54.38.147.116
IP Intelligence Briefing: 54.38.147.116
Date: 2026-06-15
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership: Ahrefs Pte Ltd (AS16276, OVH provider)
- Geolocation: London, England, UK (plausible, 750km accuracy radius)
- Network Role: Cloud compute infrastructure (OVH, no residential/mobile traffic)
- Threat Indicators: No malicious activity, no known campaigns, no blacklist entries.
---
**2. Observation History**
- Recent Activity:
- Geo validation (June 15): Plausible UK location, average RTT ~92ms.
- Network scans (June 8): No open ports, no service banners, no TLS certificates detected.
- Trends: No persistent threats or behavioral anomalies.
---
**3. Relationships**
- Linked Entities:
- Subnet: `54.38.147.116/24` (OVH network, mixed usage).
- DNS: Resolves to `proxy-uk005-san116.ahrefs.net` (Ahrefs domain).
- BGP: Part of OVHβs `54.38.0.0/16` prefix.
- No Known Malicious Associations.
---
**4. Neighborhood Analysis**
- Subnet Abuse Density: 46.88% (moderate risk).
- Neighbor Risk Distribution:
- 51 IPs flagged as medium risk (avg. 40 score).
- 49 IPs flagged as low risk (avg. 25 score).
- Notable Neighbors:
- `54.38.147.0`β`54.38.147.4` (medium risk, likely shared cloud infrastructure).
---
**5. Recommendations**
- Monitor Subnet: The `54.38.147.116/24` subnet has mixed risk, warranting closer scrutiny for unusual traffic patterns.
- Verify DNS: Confirm `proxy-uk005-san116.ahrefs.net` is legitimate, as DNS validation shows no immediate anomalies.
- No Immediate Action Required: The IP itself is low risk, but its subnetβs moderate abuse density suggests contextual awareness is critical.
---
Source: IPDebrief Threat Intelligence Platform
Note: This IP is associated with a legitimate cloud provider (OVH) and no malicious activity has been observed. However, the subnetβs mixed risk profile requires ongoing monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk005-san116.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san116.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 03:23:27 UTC |
| Last Seen | 2026-06-28 06:46:17 UTC |
| Profile Built | 2026-06-29 00:51:14 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.