JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 223.166.22.1

223.166.22.1 was found in our database!

This IP was reported 255 times. Confidence of Abuse is 66%: ?

66%

ISP	CHINA UNICOM Shanghai city network
Usage Type	Fixed Line ISP
ASN	AS17621
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 223.166.22.1

Whois 223.166.22.1

IP Abuse Reports for 223.166.22.1:

This IP address has been reported a total of 255 times from 57 distinct sources. 223.166.22.1 was first reported on August 19th 2022, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 sumnone	2026-06-11 04:20:07 (10 hours ago)	Port probing on unauthorized port 12409	Port Scan Hacking Exploited Host
🇬🇧 PeravixGroup	2026-06-11 03:13:24 (11 hours ago)	Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: M ... show more Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-06-09 15:00:06 (1 day ago)	Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDI ... show more Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-06-07 15:12:52 (3 days ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇬🇧 PeravixGroup	2026-06-07 05:41:13 (4 days ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇦🇺 LiftUp Hosting	2026-06-06 12:27:58 (5 days ago)	Honeypot hit: HTTP/1.1 request on 4300 GET / Accept: /; 4300 [1] TCP	Hacking Bad Web Bot
🇬🇧 PeravixGroup	2026-06-06 05:43:11 (5 days ago)	Honeypot detection: Redis unauthorized access / data extraction attempt on port 6379. Severity: MEDI ... show more Honeypot detection: Redis unauthorized access / data extraction attempt on port 6379. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇩🇪 femboy.cat	2026-06-05 05:30:25 (6 days ago)	Port scan to tcp/10172 from 223.166.22.1	Brute-Force
🇬🇧 PeravixGroup	2026-06-02 02:30:33 (1 week ago)	Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) o ... show more Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) on port 50000. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-31 05:41:19 (1 week ago)	Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDI ... show more Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-30 11:46:52 (1 week ago)	Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) o ... show more Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) on port 50000. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇩🇪 Justin F. \| AS204464	2026-05-29 17:11:13 (1 week ago)	Honeypot [nx-infrastructure]: Empty payload (likely service probe); 51004 [1] TCP Reported by: Justi ... show more Honeypot [nx-infrastructure]: Empty payload (likely service probe); 51004 [1] TCP Reported by: Justin F. show less	Port Scan
🇺🇸 MPL	2026-05-29 14:10:55 (1 week ago)	tcp/2263 (2 or more attempts)	Port Scan
🇬🇧 PeravixGroup	2026-05-27 20:14:52 (2 weeks ago)	Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDI ... show more Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇭 4server	2026-05-25 10:30:31 (2 weeks ago)	[MonMay2512:30:26.8452252026][security2:error][pid175660:tid176042][client223.166.22.1:0]ModSecurity ... show more [MonMay2512:30:26.8452252026][security2:error][pid175660:tid176042][client223.166.22.1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.4server.biz\"][uri\"/api/v1/guest/comm/config\"][unique_id\"ahQkwto1J4gjh_b0y1OpqgAAAQA\"]\,referer:https://www.bing.com/ show less	Hacking Web App Attack

Showing 1 to 15 of 255 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.141.46.157

🇨🇳 182.119.227.182

🇵🇭 180.191.254.103

🇭🇰 144.48.241.162

🇨🇳 140.143.153.161

🇰🇪 102.210.149.236

🇺🇸 85.239.234.245

🇸🇪 81.170.248.221

🇨🇳 180.153.197.192

🇳🇱 172.94.9.73

🇳🇱 165.22.193.223

🇰🇷 112.168.237.62

🇨🇮 102.209.222.158

🇱🇹 77.90.185.41

🇧🇪 34.53.163.178

🇹🇷 31.145.131.202

🇩🇪 31.76.27.231

🇺🇸 2a03:2880:f806:35::

🇸🇬 95.111.199.201

🇪🇪 45.12.28.218