Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 45068184
+ 514082 DShield reports
+ 17 OTX pulses 		1.000
src login protocol: ssh
port: 22
src scan port: 22, 2222, 3222, 5555, 5858, 8022, 12108, 23445
src
15 blacklists 2025-12-06 02:39:49 2026-03-01 03:00:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.120.22.52 -- AS198953
RU 7267153
+ 155475 DShield reports
+ 26 OTX pulses 		0.998
src login protocol: ssh, telnet
src scan port: many
6 blacklists 2026-01-16 11:03:58 2026-03-01 02:58:45
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
37.77.150.119 -- AS198953
RU 12908133
+ 66099 DShield reports 		0.998
src login protocol: ssh
port: 22
src scan
4 blacklists 2026-02-08 15:37:29 2026-03-01 03:14:27
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 12027163
+ 106503 DShield reports
+ 18 OTX pulses 		0.997
src login protocol: ssh
src scan port: 22
12 blacklists 2025-10-05 10:37:13 2026-02-28 20:54:38
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 13235162
+ 87780 DShield reports
+ 10 OTX pulses 		0.997
src scan port: 22
src login protocol: ssh
12 blacklists  22 2025-11-19 15:20:59 2026-03-01 03:13:40
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
64.89.160.135 -- AS205759
6896142
+ 1604 DShield reports
+ 10 OTX pulses 		0.995
src scan
src login protocol: ssh
5 blacklists 2026-01-27 01:07:37 2026-03-01 03:13:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.56 -- AS48090
AS47890
US 11379153
+ 205518 DShield reports
+ 8 OTX pulses 		0.994
src scan port: 22
src login protocol: ssh
port: 22
14 blacklists  22scanner 2025-06-06 22:18:48 2026-03-01 03:13:47
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.171 -- AS48090
AS47890
RO 11090153
+ 194744 DShield reports
+ 10 OTX pulses 		0.992
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists  22scanner 2025-11-19 15:20:59 2026-03-01 02:57:02
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.72 -- AS48090
AS47890
US 10386152
+ 218299 DShield reports
+ 115 OTX pulses 		0.990
src scan port: 22
src login protocol: ssh
15 blacklists  22scanner 2025-01-05 11:23:47 2026-03-01 03:14:19
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 4841154
+ 150001 DShield reports
+ 1 OTX pulses 		0.989
src scan port: 22
src login protocol: ssh
port: 22
src
16 blacklists  22scanner 2025-11-06 15:20:09 2026-03-01 03:13:47
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
31.170.22.206 -- AS43513
LV 9245102
+ 7524 DShield reports 		0.988
src login protocol: ssh
port: 22
src scan
1 blacklist 2026-02-04 13:49:55 2026-03-01 03:08:52
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
94.154.35.215 -- AS214943
AS214976
AS202412
NL 21121102
+ 13607 DShield reports 		0.984
src login protocol: ssh
port: 22
src scan
3 blacklists  135, 137, 139, 445, 5985, ... 2026-01-26 15:00:07 2026-03-01 03:00:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.76 -- AS48090
AS47890
US 10716153
+ 15815 DShield reports
+ 6 OTX pulses 		0.984
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists  22scanner 2025-11-30 15:21:07 2026-03-01 03:13:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
149.100.11.243 -- AS174
ES 9316173
+ 17638 DShield reports
+ 9 OTX pulses 		0.980
src login protocol: rdp, ssh, telnet
src scan port: 22, 23, 80, 2222, 3389
src
7 blacklists  22, 80scanner, eol-product 2025-04-23 18:49:59 2026-03-01 03:07:04
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.158 -- AS208137
DE 13849155
+ 113578 DShield reports
+ 5 OTX pulses 		0.979
src scan port: 22
src login protocol: ssh
port: 22
src
16 blacklists  22scanner 2025-12-29 18:58:08 2026-03-01 03:10:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.145 -- AS47890
RO 11443184
+ 130179 DShield reports
+ 3 OTX pulses 		0.977
src scan port: 22
src login protocol: ssh
port: 22
16 blacklists  22scanner 2025-06-06 07:36:57 2026-03-01 03:14:25
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
179.43.133.154 hostedby.privatelayer.com AS51852
CH 22484102
+ 69220 DShield reports 		0.969
src login protocol: ssh
port: 22
src scan
1 blacklist  135, 137, 445, 5985, 10000, ... 2025-09-02 11:59:39 2026-03-01 03:11:58
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.25 -- AS174
US 41412105
+ 189952 DShield reports 		0.967
src scan
src
src login protocol: ftp, ssh
port: 21
src exploit protocol: ftp
12 blacklists  22, 123, 500, 4500, 9002vpn 2025-04-17 23:19:22 2026-03-01 03:12:09
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.27 -- AS174
US 4171295
+ 189816 DShield reports 		0.967
src scan
src
src login protocol: ftp, ssh
port: 21
src exploit protocol: ftp
11 blacklists  22, 123, 500, 4500, 9002vpn 2025-04-17 23:25:56 2026-03-01 03:10:48
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.95 -- AS48090
AS47890
US 14978163
+ 134208 DShield reports
+ 5 OTX pulses 		0.967
src scan port: 22
src login protocol: ssh
port: 22
16 blacklists 2025-04-16 06:10:40 2026-03-01 02:20:06
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield