IPDebrief

104.167.16.38

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: IP 104.167.16.38/32

Classification: Moderate Risk (Risk Score: 40)

Date: Current Intelligence Cycle

Platform: IPDebrief Intelligence

---

## EXECUTIVE SUMMARY

IP address 104.167.16.38 is a cloud-hosted infrastructure endpoint operated by OVH (ASN 16276) with geolocation indicators pointing to Singapore. The IP exhibits moderate risk characteristics with no direct threat indicators identified. The address is fully firewalled with no open services detected. Recommended action: Monitor with awareness of potential abuse potential in the hosting environment.

---

## OWNERSHIP & NETWORK ATTRIBUTES

AttributeValue
**Organization**Net Admin
**Network Name**US-ZAPPIE-20140822
**ASN**16276 (OVH)
**CIDR Block**104.167.16.0/24
**RIR**ARIN
**Infrastructure Type**Cloud Compute
**Network Role**Firewalled / No Services

---

## GEOLOCATION

AttributeValue
**Country**Singapore (SG)
**City**Singapore
**Coordinates**1.35°N, 103.82°E
**Timezone**Asia/Singapore
**Accuracy Radius**45 km
**Geo Consensus**True

---

## THREAT ASSESSMENT

Risk Indicators:

Control Plane Analysis:

---

## SERVICES & FINGERPRINTING

CategoryStatus
**Open Ports**None detected
**TLS Certificate**None
**HTTP Title**None
**Hosted Domains**0
**Email Auth (SPF/DMARC)**Not configured
**Infrastructure**Cloud-hosted, firewalled

---

## NEIGHBORHOOD ANALYSIS

MetricValue
**Subnet**104.167.16.0/24
**Abuse Density**1 (Low)
**Classification**Mostly Clean
**Inherited Risk**2
**Total Siblings**1
**Active Siblings**1
**Threat Siblings**1

---

## OBSERVATION HISTORY

Total Observations: 21 signals tracked

Most Recent: 2026-06-20

Confidence Range: 28% - 90%

Signal Timeline Highlights:

---

## RELATIONSHIP GRAPH

Total Relationships: 15

Relationship Types: Same Network (US-ZAPPIE-20140822)

All relationships indicate association with the same network registration, confirming consistent ownership within the OVH infrastructure.

---

## RECOMMENDED ACTIONS

Current Risk Score: 40

Action Threshold: Moderate Risk (Consider blocking based on policy)

Recommended Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 104.167.16.38 -j DROP

# nftables

nft add rule inet filter input ip saddr 104.167.16.38 drop

# nginx

deny 104.167.16.38;

# pfSense

104.167.16.38/32

# Cloudflare WAF

{"description":"Block 104.167.16.38 β€” IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 104.167.16.38"}}

# AWS WAF

{"Addresses":["104.167.16.38/32"],"Description":"IPDebrief risk 40"}

```

---

## INTELLIGENCE NARRATIVE

IP 104.167.16.38 represents a cloud-hosted endpoint within OVH's Singapore infrastructure. The moderate risk score of 40 reflects the cloud-hosting nature of the infrastructure rather than active malicious behavior. The IP is fully firewalled with no open services, DNS records, or email authentication configured. While no direct threat indicators were identified, the presence of a DNSBL listing and the hosting infrastructure classification

"While no direct threat indicators were identified, the presence of a DNSBL listing and the hosting infrastructure classification warrants continued monitoring. The subnet shows low abuse density with one active sibling IP, suggesting shared infrastructure with minimal threat concentration.

Threat Confidence: Low - Cloud-hosted endpoint with no active exploitation signatures or attack patterns observed in historical data.

Recommended SOC Actions:

1. Monitor for outbound connections from internal systems to this IP

2. Add to watchlist for correlation with future threat intelligence

3. Consider proactive blocking if security policy aligns with moderate-risk thresholds

Conclusion: This IP represents a baseline cloud infrastructure endpoint requiring awareness-level monitoring rather than immediate mitigation. The moderate risk score primarily reflects hosting infrastructure characteristics rather than active malicious behavior. No immediate threat actions required based on current intelligence."

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΈπŸ‡¬ Singapore
Regionβ€”
CitySingapore (Downtown Core)
TimezoneAsia/Singapore
Latitude1.35
Longitude103.82

🏒 Ownership & Registration

OrganizationNet Admin
ASNAS16276
Network NameUS-ZAPPIE-20140822
CIDR Block104.167.16.0/24
RIRARIN
CountrySG
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
27%
24
routing
24%
23
services
15%
22
ownership
30%
34
reputation
26%
13
geolocation
26%
22
Overall25%1218
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-25 12:41:01 UTC
Last Seen2026-06-29 01:27:32 UTC
Profile Built2026-06-29 07:31:04 UTC
Data FreshnessLive
Signal Types22
Total Observations23
πŸ” 22 signal types Β· 23 observations collected
This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.