54.38.147.155
## IP Intelligence Briefing: 54.38.147.155/32
Executive Summary
Analysis of IP address 54.38.147.155/32 reveals a cloud infrastructure endpoint operated by Ahrefs Pte Ltd Dmytro under ASN 16276 (OVH). The IP registered at risk score 40 (Moderate Risk) with evidence of recent blacklist activity. While the endpoint resolves to legitimate ahrefs.net infrastructure, geolocation validation indicates the IP is not physically located in the claimed London, England coordinates. The /24 subnet demonstrates elevated abuse density, suggesting coordinated activity within the hosting block.
Ownership and Infrastructure
Organization: Ahrefs Pte Ltd Dmytro
ASN: 16276 (OVH)
Infrastructure Type: CloudCompute, Hosting
PTR Hostname: proxy-uk005-san155.ahrefs.net
Domain: ahrefs.net
The IP operates within OVH's cloud infrastructure in the United Kingdom. DNS resolution confirms association with the ahrefs.net domain, though forward confirmation failed. No active services were observed on open ports, and the endpoint is classified as "Firewalled / No Services."
Geolocation Validation
Claimed Location: London, England, GB
Observed RTT: 87ms average, 87ms minimum
Distance from Claimed Location: 500.4 km
GeoPlausible: True
Discrepancy between claimed London coordinates and observed network latency indicates the endpoint may not be physically hosted in the United Kingdom despite PTR records suggesting UK005 infrastructure.
Threat Indicators and Reputation
Risk Score: 40 (Moderate Risk)
DNSBL Listings: 1 of 8 total lists
Threat Feed Status: No indicators
Known Campaigns: None
Most recent observation (2026-06-28) recorded blacklist listings with high severity across multiple sources. Previous observations from 2026-06-20 included port scanning activity and subnet analysis. No persistent malicious behavior detected.
Network Neighborhood Analysis
Subnet: 54.38.147.0/24
Abuse Density: 0.668 (High)
Total Siblings: 256
Active Siblings: 204
Threat Siblings: 171
The /24 subnet exhibits significant abuse density. Risk distribution across neighbors shows 45 medium-risk and 55 low-risk endpoints, with no high-risk classifications among sampled neighbors. This suggests the subnet hosts mixed legitimate and potentially compromised endpoints under shared infrastructure.
Operational Relationships
Forty-four relationships were identified, primarily classified as "Same Network" relationships pointing to OVH_282347341. The relationship graph indicates the IP shares infrastructure with multiple peers within the same hosting environment.
Recommended Security Actions
Risk Score: 40
Recommended Action: Block or monitor
Firewall rules were generated for iptables, nftables, nginx, pfSense, Cloudflare WAF, and AWS WAF platforms. The recommendation to block stems from moderate risk classification combined with recent blacklist activity.
Assessment
The IP address 54.38.147.155 represents legitimate cloud hosting infrastructure with evidence of recent abuse activity. The moderate risk score (40) and high abuse density in the /24 subnet warrant defensive monitoring rather than immediate blocking. SOC teams should evaluate incoming traffic from this IP against organizational threat intelligence policies, considering the discrepancy between claimed and observed geolocation, and the presence of blacklist listings.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san155.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san155.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:45:08 UTC |
| Last Seen | 2026-06-28 11:28:45 UTC |
| Profile Built | 2026-06-29 05:32:34 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.