- AS200593
RU 103287152
+ 1746647 DShield reports 		0.998
src login protocol: ssh
port: 22
5 blacklists  135, 137, 5985, 50100 2025-11-14 08:31:47 2026-02-12 02:22:25
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.120.22.52 -- AS198953
RU 3745132
+ 92792 DShield reports
+ 10 OTX pulses 		0.998
src login protocol: ssh
src scan port: many
6 blacklists 2026-01-16 11:03:58 2026-02-12 02:18:45
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.159 -- AS208137
DE 10678143
+ 74626 DShield reports
+ 5 OTX pulses 		0.995
src login protocol: ssh
port: 22
src scan port: 22
11 blacklists  3389self-signed 2025-12-30 18:59:58 2026-02-12 02:19:03
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 6504142
+ 95264 DShield reports
+ 2 OTX pulses 		0.994
src login protocol: ssh
src scan port: 22
12 blacklists  22 2025-11-19 15:20:59 2026-02-12 02:19:27
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 10319163
+ 121424 DShield reports
+ 7 OTX pulses 		0.994
src login protocol: ssh
src scan port: 22
10 blacklists 2025-10-05 10:37:13 2026-02-12 02:15:22
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.56 -- AS48090
AS47890
US 5914143
+ 344448 DShield reports
+ 5 OTX pulses 		0.991
src scan port: 22
src login protocol: ssh
port: 22
14 blacklists  22scanner 2025-06-06 22:18:48 2026-02-12 02:19:03
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 2403144
+ 183708 DShield reports 		0.989
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  22, 80scanner 2025-11-06 15:20:09 2026-02-12 02:16:46
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
94.154.35.215 -- AS214943
AS214976
AS202412
NL 1254092 0.984
src login protocol: ssh
port: 22
3 blacklists  135, 137, 139, 445, 5985, ... 2026-01-26 15:00:07 2026-02-12 02:22:14
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.171 -- AS48090
AS47890
RO 5634143
+ 226475 DShield reports
+ 4 OTX pulses 		0.984
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists  22scanner 2025-11-19 15:20:59 2026-02-12 02:22:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.95 -- AS48090
AS47890
US 14182183
+ 166637 DShield reports
+ 4 OTX pulses 		0.983
src scan port: 22
src login protocol: ssh
port: 22
16 blacklists 2025-04-16 06:10:40 2026-02-12 02:20:20
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.72 -- AS48090
AS47890
US 5379142
+ 360588 DShield reports
+ 123 OTX pulses 		0.982
src login protocol: ssh
src scan port: 22
15 blacklists  22scanner 2025-01-05 11:23:47 2026-02-12 02:19:30
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
147.139.164.196 -- AS45102
ID 2481113
+ 9398 DShield reports
+ 1 OTX pulses 		0.982
src scan
src login protocol: ssh
5 blacklists  21, 22, 80, 443, 3306database, eol-product, self-signed, cloud 2024-10-17 09:08:32 2026-02-11 19:27:38
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.145 -- AS47890
RO 10775194
+ 161498 DShield reports
+ 1 OTX pulses 		0.977
src login protocol: ssh
port: 22
src scan port: 22
17 blacklists  22scanner 2025-06-06 07:36:57 2026-02-12 02:19:03
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
179.43.133.154 hostedby.privatelayer.com AS51852
CH 21461102
+ 77578 DShield reports 		0.976
src login protocol: ssh
port: 22
1 blacklist  135, 137, 445, 5985, 10000, ... 2025-09-02 11:59:39 2026-02-12 02:12:07
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.158 -- AS208137
DE 9586145
+ 89962 DShield reports
+ 2 OTX pulses 		0.969
src login protocol: ssh
port: 22
src scan port: 22
src
15 blacklists  22scanner 2025-12-29 18:58:08 2026-02-12 02:22:19
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.182 -- AS48090
AS47890
RO 16323194
+ 75710 DShield reports
+ 1 OTX pulses 		0.967
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists 2025-11-18 16:26:32 2026-02-12 01:20:46
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
130.12.180.51 -- AS214943
US 3205133
+ 21151 DShield reports 		0.957
src botnet_drone
src login protocol: ssh
port: 22
4 blacklists  22 2025-12-20 07:34:46 2026-02-11 20:57:52
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.20 -- AS174
US 40196105
+ 214678 DShield reports 		0.956
src scan
src
src login protocol: ftp
port: 21
11 blacklists  22, 123, 500, 9002vpn 2025-04-17 23:01:18 2026-02-12 02:21:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.25 -- AS174
US 40026105
+ 218596 DShield reports 		0.955
src scan
src
src login protocol: ftp
port: 21
10 blacklists  22, 123, 4500, 9002vpn 2025-04-17 23:19:22 2026-02-12 02:21:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield