Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 34289174
+ 468694 DShield reports
+ 8 OTX pulses
1.000
src login protocol: ssh
port: 22
src scan port: 22, 2222, 8022, 51922
15 blacklists 2025-12-06 02:39:49 2026-02-12 09:48:33
91.215.85.88 -- AS200593
RU 103852152
+ 1746647 DShield reports
0.998
src login protocol: ssh
port: 22
5 blacklists  135, 137, 5985, 50100 2025-11-14 08:31:47 2026-02-12 09:45:39
176.120.22.52 -- AS198953
RU 3802132
+ 92792 DShield reports
+ 10 OTX pulses
0.998
src login protocol: ssh
src scan port: many
6 blacklists 2026-01-16 11:03:58 2026-02-12 09:40:07
80.94.92.168 -- AS48090
AS47890
RO 6629142
+ 95264 DShield reports
+ 2 OTX pulses
0.997
src login protocol: ssh
src scan port: 22
12 blacklists  22 2025-11-19 15:20:59 2026-02-12 09:46:28
213.209.159.159 -- AS208137
DE 10841143
+ 74626 DShield reports
+ 5 OTX pulses
0.995
src login protocol: ssh
port: 22
src scan port: 22
11 blacklists  3389self-signed 2025-12-30 18:59:58 2026-02-12 09:48:10
92.118.39.56 -- AS48090
AS47890
US 6031143
+ 344448 DShield reports
+ 5 OTX pulses
0.994
src scan port: 22
src login protocol: ssh
port: 22
14 blacklists  22scanner 2025-06-06 22:18:48 2026-02-12 09:48:33
2.57.121.25 hosting25.tronicsat.com AS47890
RO 10387163
+ 121424 DShield reports
+ 7 OTX pulses
0.994
src login protocol: ssh
src scan port: 22
10 blacklists 2025-10-05 10:37:13 2026-02-12 09:45:39
80.94.92.171 -- AS48090
AS47890
RO 5737143
+ 226475 DShield reports
+ 4 OTX pulses
0.990
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists  22scanner 2025-11-19 15:20:59 2026-02-12 09:47:36
2.57.122.238 -- AS48090
AS47890
RO 2423144
+ 183708 DShield reports
0.989
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  22, 80scanner 2025-11-06 15:20:09 2026-02-12 09:08:09
94.154.35.215 -- AS214943
AS214976
AS202412
NL 1270592 0.984
src login protocol: ssh
port: 22
3 blacklists  135, 137, 139, 445, 5985, ... 2026-01-26 15:00:07 2026-02-12 09:38:19
213.209.159.158 -- AS208137
DE 9681145
+ 89962 DShield reports
+ 2 OTX pulses
0.983
src login protocol: ssh
port: 22
src scan port: 22
src
15 blacklists  22scanner 2025-12-29 18:58:08 2026-02-12 09:46:59
179.43.133.154 hostedby.privatelayer.com AS51852
CH 21483102
+ 77578 DShield reports
0.983
src login protocol: ssh
port: 22
1 blacklist  135, 137, 445, 5985, 10000, ... 2025-09-02 11:59:39 2026-02-12 08:48:13
92.118.39.95 -- AS48090
AS47890
US 14155183
+ 166091 DShield reports
+ 4 OTX pulses
0.983
src scan port: 22
src login protocol: ssh
port: 22
16 blacklists 2025-04-16 06:10:40 2026-02-12 09:09:19
92.118.39.72 -- AS48090
AS47890
US 5472142
+ 360588 DShield reports
+ 123 OTX pulses
0.982
src login protocol: ssh
src scan port: 22
15 blacklists  22scanner 2025-01-05 11:23:47 2026-02-12 09:48:49
193.32.162.145 -- AS47890
RO 10777194
+ 161186 DShield reports
+ 1 OTX pulses
0.981
src login protocol: ssh
port: 22
src scan port: 22
16 blacklists  22scanner 2025-06-06 07:36:57 2026-02-12 08:49:45
185.246.130.20 -- AS42237
SE 3021122
+ 56423 DShield reports
0.981
src login protocol: ssh
port: 22
8 blacklists  135, 137, 139, 3306, 5985, ...database 2024-10-29 11:05:11 2026-02-12 09:06:10
147.139.164.196 -- AS45102
ID 2475113
+ 9201 DShield reports
+ 1 OTX pulses
0.977
src scan port: 22
src login protocol: ssh
5 blacklists  21, 22, 80, 443, 3306eol-product, database, self-signed, cloud 2024-10-17 09:08:32 2026-02-12 07:34:44
80.94.92.182 -- AS48090
AS47890
RO 16364194
+ 75710 DShield reports
+ 1 OTX pulses
0.971
src scan port: 22
src login protocol: ssh
port: 22
15 blacklists 2025-11-18 16:26:32 2026-02-12 07:51:13
176.65.148.29 176.65.148.29.ptr.pfcloud.network AS51396
NL 795351
+ 149437 DShield reports
0.968
src scan port: 8332, 8545
4 blacklists 2026-01-08 22:28:08 2026-02-12 09:03:01
149.100.11.243 -- AS174
ES 7914183
+ 25216 DShield reports
+ 6 OTX pulses
0.964
src login protocol: ssh, telnet
src scan port: 22, 23, 80, 2222, 3389
src
7 blacklists  80eol-product, scanner 2025-04-23 18:49:59 2026-02-12 09:45:19