Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
176.53.159.196 -- AS154383
TR 19496152
+ 121384 DShield reports
+ 12 OTX pulses
0.998
src login protocol: ssh
port: 22, 2222
src scan
3 blacklists 2026-07-01 15:29:24 2026-07-18 04:22:18
195.178.110.137 -- AS48090
BG 4761184
+ 206925 DShield reports
+ 9 OTX pulses
0.995
src login protocol: ssh
port: 22, 2222
src scan port: many
src
10 blacklists 2026-06-30 14:05:39 2026-07-18 03:51:31
185.242.3.195 -- AS60223
AS401626
NL 8761163
+ 215346 DShield reports
+ 1 OTX pulses
0.993
src login protocol: ssh
port: 22, 2222
src scan
9 blacklists  22, 113, 4444scanner 2026-04-13 22:07:13 2026-07-18 04:22:18
193.46.255.86 -- AS47890
RO 19193224
+ 70860 DShield reports
+ 4 OTX pulses
0.991
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
11 blacklists  22, 80, 2000scanner 2026-03-11 22:22:32 2026-07-18 04:21:40
2.57.121.25 hosting25.tronicsat.com AS47890
RO 20185183
+ 156466 DShield reports
+ 18 OTX pulses
0.990
src login protocol: ssh
port: 22, 2222
src scan port: 22
8 blacklists 2025-10-05 10:37:13 2026-07-18 04:19:07
172.235.168.35 172-235-168-35.ip.linodeusercontent.com AS63949
NL 27837114
+ 80049 DShield reports
0.986
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
src
22 blacklists  22cloud, cdn 2025-11-14 12:38:00 2026-07-18 04:20:59
2.57.121.112 dns112.personaliseplus.com AS47890
RO 18657173
+ 153550 DShield reports
+ 11 OTX pulses
0.984
src login protocol: ssh
port: 22, 2222
src scan port: 22
9 blacklists 2025-10-04 21:56:26 2026-07-18 04:12:15
2.57.122.238 -- AS48090
AS47890
RO 17665224
+ 249598 DShield reports
+ 13 OTX pulses
0.984
src login protocol: ssh
port: 22, 2222
src
src scan port: 22
13 blacklists  80scanner 2025-11-06 15:20:09 2026-07-18 04:19:30
172.234.162.31 prod52client01.academyforinternetresearch.org AS63949
FR 1388974
+ 88334 DShield reports
0.981
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
22 blacklists  22cloud, cdn 2025-04-12 01:41:30 2026-07-18 04:11:14
172.235.181.226 prod48client01.academyforinternetresearch.org AS63949
NL 1423364
+ 89512 DShield reports
0.974
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
18 blacklists  22cloud, cdn 2025-04-12 02:01:30 2026-07-18 04:21:02
101.36.104.242 -- AS135377
JP 1715453113
+ 50576 DShield reports
+ 1 OTX pulses
0.973
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
23 blacklists 2025-11-14 22:40:24 2026-07-18 04:23:10
45.63.4.69 45.63.4.69.vultrusercontent.com AS20473
US 11313133
+ 23405 DShield reports
+ 3 OTX pulses
0.969
src scan port: 22, 80, 443, 1080, 1337, 3389, 4153, 8080
src
src login protocol: ssh
port: 22, 2222
9 blacklists 2026-06-05 19:52:10 2026-07-18 04:23:09
176.32.193.16 -- AS197834
AM 56962244
+ 109085 DShield reports
+ 12 OTX pulses
0.967
src scan port: many
src login protocol: rdp, redis, ssh
port: 22, 2222
14 blacklists 2026-03-12 10:40:05 2026-07-18 04:21:39
192.248.150.180 192.248.150.180.vultrusercontent.com AS20473
GB 10874133
+ 25905 DShield reports
+ 2 OTX pulses
0.966
src scan port: 22, 80, 443, 1080, 1337, 3389, 4153, 8080
src
src login protocol: ssh
port: 22, 2222
8 blacklists 2026-06-05 20:15:01 2026-07-18 04:21:49
207.90.244.25 -- AS174
US 36843105
+ 278875 DShield reports
0.965
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
16 blacklists  22, 123, 500, 4500vpn 2025-04-17 23:19:22 2026-07-18 04:21:59
150.254.160.250 rutherfordium.man.poznan.pl AS9112
PL 9414 0.964
src scan port: 21
src exploit protocol: ftp, http, mysql
21 blacklists 2026-06-28 09:40:40 2026-07-13 07:08:12
31.132.90.3 -- AS197556
KZ 26758153
+ 56766 DShield reports
0.963
src scan port: 22, 23, 80, 443, 2222, 2375
15 blacklists 2026-06-03 13:16:16 2026-07-18 04:18:59
172.104.241.98 prod50client01.academyforinternetresearch.org AS63949
DE 1288174
+ 97216 DShield reports
0.960
src scan port: many
src login protocol: http, ssh, telnet
port: 22, 23, 80, 2222
21 blacklists  22cloud 2025-04-12 02:31:32 2026-07-18 04:21:02
207.90.244.5 -- AS174
US 35251135
+ 228296 DShield reports
0.960
src scan
src
src login protocol: ftp, ssh
port: 21, 22, 2222
15 blacklists  22, 500, 4500, 9002vpn 2022-12-10 20:58:44 2026-07-18 04:22:20
152.32.174.171 -- AS135377
HK 10432193
+ 8110 DShield reports
0.959
src scan port: 22, 23, 80, 443, 2222, 2375
src login protocol: ssh, telnet
port: 22, 23, 2222
18 blacklists 2026-05-13 17:34:06 2026-07-18 03:58:06