54.38.147.215
IP Intelligence Briefing: 54.38.147.215
*Generated via IPDebrief Threat Intelligence Platform*
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership: Owned by Ahrefs Pte Ltd Dmytro (ASN 16276, OVH provider).
- Geolocation: Located in London, England (GB), inferred via DNS and network signals.
- Network Role: Cloud compute instance (OVH infrastructure), no open services detected.
- Threat Indicators: No malicious activity detected (no malware, phishing, or exploit campaigns).
---
**2. Observation History**
- Recent Activity (June 9, 2026):
- Resolved to proxy-uk005-san215.ahrefs.net (DNS association).
- Geolocation inferred with 0.28 confidence (low certainty).
- Subnet abuse density analysis (54.38.147.215/24) shows 0.5039 abuse density (high-risk subnet).
---
**3. Network Relationships**
- DNS Associations:
- Linked to proxy-uk005-san215.ahrefs.net (Ahrefs subdomain).
- Network Connections:
- Part of OVH network OVH_282347341 (ASN 16276).
- Subnet 54.38.147.215/24 with 166 active IPs, 129 flagged as threats.
---
**4. Subnet Analysis**
- Abuse Density: 50.39% (high-risk subnet).
- Neighbor Risk Distribution:
- 78 IPs with medium risk (25โ40), 22 IPs with low risk.
- No direct malicious IPs in immediate vicinity, but subnet-wide risk is elevated.
---
**5. Recommendations**
- Monitor Subnet: High abuse density suggests potential for lateral movement or compromised hosts.
- Verify DNS: Confirm legitimacy of proxy-uk005-san215.ahrefs.net via Ahrefs security team.
- Network Segmentation: Consider isolating cloud compute instances to limit exposure.
- Threat Intelligence Feeds: Add to monitoring lists for OVH ASN 16276 and subnet 54.38.147.0/24.
---
Conclusion: The IP is associated with a legitimate cloud provider (OVH) and appears to be a benign Ahrefs subdomain. However, its subnet exhibits high abuse density, warranting closer scrutiny. SOC teams should prioritize monitoring network behavior and validate DNS associations to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san215.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san215.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:26 UTC |
| Last Seen | 2026-06-28 17:55:29 UTC |
| Profile Built | 2026-06-29 05:58:40 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.