Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
193.142.146.230 -- AS208046
AS213438
DE 34146155
+ 351916 DShield reports 		0.850
src scan port: many
src login protocol: ssh, telnet
port: 22, 23, 2222
src
src botnet_drone
src exploit
13 blacklists  22scanner 2025-11-21 21:38:11 2026-04-24 19:19:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
199.30.231.6 pub-netscan.adm.domaintools.net AS17318
US 1354762
+ 18800 DShield reports 		0.840
src scan port: 443
src
1 blacklist 2025-03-22 01:42:45 2026-04-25 11:55:08
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
185.242.226.90 security.criminalip.com AS202425
US 236662
+ 39873 DShield reports 		0.784
src scan port: many
src
5 blacklists 2025-08-15 05:57:46 2026-04-25 11:01:59
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
74.82.47.8 scan-11a.shadowserver.org US 218852
+ 5545 DShield reports 		0.773
src scan port: many
src
2 blacklists  80 2016-07-12 00:44:41 2026-04-25 11:54:27
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
74.82.47.55 scan-10m.shadowserver.org US 230852
+ 5979 DShield reports 		0.765
src scan port: many
src
2 blacklists  80scanner 2016-07-12 03:27:37 2026-04-25 13:04:19
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
184.105.139.88 scan-02e.shadowserver.org US 217852
+ 5556 DShield reports 		0.765
src scan port: many
src
1 blacklist  80scanner 2016-07-12 00:46:40 2026-04-25 10:29:58
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
64.62.156.21 scan-60-11.shadowserver.org AS6939
US 266052
+ 7922 DShield reports 		0.765
src scan port: many
src
6 blacklists  80scanner 2024-04-05 02:52:48 2026-04-25 13:06:54
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
45.205.1.20 -- AS215925
US 925652
+ 48613 DShield reports 		0.761
src scan port: 80, 443, 3000
src
7 blacklists  22scanner 2026-03-20 23:16:38 2026-04-25 02:24:59
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
196.204.71.189 -- AS24835
EG 248132
+ 4947 DShield reports 		0.759
src scan port: 22
src login protocol: ssh
port: 22, 2222
src
4 blacklists  22, 80, 443scanner 2026-03-25 16:27:08 2026-04-25 10:42:22
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
184.105.139.92 scan-02f.shadowserver.org US 207552
+ 5472 DShield reports 		0.758
src scan port: many
src
1 blacklist  80 2016-07-12 02:59:30 2026-04-25 11:58:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
184.105.139.81 scan-03b.shadowserver.org US 222352
+ 5171 DShield reports 		0.758
src scan port: many
src
1 blacklist  80scanner 2016-10-28 04:57:25 2026-04-25 09:27:20
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
46.151.178.13 -- AS211443
NL 1906073
+ 592476 DShield reports 		0.755
src scan port: 443, 17000
src
8 blacklists  22scanner 2026-02-24 22:27:05 2026-04-25 09:09:35
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
64.62.156.134 scan-81-2.shadowserver.org AS6939
US 274473
+ 7034 DShield reports 		0.752
src scan port: many
src
src login protocol: ssh
5 blacklists  80scanner 2025-03-15 00:19:10 2026-04-25 12:12:15
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
64.62.197.3 scan-36b.shadowserver.org AS6939
US 248763
+ 7217 DShield reports 		0.752
src scan port: many
src
src login protocol: ssh
5 blacklists  80scanner 2021-03-24 16:54:08 2026-04-25 13:07:15
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
45.148.10.121 -- AS48090
NL 47169224
+ 681531 DShield reports
+ 25 OTX pulses 		0.743
src scan port: 22, 2222, 8022, 10022, 22222
src login protocol: ssh
port: 22, 2222
src
16 blacklists  22 2025-12-06 02:39:49 2026-04-25 17:41:02
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 34540202
+ 81955 DShield reports
+ 16 OTX pulses 		0.743
src scan port: 22
src login protocol: ssh
port: 22, 2222
src
14 blacklists  22scanner 2025-11-19 15:20:59 2026-04-25 17:42:16
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.46.255.86 hostingmailto239.statics.servermail.org AS47890
RO 7571153
+ 41789 DShield reports 		0.743
src scan port: 22
src login protocol: ssh
port: 22, 2222
src
8 blacklists  22, 80, 2000eol-product, scanner 2026-03-11 22:22:32 2026-04-25 17:37:46
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.159 -- AS208137
DE 20902173
+ 155842 DShield reports
+ 9 OTX pulses 		0.743
src scan port: 22
src login protocol: ssh
port: 22, 2222
src
16 blacklists  3389self-signed 2025-12-30 18:59:58 2026-04-25 17:44:17
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 17472172
+ 159686 DShield reports
+ 24 OTX pulses 		0.743
src scan port: 22
src login protocol: ssh
port: 22, 2222
src
14 blacklists 2025-10-05 10:37:13 2026-04-25 17:39:03
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.112 dns112.personaliseplus.com AS47890
RO 16756172
+ 164743 DShield reports
+ 15 OTX pulses 		0.743
src scan port: 22
src login protocol: ssh
port: 22, 2222
src
14 blacklists 2025-10-04 21:56:26 2026-04-25 17:44:58
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield