Search IP addresses by ...

IP prefix
IPv4 prefix/subnet in CIDR format.
Hostname suffix
Suffix of the hostname associated with the IP address. Can be used to search all hosts under given (sub)domain.
ASN
Autonomous system number. Enter as "1234" or "AS1234”.
Country
Code of the country the IP address is probably located in (according to MaxMind database).
Source
Select IP addresses for which there are data (alerts, events, ...) from given primary data source(s).
OR
AND
Event category
Select IP addresses with Warden alerts of given category.
OR
AND
Blacklist
Select IP addresses listed on given blacklist(s).
OR
AND
Tag
Select IP addresses with given tag(s).
OR
AND

Threat category

Role
Select IP addresses with threat category records matching the selected role.
Category
Select IP addresses with threat category records matching the selected category.
OR
AND
Subcategory
Select IP addresses with threat category records matching the selected subcategory.
=
Confidence
Minimum category confidence.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses
IP addresses
Paste any text containing IPv4 addresses or prefixes in CIDR format. Search will return all addresses in NERD matching any of your addresses or prefixes.

Sorting options

Sort by
Order
DESC
ASC
Max. number of addresses

Results (≥20≥20)

IP address Hostname ASN Country Events Rep.(?) Threat category Other properties Time added Last activity Links
45.148.10.121 -- AS48090
NL 45183224
+ 753665 DShield reports
+ 29 OTX pulses 		1.000
src login protocol: ssh
port: 22, 2222
src scan port: 22, 2222, 8022, 10022, 22222
src
15 blacklists  22 2025-12-06 02:39:49 2026-05-06 10:35:39
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.168 -- AS48090
AS47890
RO 36537202
+ 94578 DShield reports
+ 23 OTX pulses 		1.000
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
14 blacklists  22scanner 2025-11-19 15:20:59 2026-05-06 10:24:49
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.112 dns112.personaliseplus.com AS47890
RO 19064172
+ 190569 DShield reports
+ 16 OTX pulses 		1.000
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
14 blacklists 2025-10-04 21:56:26 2026-05-06 10:28:07
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
87.251.64.176 -- AS200730
US 33191142
+ 233360 DShield reports
+ 8 OTX pulses 		0.999
src login protocol: ssh
port: 22, 2222
src scan
src
4 blacklists 2026-04-21 16:30:41 2026-05-06 10:36:30
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.46.255.86 hostingmailto239.statics.servermail.org AS47890
RO 9054163
+ 49839 DShield reports
+ 3 OTX pulses 		0.999
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
8 blacklists  22, 80, 2000eol-product, scanner 2026-03-11 22:22:32 2026-05-06 10:25:10
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.121.25 hosting25.tronicsat.com AS47890
RO 18975172
+ 181607 DShield reports
+ 25 OTX pulses 		0.999
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
14 blacklists 2025-10-05 10:37:13 2026-05-06 10:35:18
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
2.57.122.238 -- AS48090
AS47890
RO 17646214
+ 225087 DShield reports
+ 7 OTX pulses 		0.999
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
17 blacklists  22, 80scanner 2025-11-06 15:20:09 2026-05-06 10:33:37
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
154.117.199.5 -- AS327799
BI 1232132
+ 2637 DShield reports 		0.998
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
4 blacklists  22, 80, 111, 123 2026-04-15 10:19:45 2026-05-06 08:43:32
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
185.246.130.20 -- AS42237
SE 3181122
+ 33421 DShield reports 		0.997
src login protocol: ssh
port: 22, 2222
src scan
src
11 blacklists  137, 445, 3306, 5985, 33060database 2024-10-29 11:05:11 2026-05-06 09:30:05
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
94.154.35.215 -- AS214943
AS214976
AS202412
NL 109199152
+ 405299 DShield reports 		0.996
src login protocol: ssh
port: 22, 2222
src scan
src
5 blacklists  135, 445, 5985, 10000, 10005, ... 2026-01-26 15:00:07 2026-05-06 10:36:11
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
178.16.54.226 -- AS209800
AS214943
AS214976
AS202412
NL 12162142
+ 65392 DShield reports 		0.994
src login protocol: ssh
port: 22, 2222
src scan
src
5 blacklists  137, 445, 5985, 10000, 10007, ... 2026-02-02 12:45:30 2026-05-05 09:38:32
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
130.12.180.51 -- AS214943
AS202412
US 10107163
+ 229865 DShield reports 		0.991
src login protocol: ssh
port: 22, 2222
src botnet_drone
src scan
dst malware_distribution
src
6 blacklists  22, 80, 443eol-product 2025-12-20 07:34:46 2026-05-06 10:23:28
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.182 -- AS48090
AS47890
RO 14658193
+ 151894 DShield reports
+ 7 OTX pulses 		0.990
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
16 blacklists  22scanner 2025-11-18 16:26:32 2026-05-06 10:33:37
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
179.43.133.154 hostedby.privatelayer.com AS51852
CH 48566142
+ 155571 DShield reports 		0.989
src login protocol: ssh
port: 22, 2222
src scan
src
3 blacklists  135, 137, 10000, 10010, 10020, ... 2025-09-02 11:59:39 2026-05-06 10:33:34
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
80.94.92.184 -- AS48090
AS47890
RO 14865203
+ 155365 DShield reports
+ 7 OTX pulses 		0.988
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
16 blacklists  22scanner 2025-11-19 14:33:30 2026-05-06 10:30:16
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
207.90.244.13 -- AS174
US 38897145
+ 222555 DShield reports 		0.981
src scan
src
src login protocol: ftp, ssh, telnet
port: 21, 22, 2222
src exploit protocol: ftp, http
19 blacklists  22, 500, 4500, 9002vpn 2024-12-11 02:13:13 2026-05-06 10:34:29
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
193.32.162.145 -- AS47890
RO 15440193
+ 199750 DShield reports
+ 4 OTX pulses 		0.980
src login protocol: ssh
port: 22, 2222
src scan port: 22
src
17 blacklists  22scanner 2025-06-06 07:36:57 2026-05-06 10:05:47
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.65.148.29 176.65.148.29.ptr.pfcloud.network AS51396
NL 2598872
+ 3394833 DShield reports 		0.980
src scan port: 8332, 8545
src
3 blacklists  22, 80scanner 2026-01-08 22:28:08 2026-05-06 09:41:05
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
176.32.193.16 -- AS197834
AM 27543214
+ 58701 DShield reports
+ 2 OTX pulses 		0.978
src scan port: many
src login protocol: rdp, redis, ssh
port: 22, 2222
src
14 blacklists 2026-03-12 10:40:05 2026-05-06 10:33:13
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield
31.56.209.38 -- AS209373
AE 2542153
+ 28343 DShield reports
+ 1 OTX pulses 		0.978
src scan port: 22
src login protocol: ssh
port: 22, 2222
src
7 blacklists 2026-04-17 13:12:59 2026-05-06 10:02:00
  Shodan   Censys   valli.org   whatismyipaddress.com   AbuseIPDB   Talos Intelligence Center   Greynoise Visualizer   DShield