JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 223.166.22.154

223.166.22.154 was found in our database!

This IP was reported 268 times. Confidence of Abuse is 60%: ?

60%

ISP	CHINA UNICOM Shanghai city network
Usage Type	Fixed Line ISP
ASN	AS17621
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 223.166.22.154

Whois 223.166.22.154

IP Abuse Reports for 223.166.22.154:

This IP address has been reported a total of 268 times from 57 distinct sources. 223.166.22.154 was first reported on August 19th 2022, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-08 18:56:21 (14 hours ago)	Honeypot detection: Reflection / amplification DDoS attempt on port 3306. Severity: MEDIUM. Aaran.cl ... show more Honeypot detection: Reflection / amplification DDoS attempt on port 3306. Severity: MEDIUM. Aaran.cloud show less	DDoS Attack
🇺🇸 xmission.com	2026-06-08 17:54:43 (15 hours ago)	Blocked by UFW (TCP on 10001) Source port: 8168 TTL: 237 Packet length: 44 TOS: 0x00 This report (f ... show more Blocked by UFW (TCP on 10001) Source port: 8168 TTL: 237 Packet length: 44 TOS: 0x00 This report (for 223.166.22.154) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇬🇧 PeravixGroup	2026-06-08 10:26:08 (23 hours ago)	Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDI ... show more Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇫🇮 6kilowatti	2026-06-08 03:29:17 (1 day ago)	2026-06-08T06:29:16.022766+03:00 mummo kernel: [UFW BLOCK] IN=enp0s25 OUT= MAC=6c:62:6d:d6:a5:bc:00: ... show more 2026-06-08T06:29:16.022766+03:00 mummo kernel: [UFW BLOCK] IN=enp0s25 OUT= MAC=6c:62:6d:d6:a5:bc:00:00:5e:00:01:58:08:00 SRC=223.166.22.154 DST=83.148.240.21 LEN=44 TOS=0x00 PREC=0x00 TTL=228 ID=36374 PROTO=TCP SPT=7822 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇬🇧 PeravixGroup	2026-06-07 07:08:32 (2 days ago)	Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: M ... show more Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-06-02 01:43:10 (1 week ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-06-01 06:12:14 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇬🇧 PeravixGroup	2026-05-31 09:42:16 (1 week ago)	Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: M ... show more Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-30 22:17:46 (1 week ago)	Honeypot detection: Windows Remote Management (WinRM) unauthorized access attempt on port 5986. Seve ... show more Honeypot detection: Windows Remote Management (WinRM) unauthorized access attempt on port 5986. Severity: MEDIUM. Aaran.cloud show less	Brute-Force Hacking
🇺🇸 MPL	2026-05-30 07:33:46 (1 week ago)	tcp/10445 (2 or more attempts)	Port Scan
🇬🇧 PeravixGroup	2026-05-27 13:12:08 (1 week ago)	Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDI ... show more Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-27 04:46:14 (1 week ago)	Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: ME ... show more Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-23 12:33:34 (2 weeks ago)	Honeypot detection: TR-069 CWMP router management protocol abuse attempt on port 7547. Severity: MED ... show more Honeypot detection: TR-069 CWMP router management protocol abuse attempt on port 7547. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Hacking
🇳🇱 BIV	2026-05-23 05:24:07 (2 weeks ago)	Honeypot multi-source hit. Sources: dshield:fw,tpot:P0f,tpot:Suricata. Ports: 6560. Automated tiered ... show more Honeypot multi-source hit. Sources: dshield:fw,tpot:P0f,tpot:Suricata. Ports: 6560. Automated tiered (T-Pot+DShield). show less	Port Scan Hacking
🇲🇳 Public CSIRT/CC of Mongolia	2026-05-20 18:19:32 (2 weeks ago)	Honeypot hit: Empty payload (likely service probe); 7200 [1] TCP	Port Scan

Showing 1 to 15 of 268 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 219.156.100.119

🇵🇦 190.97.165.93

🇳🇱 176.65.139.237

🇧🇷 143.202.187.195

🇳🇱 67.213.127.151

🇬🇧 45.137.126.87

🇬🇧 35.203.210.149

🇨🇳 182.138.158.252

🇨🇳 182.119.224.144

🇨🇳 175.30.48.12

🇧🇷 131.196.31.56

🇨🇳 118.212.121.87

🇮🇳 106.77.157.119

🇨🇳 101.249.63.115

🇫🇷 85.204.70.102

🇸🇬 43.156.117.41

🇺🇸 34.106.100.206

🇺🇸 2607:f8b0:4001:c00::127

🇮🇳 202.164.35.18

🇭🇰 199.45.154.116