54.38.147.217📋 Copy

IP Intelligence Briefing: 54.38.147.217

Date: 2026-06-14

---

**1. Core Profile**

• Risk Score: 25 (Low Risk)
• Provider: OVH (ASN 16276)
• Organization: Ahrefs Pte Ltd (Dmytro)
• Geolocation: London, England, UK (GeoPlausible: False)
• Network Role: Hosting provider (CloudCompute)
• Threat Indicators: No malicious activity detected (no blacklists, campaigns, or DNS anomalies).

---

**2. Observation History**

• Last 30 Days: Consistently classified as "Minimal Risk" (Operator Score: 0.2174).
• Key Trends:

- No significant changes in geolocation, DNS, or threat signals.

- Subnet (54.38.147.217/24) shows moderate abuse density (0.4297), with 110/256 IPs flagged as "threat siblings."

---

**3. Relationships**

• Network: Linked to OVH subnet OVH_282347341 (same /24 subnet).
• DNS: Resolves to `proxy-uk005-san217.ahrefs.net` (Ahrefs Pte Ltd).
• Certificates: No TLS certificates or DNSSEC validation anomalies.

---

**4. Neighborhood Analysis**

• Subnet: 54.38.147.217/24 (256 IPs).
• Risk Distribution:

- Low Risk: 66 IPs (avg. score: 25).

- Medium Risk: 34 IPs (avg. score: 40).

- High Risk: 0 IPs.

• Abuse Density: 42.97% of siblings show suspicious behavior (e.g., spam, C2, or phishing).

---

**5. Recommendations**

• Monitor Subnet: Track new high-risk IPs in the 54.38.147.0/24 range.
• Verify Hosting: Confirm Ahrefs Pte Ltd’s compliance with hosting security standards.
• Check DNS: Ensure `proxy-uk005-san217.ahrefs.net` is not associated with malicious domains.
• Firewall Rules: Consider blocking high-risk neighbors if traffic patterns suggest lateral movement.

---

Conclusion: The IP itself is low risk, but its subnet exhibits moderate abuse density. SOC teams should prioritize monitoring the broader network for emerging threats while ensuring the IP’s hosting environment remains secure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.