JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 223.166.22.20

223.166.22.20 was found in our database!

This IP was reported 238 times. Confidence of Abuse is 63%: ?

63%

ISP	CHINA UNICOM Shanghai city network
Usage Type	Fixed Line ISP
ASN	AS17621
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 223.166.22.20

Whois 223.166.22.20

IP Abuse Reports for 223.166.22.20:

This IP address has been reported a total of 238 times from 59 distinct sources. 223.166.22.20 was first reported on August 19th 2022, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-08 17:40:10 (12 hours ago)	Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: M ... show more Honeypot detection: Memcached unauthorized access / amplification attempt on port 11211. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-06-07 06:08:47 (2 days ago)	Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) o ... show more Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) on port 50000. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 xmission.com	2026-05-29 13:43:32 (1 week ago)	Blocked by UFW (TCP on 18080) Source port: 4439 TTL: 238 Packet length: 44 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 18080) Source port: 4439 TTL: 238 Packet length: 44 TOS: 0x08 This report (for 223.166.22.20) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇬🇧 PeravixGroup	2026-05-29 02:47:57 (1 week ago)	Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDI ... show more Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-28 11:38:33 (1 week ago)	Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) o ... show more Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) on port 50000. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇵🇱 sefinek.net	2026-05-28 05:45:34 (1 week ago)	Honeypot hit: Empty payload (likely service probe); 5280 [1] TCP Reported by: https://github.com/sef ... show more Honeypot hit: Empty payload (likely service probe); 5280 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇬🇧 PeravixGroup	2026-05-28 03:59:56 (1 week ago)	Honeypot detection: Redis unauthorized access / data extraction attempt on port 6379. Severity: MEDI ... show more Honeypot detection: Redis unauthorized access / data extraction attempt on port 6379. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-27 15:48:43 (1 week ago)	Honeypot detection: TR-069 CWMP router management protocol abuse attempt on port 7547. Severity: MED ... show more Honeypot detection: TR-069 CWMP router management protocol abuse attempt on port 7547. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Hacking
Anonymous	2026-05-27 09:03:31 (1 week ago)	unsolicited connect TCP dport 8030 (sport 31023)	Hacking
🇺🇸 xmission.com	2026-05-23 07:45:19 (2 weeks ago)	Blocked by UFW (TCP on 10404) Source port: 14167 TTL: 238 Packet length: 44 TOS: 0x08 This report ( ... show more Blocked by UFW (TCP on 10404) Source port: 14167 TTL: 238 Packet length: 44 TOS: 0x08 This report (for 223.166.22.20) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇬🇧 PeravixGroup	2026-05-22 14:33:38 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇲🇳 Public CSIRT/CC of Mongolia	2026-05-20 16:08:40 (2 weeks ago)	Honeypot hit: Empty payload (likely service probe); 6200 [1] TCP	Port Scan
🇦🇺 trentwiles.com	2026-05-20 06:45:48 (2 weeks ago)	Unauthorized connection attempt detected from IP address 223.166.22.20 to port 3053 [SYD]	Port Scan
🇦🇺 trentwiles.com	2026-05-20 04:25:28 (2 weeks ago)	Unauthorized connection attempt detected from IP address 223.166.22.20 to port 24844 [SYD]	Port Scan
🇬🇧 PeravixGroup	2026-05-20 00:45:01 (2 weeks ago)	Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDI ... show more Honeypot detection: MongoDB unauthorized access / exploitation attempt on port 27017. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host

Showing 1 to 15 of 238 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 104.35.143.90

🇯🇴 46.32.109.169

🇳🇱 45.148.10.183

🇺🇸 35.231.22.159

🇬🇧 193.163.125.42

🇺🇸 146.88.241.136

🇨🇳 119.36.105.150

🇬🇧 118.26.104.78

🇩🇪 69.5.169.171

🇺🇸 67.241.132.98

🇸🇬 47.74.213.140

🇫🇮 45.159.21.128

🇳🇱 45.148.10.121

🇮🇩 36.85.189.27

🇬🇧 35.203.211.22

🇩🇪 5.231.242.158

🇺🇸 208.84.100.197

🇯🇵 207.56.225.202

🇨🇱 200.225.126.210

🇨🇱 200.83.171.122