Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
176.53.159.196 -- AS154383
TR 16192152
+ 102126 DShield reports
+ 9 OTX pulses
0.998
src login protocol: ssh
port: 22, 2222
src scan
3 blacklists 2026-07-01 15:29:24 2026-07-15 02:49:43
185.242.3.195 -- AS60223
AS401626
NL 8196163
+ 199788 DShield reports
+ 1 OTX pulses
0.992
src login protocol: ssh
port: 22, 2222
src scan
9 blacklists  22, 113, 4444scanner 2026-04-13 22:07:13 2026-07-15 02:44:33
193.46.255.86 -- AS47890
RO 18818224
+ 70171 DShield reports
+ 4 OTX pulses
0.990
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
11 blacklists  22, 80, 2000eol-product, scanner 2026-03-11 22:22:32 2026-07-15 02:49:35
195.178.110.137 -- AS48090
BG 3707184
+ 146804 DShield reports
+ 7 OTX pulses
0.989
src login protocol: ssh
port: 22, 2222
src
src scan port: many
10 blacklists 2026-06-30 14:05:39 2026-07-15 02:27:40
2.57.121.25 hosting25.tronicsat.com AS47890
RO 20082183
+ 160706 DShield reports
+ 20 OTX pulses
0.989
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-05 10:37:13 2026-07-15 02:48:08
2.57.121.112 dns112.personaliseplus.com AS47890
RO 18845173
+ 159293 DShield reports
+ 13 OTX pulses
0.982
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
9 blacklists 2025-10-04 21:56:26 2026-07-15 02:38:02
172.235.168.35 172-235-168-35.ip.linodeusercontent.com AS63949
NL 27502114
+ 79964 DShield reports
0.981
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
src scan port: many
src
22 blacklists 2025-11-14 12:38:00 2026-07-15 02:42:24
2.57.122.238 -- AS48090
AS47890
RO 17781224
+ 246115 DShield reports
+ 14 OTX pulses
0.978
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
13 blacklists  80scanner 2025-11-06 15:20:09 2026-07-15 02:50:16
94.154.35.215 -- AS214943
AS214976
AS202412
NL 114575152
+ 338732 DShield reports
0.977
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  5985, 10004, 10007, 10030, 10041, ... 2026-01-26 15:00:07 2026-07-15 02:41:14
150.254.160.250 rutherfordium.man.poznan.pl AS9112
PL 9414 0.970
src scan port: 21
src exploit protocol: ftp, http, mysql
21 blacklists 2026-06-28 09:40:40 2026-07-13 07:08:12
172.235.181.226 prod48client01.academyforinternetresearch.org AS63949
NL 1417864
+ 87092 DShield reports
0.968
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
18 blacklists  22cloud, cdn 2025-04-12 02:01:30 2026-07-15 02:41:12
2.57.122.209 -- AS48090
AS47890
RO 1241154
+ 36137 DShield reports
+ 1 OTX pulses
0.968
src login protocol: ssh
port: 22, 2222
src
src scan port: 22
9 blacklists 2026-07-01 01:17:15 2026-07-15 02:49:29
34.34.103.195 195.103.34.34.bc.googleusercontent.com AS396982
NL 93253
+ 98393 DShield reports
+ 2 OTX pulses
0.967
src scan port: 80, 443, 8080, 8443
src
15 blacklists 2026-06-25 09:58:07 2026-07-15 02:44:54
92.118.39.49 -- AS48090
AS47890
US 1129144
+ 36234 DShield reports
0.966
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
9 blacklists  22, 25, 80, 443, 8880 2026-06-30 22:55:20 2026-07-14 23:36:56
92.118.39.77 -- AS48090
AS47890
US 1895165
+ 68041 DShield reports
+ 4 OTX pulses
0.965
src login protocol: ssh, telnet
port: 22, 2222
src scan port: 22
src
9 blacklists  22 2026-06-24 19:11:22 2026-07-14 22:55:03
195.178.110.232 -- AS48090
BG 1897165
+ 53788 DShield reports
+ 4 OTX pulses
0.964
src login protocol: ssh
port: 22, 2222
src
src scan port: 22
10 blacklists 2026-06-24 20:32:22 2026-07-15 02:47:48
176.32.193.16 -- AS197834
AM 57405244
+ 109638 DShield reports
+ 12 OTX pulses
0.963
src scan port: many
src login protocol: rdp, redis, ssh, telnet
port: 22, 23, 2222
src
14 blacklists 2026-03-12 10:40:05 2026-07-15 02:50:09
31.132.90.3 -- AS197556
KZ 26615553
+ 51339 DShield reports
0.963
src scan port: 22, 23, 80, 443, 2222, 2375
15 blacklists 2026-06-03 13:16:16 2026-07-15 02:49:29
172.234.162.31 prod52client01.academyforinternetresearch.org AS63949
FR 1373574
+ 85958 DShield reports
0.962
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
21 blacklists  22cloud, cdn 2025-04-12 01:41:30 2026-07-15 02:41:13
195.178.110.227 -- AS48090
BG 1724165
+ 52874 DShield reports
+ 6 OTX pulses
0.961
src login protocol: ssh, telnet
port: 22, 2222
src
src scan port: 22
8 blacklists 2026-06-24 22:08:13 2026-07-14 20:19:46