51.38.225.46
IP Intelligence Briefing: 51.38.225.46
Date: 2026-06-09
---
**Key Risk Indicators**
- Risk Score: 59/100 (Moderate Risk)
- Threat Type: Tor exit node (linked to anonymity networks)
- Provider: OVH SAS (France)
- Geolocation: France (FR), inferred with 500km accuracy radius.
---
**Threat Observations**
- Tor Exit Node: Confirmed as a Tor exit node, which may mask malicious activity.
- DNS Associations: Linked to `vps-d19ace40.vps.ovh.net` (OVH-hosted VPS).
- Network Role: Publicly accessible HTTP/HTTPS services (ports 80/443), running Nginx.
- Historical Signals: Limited observation history (63 total signals), with recent activity showing moderate confidence in geolocation and network stability.
---
**Network Context**
- Subnet: 51.38.225.46/24 (no active neighbors detected).
- Ownership: Owned by OVH SAS (AS16276), with no recent ownership changes.
- Subnet Abuse: Low abuse density (0/10), but the IPโs Tor association introduces risk.
---
**Recommended Actions**
1. Block Traffic: Implement firewall rules to block this IP (see below).
2. Monitor Anonymity Traffic: Scrutinize traffic originating from or destined to this IP, as Tor exit nodes are often used for covert operations.
3. Verify DNS Associations: Investigate the linked hostname `vps-d19ace40.vps.ovh.net` for potential misuse.
---
**Firewall Rules**
- iptables:
`iptables -A INPUT -s 51.38.225.46 -j DROP`
- nftables:
`nft add rule inet filter input ip saddr 51.38.225.46 drop`
- Cloudflare WAF:
```json
{
"description": "Block 51.38.225.46 โ IPDebrief risk score 59",
"action": "block",
"filter": {
"expression": "ip.src eq 51.38.225.46"
}
}
```
---
**Conclusion**
This IP is a Tor exit node associated with OVHโs infrastructure. While its subnet shows low abuse density, the Tor association and moderate risk score warrant monitoring and blocking to mitigate potential anonymous threat vectors. Further investigation into its DNS and network relationships is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH SAS |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.38.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-d19ace40.vps.ovh.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-d19ace40.vps.ovh.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2026-03-08T00:00:00+00:00 |
| Valid Until | 2026-11-17T00:00:00+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 254 days |
| Serial Number | 5E87249A821DBC22 |
| Thumbprint | 7487C9EB26AE6AABC3E73EF7AE2BBD7C4109EBC8 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 5 |
| routing | 25% | 2 | 3 |
| services | 35% | 2 | 3 |
| ownership | 39% | 3 | 10 |
| reputation | 26% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 32% | 12 | 27 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:45 UTC |
| Last Seen | 2026-06-28 19:29:11 UTC |
| Profile Built | 2026-06-29 01:31:13 UTC |
| Data Freshness | Live |
| Signal Types | 31 |
| Total Observations | 62 |
Full dossier details are available via our API.