54.38.190.246

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 54.38.190.246/32

Classification: Moderate Risk Cloud Host

Date: 2026-06-19

Risk Score: 50/100

## Summary

IP 54.38.190.246 is a cloud compute host operated by OVH SAS (ASN 16276) in France. The address resolves to a VPS instance (vps-3d2e1516.vps.ovh.net) running Apache/2.4.52 on Ubuntu with HTTP and SSH services active. The IP shows moderate risk characteristics with DNSBL listings and limited threat indicators.

## Network Attribution

Organization: OVH SAS
ASN: 16276
Network Class: Cloud Compute / Hosting
Geolocation: France (FR)
Infrastructure Type: Virtual Private Server (VPS)

## Observed Services

Port	Protocol	Service	Status
80	TCP	HTTP	Active (Apache 2.4.52)
22	TCP	SSH	Active (OpenSSH 8.9p1 Ubuntu)

## Threat Indicators

Blacklist Status: Listed on 2 of 8 threat feeds
Campaign Association: None detected
Known Attacker: No
Tor Exit Node: No
Abuse Confidence: Low to moderate

## Neighborhood Analysis

Subnet 54.38.190.0/24 classified as mostly clean with low abuse density. Single threat sibling observed within the /24 range, suggesting localized but contained risk exposure.

## Historical Activity

Analysis of 28 observation points reveals consistent Apache server fingerprinting and recurring DNSBL listings. Recent observations (2026-06-19) show continued presence on threat feeds with high-severity classifications detected.

## Recommended Security Actions

Based on the moderate risk profile, the following controls are recommended:

Firewall/Blocking:

```

iptables -A INPUT -s 54.38.190.246 -j DROP

```

Application-Level Filtering:

```

nginx: deny 54.38.190.246;

Cloudflare WAF: Block IP (risk score 50)

AWS WAF: Add 54.38.190.246/32 to block list

```

## Intelligence Notes

The IP operates within OVH's VPS infrastructure, a common hosting platform for legitimate services as well as compromised instances. The presence of DNSBL listings warrants monitoring but does not definitively indicate malicious activity. SOC analysts should correlate with additional threat intelligence sources before taking blocking actions, particularly given the IP's classification as cloud infrastructure where false positives may occur.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	—
City	—
Timezone	Europe/Paris
Latitude	48.86
Longitude	2.34

🏢 Ownership & Registration

Organization	OVH SAS
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vps-3d2e1516.vps.ovh.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vps-3d2e1516.vps.ovh.net`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Multi-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
Closed Ports	25, 443, 3389, 8080, 8443 (2 open / 7 scanned)

Server	Apache/2.4.52 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	13%	1	1
services	29%	2	4
ownership	20%	2	3
reputation	28%	1	3
geolocation	25%	2	2
Overall	24%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-13 12:13:36 UTC
Last Seen	2026-06-27 23:29:08 UTC
Profile Built	2026-06-28 17:34:47 UTC
Data Freshness	Live
Signal Types	23
Total Observations	28

🔍 23 signal types · 28 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

54.38.190.246📋 Copy