Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 47897214
+ 615098 DShield reports
+ 25 OTX pulses 		1.000
src login protocol: ssh
port: 22
src scan port: 22, 2222, 8022
src
17 blacklists  22scanner 2025-12-06 02:39:49 2026-03-21 19:58:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 21367182
+ 84350 DShield reports
+ 16 OTX pulses 		0.999
src login protocol: ssh
src scan port: 22
src
12 blacklists  22scanner 2025-11-19 15:20:59 2026-03-21 19:57:20
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
37.77.150.119 -- AS198953
RU 32165163
+ 275874 DShield reports 		0.999
src login protocol: ssh
port: 22
src scan
src
4 blacklists 2026-02-08 15:37:29 2026-03-21 19:59:51
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
77.90.185.17 -- AS215476
AS213790
DE 5946122
+ 54222 DShield reports
+ 10 OTX pulses 		0.999
src login protocol: ssh
port: 22
src scan
src
6 blacklists  22, 111 2026-02-22 04:51:32 2026-03-21 19:16:10
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
213.209.159.159 -- AS208137
DE 19716163
+ 142024 DShield reports
+ 9 OTX pulses 		0.999
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  3389self-signed 2025-12-30 18:59:58 2026-03-21 19:58:01
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.95.118 -- AS204428
RO 1600122
+ 17698 DShield reports
+ 5 OTX pulses 		0.998
src login protocol: ssh
port: 22
src scan
src
4 blacklists  53, 111, 3128 2026-02-22 04:52:44 2026-03-21 18:07:07
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.76 -- AS48090
AS47890
US 17775184
+ 55330 DShield reports
+ 11 OTX pulses 		0.998
src login protocol: ssh
port: 22
src scan port: 22
src
17 blacklists  22scanner 2025-11-30 15:21:07 2026-03-21 19:59:51
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.171 -- AS48090
AS47890
RO 17511173
+ 172883 DShield reports
+ 10 OTX pulses 		0.998
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  22scanner 2025-11-19 15:20:59 2026-03-21 19:58:11
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.56 -- AS48090
AS47890
US 17870173
+ 149373 DShield reports
+ 12 OTX pulses 		0.997
src login protocol: ssh
port: 22
src scan port: 22
src
15 blacklists  22scanner 2025-06-06 22:18:48 2026-03-21 19:42:43
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
78.128.112.74 ip-112-74.4vendeta.com AS202325
AS208637
BG 2944154
+ 87648 DShield reports
+ 1 OTX pulses 		0.996
src scan port: 22
src login protocol: ssh, telnet
port: 22
src
14 blacklists  22scanner 2025-05-28 12:16:17 2026-03-21 19:54:47
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.72 -- AS48090
AS47890
US 16320172
+ 148468 DShield reports
+ 102 OTX pulses 		0.995
src login protocol: ssh
src scan port: 22
src
17 blacklists  22scanner 2025-01-05 11:23:47 2026-03-21 19:58:01
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 7899194
+ 170735 DShield reports
+ 4 OTX pulses 		0.995
src login protocol: ssh
port: 22
src
src scan port: 22
16 blacklists  22scanner 2025-11-06 15:20:09 2026-03-21 19:57:45
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
94.154.35.215 -- AS214943
AS214976
AS202412
NL 48430112
+ 160408 DShield reports 		0.994
src login protocol: ssh
port: 22
src scan
src
3 blacklists  135, 137, 139, 445, 5985, ... 2026-01-26 15:00:07 2026-03-21 19:47:13
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
178.16.54.226 -- AS209800
AS214943
AS214976
AS202412
NL 4299102
+ 31915 DShield reports 		0.994
src login protocol: ssh
port: 22
src scan
src
3 blacklists  111, 135, 137, 445, 5985, ... 2026-02-02 12:45:30 2026-03-21 19:58:14
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
179.43.133.154 hostedby.privatelayer.com AS51852
CH 46075112
+ 138594 DShield reports 		0.991
src login protocol: ssh
port: 22
src scan
src
1 blacklist  135, 137, 445, 5985, 10000, ... 2025-09-02 11:59:39 2026-03-21 19:59:31
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.145 -- AS47890
RO 12626183
+ 132025 DShield reports
+ 4 OTX pulses 		0.990
src login protocol: ssh
port: 22
src scan port: 22
src
17 blacklists  22scanner 2025-06-06 07:36:57 2026-03-21 19:28:38
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
130.12.180.51 -- AS214943
AS202412
US 7155153
+ 42644 DShield reports 		0.989
src botnet_drone
src login protocol: ssh
port: 22
src scan
dst malware_distribution
src
4 blacklists  22, 80, 443eol-product 2025-12-20 07:34:46 2026-03-21 19:43:27
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
92.118.39.95 -- AS48090
AS47890
US 15677183
+ 143569 DShield reports
+ 6 OTX pulses 		0.986
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists  22scanner 2025-04-16 06:10:40 2026-03-21 19:15:53
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
170.64.167.72 -- AS14061
AU 298792
+ 9325 DShield reports
+ 95 OTX pulses 		0.983
src scan
src login protocol: ssh
src
6 blacklists  22, 80cloud 2023-12-26 07:17:30 2026-03-21 19:03:22
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.186 -- AS48090
AS47890
RO 11745173
+ 94078 DShield reports
+ 4 OTX pulses 		0.982
src login protocol: ssh
port: 22
src scan port: 22
src
16 blacklists 2025-11-18 16:25:46 2026-03-21 19:56:07
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield