54.38.147.187📋 Copy

# IP Intelligence Briefing: 54.38.147.187/32

Date: 2026-06-20

Classification: Moderate Risk

Risk Score: 40/100

## Executive Summary

IP address 54.38.147.187 is a cloud infrastructure endpoint operated by OVH (ASN 16276) within the Ahrefs Pte Ltd Dmytro organization. The IP is classified as Moderate Risk with a risk score of 40. While not directly associated with active threat campaigns, the IP resides within a high-abuse subnet (54.38.147.0/24) with 51.95% abuse density, indicating a broader environmental risk context.

## Ownership and Infrastructure

• ASN: 16276 (OVH)
• Organization: Ahrefs Pte Ltd Dmytro
• Network Role: CloudCompute/Hosting infrastructure
• Infrastructure Type: Cloud provider (OVH)
• BGP Prefix: 54.38.0.0/16
• Route Stability: Unstable (false)

## Geolocation Data

• Country: GB (United Kingdom)
• Region: England
• City: London
• Coordinates: 55.38°N, -3.44°W (inferred)
• Accuracy Radius: 750km
• Geo Consensus: True
• Geolocation Plausibility: True (minimum possible RTT: 10ms, observed: 85-90ms)
• Distance from Claimed Location: 500.4km

## DNS and Network Services

• PTR Hostname: proxy-uk005-san187.ahrefs.net
• Domain: ahrefs.net
• Forward Resolution: Confirmed (1 hostname)
• DNSSEC: Valid
• CAA Records: Present
• Open Ports: None detected
• TLS Certificate: Not detected
• HTTP Services: Not detected (Firewalled/No Services)

## Threat Intelligence Assessment

Current Threat Indicators:

• Abuse Confidence Score: Not available
• Blacklist Count: 0
• Known Campaigns: None
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No

Control Plane Indicators:

• DNSBL Listed Count: 1 (of 8 total lists)
• Operator Score: 0.2174 (Minimal)
• RPKI State: Not available
• IRR Consistency: Not available

## Neighborhood Analysis (54.38.147.0/24)

• Total Siblings: 256 IPs
• Active Siblings: 178 IPs
• Threat Siblings: 133 IPs
• Abuse Density: 0.5195 (High Abuse Classification)
• Inherited Risk Score: 20

Risk distribution across the /24 subnet:

• High Risk: 0 IPs
• Medium Risk: 100 IPs
• Low Risk: 0 IPs

The subnet exhibits elevated abuse activity, with the target IP inheriting baseline risk from neighborhood characteristics.

## Historical Observation Trends

• Total Observations: 24 signals
• Observation Period: June 15-20, 2026
• Threat Persistence Days: 0
• Is Persistently Malicious: No
• Ownership Changes: 0
• Recent Signals:

- June 20, 2026: Operator score 0.2174 (Minimal)

- June 15, 2026: Host classification confirmed as OVH hosting infrastructure

- June 15, 2026: Geolocation validated (85-96ms RTT)

## Related Entities

• Network Relationships: 35 relationships identified
• Primary Network: OVH_282347341
• Connection Type: Cloud infrastructure networking

## Recommended Security Actions

Firewall Rules for Immediate Implementation:

```bash

# iptables

iptables -A INPUT -s 54.38.147.187 -j DROP

# nftables

nft add rule inet filter input ip saddr 54.38.147.187 drop

# nginx

deny 54.38.147.187;

# pfSense

54.38.147.187/32

# Cloudflare WAF

Action: Block

Expression: ip.src eq 54.38.147.187

# AWS WAF

Address: 54.38.147.187/32

Description: IPDebrief risk 40

```

## Analyst Notes

While the individual IP lacks direct threat indicators, the high-abuse density of the parent subnet (54.38.147.0/24) warrants monitoring. The IP shows no evidence of persistent malicious activity but is flagged on one DNSBL listing. Recommend continued observation and consider subnet-level blocking if threat activity increases from neighboring IPs. The infrastructure is classified as hosting/cloud with no active services detected, suggesting the endpoint may be dormant or used for non-public-facing purposes.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.