104.167.16.38📋 Copy

# INTELLIGENCE BRIEFING: IP 104.167.16.38/32

Classification: Moderate Risk (Risk Score: 40)

Date: Current Intelligence Cycle

Platform: IPDebrief Intelligence

---

## EXECUTIVE SUMMARY

IP address 104.167.16.38 is a cloud-hosted infrastructure endpoint operated by OVH (ASN 16276) with geolocation indicators pointing to Singapore. The IP exhibits moderate risk characteristics with no direct threat indicators identified. The address is fully firewalled with no open services detected. Recommended action: Monitor with awareness of potential abuse potential in the hosting environment.

---

## OWNERSHIP & NETWORK ATTRIBUTES

---

## GEOLOCATION

---

## THREAT ASSESSMENT

Risk Indicators:

• Risk Score: 40/100 (Moderate)
• Blacklist Count: 0
• DNSBL Listings: 1 of 8 lists
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Known Campaigns: None
• Threat Persistence: None observed

Control Plane Analysis:

• Route Stability: Stable
• AS Path: 2914 → 16276
• RPKI State: Not verified
• Operator Score: 0.3478 (Basic)
• Delegation Age: 9,246 days (~25 years)

---

## SERVICES & FINGERPRINTING

---

## NEIGHBORHOOD ANALYSIS

---

## OBSERVATION HISTORY

Total Observations: 21 signals tracked

Most Recent: 2026-06-20

Confidence Range: 28% - 90%

Signal Timeline Highlights:

• 2026-06-20: Network classification confirmed (OVH Cloud Compute)
• 2026-06-20: Geolocation inferred Singapore (28% confidence)
• 2026-06-20: Routing signals processed (Basic operator score)
• No persistent threat observations recorded

---

## RELATIONSHIP GRAPH

Total Relationships: 15

Relationship Types: Same Network (US-ZAPPIE-20140822)

All relationships indicate association with the same network registration, confirming consistent ownership within the OVH infrastructure.

---

## RECOMMENDED ACTIONS

Current Risk Score: 40

Action Threshold: Moderate Risk (Consider blocking based on policy)

Recommended Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 104.167.16.38 -j DROP

# nftables

nft add rule inet filter input ip saddr 104.167.16.38 drop

# nginx

deny 104.167.16.38;

# pfSense

104.167.16.38/32

# Cloudflare WAF

{"description":"Block 104.167.16.38 — IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 104.167.16.38"}}

# AWS WAF

{"Addresses":["104.167.16.38/32"],"Description":"IPDebrief risk 40"}

```

---

## INTELLIGENCE NARRATIVE

IP 104.167.16.38 represents a cloud-hosted endpoint within OVH's Singapore infrastructure. The moderate risk score of 40 reflects the cloud-hosting nature of the infrastructure rather than active malicious behavior. The IP is fully firewalled with no open services, DNS records, or email authentication configured. While no direct threat indicators were identified, the presence of a DNSBL listing and the hosting infrastructure classification

"While no direct threat indicators were identified, the presence of a DNSBL listing and the hosting infrastructure classification warrants continued monitoring. The subnet shows low abuse density with one active sibling IP, suggesting shared infrastructure with minimal threat concentration.

Threat Confidence: Low - Cloud-hosted endpoint with no active exploitation signatures or attack patterns observed in historical data.

Recommended SOC Actions:

1. Monitor for outbound connections from internal systems to this IP

2. Add to watchlist for correlation with future threat intelligence

3. Consider proactive blocking if security policy aligns with moderate-risk thresholds

Conclusion: This IP represents a baseline cloud infrastructure endpoint requiring awareness-level monitoring rather than immediate mitigation. The moderate risk score primarily reflects hosting infrastructure characteristics rather than active malicious behavior. No immediate threat actions required based on current intelligence."

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.