54.38.147.144
# IP INTELLIGENCE BRIEFING
Target: 54.38.147.144/32
Classification: LOW RISK
Date: 2026-06-19
Analyst: IPDebrief Intelligence
## Executive Summary
IP 54.38.147.144 is a low-risk (Risk Score: 20) cloud computing endpoint associated with Ahrefs Pte Ltd infrastructure, operated through OVH networks (ASN 16276). The IP resolves to the domain ahrefs.net and is geolocated to London, England with moderate confidence. No active threat indicators or malicious behavior patterns were detected during analysis.
## Technical Profile
Network Classification:
- Provider: OVH Cloud (Infrastructure)
- Infrastructure Type: CloudCompute
- ASN: 16276 (OVH SAS)
- CIDR Block: 54.38.0.0/16
- Route Stability: Stable (0 route changes in 30 days)
- BGP Prefix: 54.38.0.0/16
Geolocation:
- Country: GB (United Kingdom)
- Region: England
- City: London
- Accuracy Radius: 750 km (inferred)
- Min RTT: 91 ms, Avg RTT: 93.2 ms
DNS & Services:
- PTR Hostname: proxy-uk005-san144.ahrefs.net
- Forward Resolution: proxy-uk005-san144.ahrefs.net
- Open Ports: None detected
- HTTP Services: None detected
- TLS Certificates: None detected
## Threat Assessment
Risk Indicators:
- Risk Score: 20/100 (Low Risk)
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Pulsedive Risk: Not available
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane:
- RPKI State: Valid (IRR consistency match)
- DNSSEC Valid: Yes
- DNSBL Listed: 1/8 lists
- Operator Score: 0.5652 (Moderate)
- Route Stable: Yes
Network Context:
- Subnet: 54.38.147.144/24
- Subnet Abuse Density: 0.5 (Mixed)
- Classification: Mixed
- Active Siblings: 167/256
- Threat Siblings: 128
- Neighbor Risk Distribution: 0 High, 88 Medium, 12 Low
## Observation History
Temporal Analysis: 32 observations collected
- Most Recent: 2026-06-19 14:21:16 UTC
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Ownership Changes: 0
Recent Signal Activity:
1. 2026-06-19 14:21:16 โ Operator score 0.5652 (Moderate), Confidence 0.85
2. 2026-06-19 14:21:16 โ Overall confidence 0.2875 (Low)
3. 2026-06-14 14:27:12 โ Network classification: Hosting provider, Confidence 0.85
4. 2026-06-14 14:23:49 โ Subnet abuse density 0.5, Confidence 0.75
5. 2026-06-14 14:22:13 โ Geolocation inferred to GB, Confidence 0.28
No escalating threat patterns observed. The IP shows stable characteristics with no recent malicious activity spikes.
## Relationship Graph
Connected Entities: 62 relationships identified
- Primary Network: OVH_282347341 (Multiple occurrences)
- Network Type: Same Network (OVH infrastructure)
- No malicious entity correlations detected
## Neighborhood Analysis
Subnet: 54.38.147.144/24
- Neighbor Count: 100 analyzed
- Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 88 IPs
- Low Risk: 12 IPs
- Sample Neighbor Risk Scores:
- 54.38.147.0: Risk 40, Authority 50
- 54.38.147.1: Risk 50, Authority 50
- 54.38.147.2: Risk 40, Authority 50
- 54.38.147.3: Risk 40, Authority 50
- 54.38.147.4: Risk 40, Authority 50
The /24 subnet exhibits mixed classification with predominantly medium-risk neighbors, suggesting a hosting environment with varied tenant activity.
## Recommendations
SOC Action Items:
1. No immediate action required โ IP classified as low risk with no active threat indicators
2. Monitor for changes โ Given subnet abuse density (0.5), maintain awareness of neighbor activity
3. Traffic patterns โ If traffic observed, verify legitimate business purpose (ahrefs.net infrastructure)
4. Firewall rules โ Not recommended to block; allow with standard monitoring
Rule Template (if required):
```
# Allow OVH hosting infrastructure (Low Risk)
# IP: 54.38.147.144
# Provider: OVH
# Country: GB
# Risk Score: 20
```
## Conclusion
IP 54.38.147.144 represents legitimate cloud infrastructure hosting operations for Ahrefs through OVH networks. The low risk score (20), absence of threat indicators, and stable network characteristics indicate this endpoint poses minimal security concern. No blocking or remediation actions are warranted at this time.
---
Data Sources: IPDebrief Intelligence Platform
Analysis Date: 2026-06-19
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 54.38.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san144.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san144.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 27% | 3 | 4 |
| services | 12% | 2 | 2 |
| ownership | 33% | 3 | 5 |
| reputation | 31% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 28% | 13 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (65%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 17:41:41 UTC |
| Last Seen | 2026-06-27 16:26:38 UTC |
| Profile Built | 2026-06-28 10:30:57 UTC |
| Data Freshness | Live |
| Signal Types | 28 |
| Total Observations | 35 |
Full dossier details are available via our API.