IP address 54.38.52.18 has been flagged in 150 abuse reports across 27 independent threat intelligence sources, resulting in a threat score of 100.0/100 (critical risk). The primary activity associated with this IP is abuseipdb blacklist, along with aggregated threat, aggressive scanner, attacks, brute force, bruteforce, known attacker, malware c2, malware infrastructure, reconnaissance, scanning, ssh-bruteforce, ssh brute force, ssh bruteforce, suspicious activity, unknown, voip attack.
This IP is geolocated in Poland and belongs to the network OVH SAS (AS16276). Reports span from 2025-09-11 to 2026-04-17.
Assessment: With 150 abuse reports, 54.38.52.18 shows persistent malicious activity that has been flagged by multiple threat intelligence feeds. The IP has been observed conducting automated SSH login attempts against internet-facing servers, a technique commonly used to gain unauthorized access to systems. This IP belongs to OVH SAS, a major cloud/hosting provider — the malicious activity likely originates from a compromised or rented virtual server rather than the provider's own infrastructure.