JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 169.224.20.159

169.224.20.159 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 25%: ?

25%

ISP	Earthlink Telecommunications Equipment Trading & Services DMCC
Usage Type	Fixed Line ISP
ASN	AS199739
Domain Name	earthlink.iq
Country	🇮🇶 Iraq
City	Baghdad, Baghdad

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 169.224.20.159

Whois 169.224.20.159

IP Abuse Reports for 169.224.20.159:

This IP address has been reported a total of 16 times from 13 distinct sources. 169.224.20.159 was first reported on November 22nd 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-14 21:57:57 (1 week ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇩🇪 HandyTreff.de	2026-06-14 15:01:58 (1 week ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -82.712 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -82.712 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0. show less	Web App Attack Bad Web Bot
🇪🇸 pipeline.es	2026-06-05 11:43:31 (2 weeks ago)	Port scanning / recon	Port Scan Web App Attack
🇪🇸 pipeline.es	2026-06-05 11:28:22 (2 weeks ago)	Port scanning / recon \| Evidence: date=2026-06-05 time=13:09:59 devname="[redacted]" devid="[redacte ... show more Port scanning / recon \| Evidence: date=2026-06-05 time=13:09:59 devname="[redacted]" devid="[redacted]" eventtime=1780657798894328949 tz=\"+0200\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd="[redacted]" srcip=169.224.20.159 srcport=37517 srcintf="[redacted]" srcintfrole=\"wan\" dstip=[redacted] dstport=443 dstintf="[redacted]" dstintfrole=\"lan\" srccountry=\"Iraq\" dstcountry=\"Spain\" sessionid \| ASN: Earthlink Telecommunications Equipment Trading & Services DM \| Country: IQ show less	Port Scan Web App Attack
🇪🇸 pipeline.es	2026-06-05 11:11:01 (2 weeks ago)	Port scanning / recon \| Evidence: date=2026-06-05 time=13:09:52 devname="[redacted]" devid="[redacte ... show more Port scanning / recon \| Evidence: date=2026-06-05 time=13:09:52 devname="[redacted]" devid="[redacted]" eventtime=1780657791789668529 tz=\"+0200\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd="[redacted]" srcip=169.224.20.159 srcport=37517 srcintf="[redacted]" srcintfrole=\"wan\" dstip=[redacted] dstport=443 dstintf="[redacted]" dstintfrole=\"lan\" srccountry=\"Iraq\" dstcountry=\"Spain\" sessionid \| ASN: Earthlink Telecommunications Equipment Trading & Services DM \| Country: IQ show less	Port Scan Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (4 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 4acf41a8-b801-4675-a9cd-4cf95dcec3e7	DDoS Attack
🇺🇸 MPL	2026-05-08 10:37:57 (1 month ago)	tcp/23 (2 or more attempts)	Port Scan
🇱🇻 garmtech.com	2026-04-16 10:02:03 (2 months ago)	IM360 WAF: Prohibited WordPress username login/registration	Web App Attack
🇮🇩 Burayot	2026-04-11 14:49:21 (2 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 169.224.20.159 (IQ/Iraq/-): 1 in th ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 169.224.20.159 (IQ/Iraq/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-04 09:46:11 (2 months ago)	(mod_security) mod_security (id:225080) triggered by 169.224.20.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225080) triggered by 169.224.20.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 05:46:05.253522 2026] [security2:error] [pid 30197:tid 30197] [client 169.224.20.159:2140] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^[\\\\d\\\\.ab]+$" against "ARGS_GET:C" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "143"] [id "225080"] [rev "1"] [msg "COMODO WAF: XSS vulnerability in Plupload before 2.1.9 or MediaElement.js before 2.21.0, as used in WordPress before 4.5.2 (CVE-2016-4566 & CVE-2016-4567)\|\|www.cffragrances.iee-usa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cffragrances.iee-usa.com"] [uri "/wp-includes/js/tinymce/plugins/tabfocus/"] [unique_id "adDd3cd8FCLs9sbtXDqd1gAAAAU"], referer: http://www.cffragrances.iee-usa.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-03-10 02:10:03 (3 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇩🇪 filstal.org	2026-03-08 18:12:44 (3 months ago)	Security scan or malicious bot activity detected by Fail2Ban	Bad Web Bot Web App Attack
Anonymous	2026-01-16 17:30:18 (5 months ago)	scanning http requests from known botnet	Web App Attack
🇩🇪 iNetWorker	2026-01-08 08:40:48 (5 months ago)	firewall-block, port(s): 23/tcp	Port Scan
🇩🇪 bescared	2026-01-08 08:07:37 (5 months ago)	F2B - Malicious activity detected. Unauthorized connection attempt: Telnet.	Port Scan

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 92.118.39.77

🇩🇪 84.55.4.185

🇺🇸 13.89.124.222

🇮🇪 4.207.145.86

🇷🇴 2.57.122.150

🇬🇷 194.63.239.149

🇨🇳 124.116.23.182

🇲🇩 94.103.188.194

🇳🇱 91.92.40.176

🇯🇵 87.249.128.218

🇺🇸 66.179.208.139

🇪🇬 62.193.91.121

🇺🇸 34.74.174.164

🇬🇧 2a06:4880:c000::ed

🇰🇷 211.219.118.118

🇺🇸 195.184.76.201

🇸🇪 188.126.240.80

🇨🇳 117.72.212.5

🇸🇬 101.47.159.125

🇷🇴 80.94.92.234