Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
185.242.3.195 -- AS60223
AS401626
NL 7307153
+ 159143 DShield reports
+ 1 OTX pulses
0.993
src login protocol: ssh
port: 22, 2222
src scan
8 blacklists  22, 4444scanner 2026-04-13 22:07:13 2026-07-12 02:49:37
193.46.255.86 -- AS47890
RO 18467224
+ 70319 DShield reports
+ 4 OTX pulses
0.990
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
11 blacklists  22, 80, 2000eol-product, scanner 2026-03-11 22:22:32 2026-07-12 02:45:09
2.57.121.25 hosting25.tronicsat.com AS47890
RO 19615183
+ 161933 DShield reports
+ 21 OTX pulses
0.987
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-05 10:37:13 2026-07-12 02:45:09
2.57.121.112 dns112.personaliseplus.com AS47890
RO 18882173
+ 164034 DShield reports
+ 15 OTX pulses
0.987
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
9 blacklists 2025-10-04 21:56:26 2026-07-12 02:40:30
176.53.159.196 -- AS154383
TR 13050152
+ 79743 DShield reports
+ 1 OTX pulses
0.985
src login protocol: ssh
port: 22, 2222
src scan
3 blacklists 2026-07-01 15:29:24 2026-07-12 02:48:29
2.57.122.238 -- AS48090
AS47890
RO 18107224
+ 245267 DShield reports
+ 12 OTX pulses
0.982
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
13 blacklists  80scanner 2025-11-06 15:20:09 2026-07-12 02:50:08
172.235.181.217 prod47client01.academyforinternetresearch.org AS63949
NL 1304894
+ 61029 DShield reports
0.974
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
21 blacklists 2025-04-12 02:01:33 2026-07-12 02:41:13
150.254.160.250 rutherfordium.man.poznan.pl AS9112
PL 3512 0.969
21 blacklists 2026-06-28 09:40:40 2026-07-06 06:43:06
34.34.103.195 195.103.34.34.bc.googleusercontent.com AS396982
NL 77053
+ 88954 DShield reports
0.969
src scan port: 80, 443, 8080, 8443
src
15 blacklists 2026-06-25 09:58:07 2026-07-12 01:28:58
31.132.90.3 -- AS197556
KZ 26424953
+ 46662 DShield reports
0.968
src scan port: 22, 23, 80, 443, 2222, 2375
15 blacklists 2026-06-03 13:16:16 2026-07-12 02:48:29
94.154.35.215 -- AS214943
AS214976
AS202412
NL 110913152
+ 346488 DShield reports
0.965
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  10004, 10007, 10030, 10041, 10051, ... 2026-01-26 15:00:07 2026-07-12 02:39:06
172.235.181.226 prod48client01.academyforinternetresearch.org AS63949
NL 1416464
+ 80858 DShield reports
0.965
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
18 blacklists  22cloud, cdn 2025-04-12 02:01:30 2026-07-12 02:41:12
207.90.244.5 -- AS174
US 35936145
+ 229248 DShield reports
0.960
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
15 blacklists  22, 500, 4500, 9002vpn 2022-12-10 20:58:44 2026-07-12 02:49:19
195.178.110.232 -- AS48090
BG 1582165
+ 45197 DShield reports
+ 4 OTX pulses
0.960
src
src login protocol: ssh
port: 22, 2222
src scan port: 22
10 blacklists 2026-06-24 20:32:22 2026-07-12 02:45:09
207.90.244.25 -- AS174
US 37246115
+ 278852 DShield reports
0.958
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
15 blacklists  22, 123, 500, 4500vpn 2025-04-17 23:19:22 2026-07-12 02:48:25
45.79.120.189 45-79-120-189.ip.linodeusercontent.com AS63949
IN 21320543
+ 2748 DShield reports
0.957
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
16 blacklists 2026-06-27 12:27:30 2026-07-11 15:31:33
93.123.109.107 -- AS48090
AS401116
BG 000
+ 7060 DShield reports
0.957
src scan
20 blacklists  22, 11434ai 2026-07-09 05:01:00 --
125.20.210.182 -- AS9498
IN 145067173
+ 31742 DShield reports
+ 1 OTX pulses
0.953
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
21 blacklists 2026-03-22 10:41:15 2026-07-12 02:51:04
45.153.34.165 -- AS51396
AS197170
NL 6951143
+ 122727 DShield reports
0.953
src login protocol: ssh
port: 22, 2222
src scan port: 22
9 blacklists 2026-06-27 15:55:01 2026-07-12 02:48:48
45.153.34.161 -- AS51396
AS197170
NL 6527133
+ 130491 DShield reports
+ 1 OTX pulses
0.952
src login protocol: ssh
port: 22, 2222
src scan port: 22
10 blacklists 2026-06-27 15:57:23 2026-07-12 02:51:23