54.38.147.202
IP Intelligence Briefing: 54.38.147.202
Date: 2026-06-08
**1. Core Profile**
- Reputation: Moderate Risk (Risk Score: 50)
- Ownership: Owned by Ahrefs Pte Ltd (AS16276, OVH provider).
- Geolocation: London, England, UK.
- Network Role: CloudCompute infrastructure (OVH-hosted, no residential/mobile attributes).
- Threat Indicators: No malicious activity detected (no blacklists, spam, or known attacker associations).
**2. Observation History**
- Recent Activity:
- DNS records linked to `proxy-uk005-san202.ahrefs.net` (100% forward resolution).
- Moderate confidence in network classification (cloud compute, no CDN/VPN/Tor).
- DNSSEC and CAA records validated, but 2 DNSBL listings (low-severity).
- Trend: No persistent threats; risk score stable over 30 days.
**3. Relationships**
- Network Associations:
- Part of OVH network (AS16276).
- DNS-linked to `proxy-uk005-san202.ahrefs.net` (repeatedly resolved).
- Subnet Context:
- Subnet `54.38.147.202/24` has 256 IPs; 98 are active, 97 flagged as high/medium risk.
- Inherited subnet risk: 15/100.
**4. Neighborhood Analysis**
- Subnet Abuse Density: 37.89% (moderate risk).
- Neighbor Risks: 17 medium-risk IPs, 83 low-risk IPs.
- Notable: No direct abuse detected in this IPβs subnet, but surrounding IPs show mixed activity.
**5. Actionable Insights**
- Monitor: Track DNS and network behavior for anomalies, given the subnetβs mixed risk profile.
- Mitigate: Ensure cloud server (OVH) is configured with strict firewall rules and updated security policies.
- Verify: Cross-check DNS records (`proxy-uk005-san202.ahrefs.net`) for potential misconfigurations or misuse.
Conclusion: This IP is a legitimate cloud server operated by Ahrefs, with no immediate malicious indicators. However, its subnet contains a moderate risk of abuse, warranting continued monitoring. No urgent mitigation is required, but security best practices for cloud infrastructure should be enforced.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk005-san202.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san202.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 09:25:08 UTC |
| Last Seen | 2026-06-28 07:20:09 UTC |
| Profile Built | 2026-06-29 01:25:29 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.