Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 40803224
+ 837765 DShield reports
+ 57 OTX pulses
0.999
src login protocol: ssh
port: 22, 2222
src scan port: 22, 2222, 8022, 10022, 22222
src
12 blacklists  22scanner 2025-12-06 02:39:49 2026-07-05 17:24:27
2.57.121.25 hosting25.tronicsat.com AS47890
RO 19271183
+ 173599 DShield reports
+ 27 OTX pulses
0.985
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists 2025-10-05 10:37:13 2026-07-05 23:29:50
193.46.255.86 -- AS47890
RO 16774224
+ 69674 DShield reports
+ 4 OTX pulses
0.984
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
10 blacklists  22, 80, 2000scanner, eol-product 2026-03-11 22:22:32 2026-07-05 23:42:47
2.57.121.112 dns112.personaliseplus.com AS47890
RO 19000173
+ 178157 DShield reports
+ 19 OTX pulses
0.982
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
9 blacklists 2025-10-04 21:56:26 2026-07-05 23:44:10
172.235.181.217 prod47client01.academyforinternetresearch.org AS63949
NL 1270794
+ 57930 DShield reports
0.973
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
21 blacklists 2025-04-12 02:01:33 2026-07-05 23:41:13
31.132.90.3 -- AS197556
KZ 26053253
+ 37205 DShield reports
0.970
src scan port: 22, 23, 80, 443, 2222, 2375
15 blacklists 2026-06-03 13:16:16 2026-07-05 23:46:29
150.254.160.250 rutherfordium.man.poznan.pl AS9112
PL 1712 0.969
20 blacklists 2026-06-28 09:40:40 2026-06-29 06:26:57
193.32.162.84 -- AS47890
RO 1134155
+ 31079 DShield reports
0.969
src login protocol: ssh
port: 22, 2222
src
src scan port: 22
11 blacklists 2026-06-22 16:36:38 2026-07-05 23:42:47
94.154.35.215 -- AS214943
AS214976
AS202412
NL 112201152
+ 361670 DShield reports
0.969
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  10004, 10030, 10051, 10089, 10181, ... 2026-01-26 15:00:07 2026-07-05 23:38:53
89.23.113.208 154851.ip-ptr.tech AS207713
RU 5351174
+ 3335 DShield reports
+ 1 OTX pulses
0.968
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
17 blacklists 2026-05-23 22:12:10 2026-07-05 23:34:42
207.90.244.21 -- AS174
US 39255135
+ 282741 DShield reports
0.965
src scan
src
14 blacklists  22, 123, 500, 4500, 9002vpn 2025-06-20 19:12:40 2026-07-05 23:44:29
176.32.193.16 -- AS197834
AM 57639234
+ 111732 DShield reports
+ 10 OTX pulses
0.960
src scan port: many
src login protocol: rdp, redis, ssh, telnet
port: 22, 23, 2222
src
15 blacklists 2026-03-12 10:40:05 2026-07-05 23:45:09
34.34.103.195 195.103.34.34.bc.googleusercontent.com AS396982
NL 44453
+ 70900 DShield reports
0.960
src scan port: 80, 443, 8080, 8443
src
15 blacklists 2026-06-25 09:58:07 2026-07-05 23:44:05
195.178.110.232 -- AS48090
BG 910155
+ 23585 DShield reports
+ 4 OTX pulses
0.959
src login protocol: ssh, telnet
port: 22, 2222
src
src scan port: 22
9 blacklists 2026-06-24 20:32:22 2026-07-05 23:07:21
91.92.33.248 -- AS207043
DE 83542
+ 130457 DShield reports
0.957
src scan port: 80, 443, 8080, 8443
src
17 blacklists  22, 443, 1337self-signed 2026-06-23 14:52:59 2026-07-05 23:30:51
178.16.54.226 -- AS209800
AS214943
AS214976
AS202412
NL 26448162
+ 74563 DShield reports
0.955
src login protocol: ssh
port: 22, 2222
src scan
5 blacklists  137, 5985, 10001, 10009, 10021, ... 2026-02-02 12:45:30 2026-07-05 23:09:42
207.90.244.25 -- AS174
US 37216125
+ 274858 DShield reports
0.954
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
14 blacklists  22, 123, 500, 4500vpn 2025-04-17 23:19:22 2026-07-05 23:46:49
87.58.199.37 -- AS18450
NL 59842
+ 49987 DShield reports
0.953
src scan port: 80, 443, 3000, 5000, 8000, 8080, 8443, 9000
src
15 blacklists 2026-06-22 15:20:35 2026-07-05 22:10:39
125.20.210.182 -- AS9498
IN 312192173
+ 30961 DShield reports
+ 1 OTX pulses
0.953
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
21 blacklists 2026-03-22 10:41:15 2026-07-05 23:05:15
101.36.104.242 -- AS135377
JP 1804427103
+ 53488 DShield reports
+ 3 OTX pulses
0.952
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
23 blacklists 2025-11-14 22:40:24 2026-07-05 23:47:59