54.38.147.247
# IP INTELLIGENCE BRIEFING
Target: 54.38.147.247/32
Classification: Cloud Infrastructure
Risk Level: Moderate (Score: 40/100)
Report Date: 2026-06-20
Status: Active Monitoring Required
---
## EXECUTIVE SUMMARY
IP 54.38.147.247 belongs to OVH cloud infrastructure and is associated with Ahrefs Pte Ltd. The IP operates from London, England with a moderate risk profile. While the endpoint shows no open services and is actively firewalled, the subnet exhibits elevated abuse density. SOC teams should monitor this IP for lateral threat activity within the 54.38.147.0/24 range.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Provider** | OVH (CloudCompute) |
| **Network** | 54.38.0.0/16 |
| **Location** | London, England, GB |
| **Infrastructure** | Cloud Hosting |
| **Services** | Firewalled/No Services |
| **PTR Hostname** | proxy-uk005-san247.ahrefs.net |
| **Domain** | ahrefs.net |
---
## THREAT INDICATORS
- Risk Score: 40/100 (Moderate)
- Abuse Confidence: Not flagged as known attacker/spam source
- Blacklist Status: 0 blacklists (1 DNSBL listing out of 8)
- Tor Exit Node: No
- Known Campaigns: None identified
- Threat Feeds: No matches
---
## NEIGHBORHOOD ANALYSIS
The /24 subnet (54.38.147.0/24) demonstrates concerning abuse patterns:
- Abuse Density: 0.5391 (High)
- Total Subnet Size: 256 IPs
- Active IPs: 182
- Threat IPs: 138
- Classification: High Abuse
- Inherited Risk Score: 21
Neighboring IP risk scores cluster in the 40-50 range, indicating systemic subnet risk rather than isolated endpoint behavior. This pattern suggests the subnet may be shared infrastructure or co-located with other services.
---
## OBSERVATION HISTORY
The IP shows 21 historical observations with consistent patterns:
Recent Signals (June 2026):
- CAA records present and validated
- DNSSEC validation active
- Geographic location confirmed as GB with 28% confidence
- Operator score: 0.2174 (Minimal operator risk)
Temporal Indicators:
- No ownership changes recorded
- Zero threat persistence days
- Not persistently malicious
- Stable routing configuration
---
## NETWORK RELATIONSHIPS
The IP maintains multiple relationships with:
- Same Network: OVH_282347341 (36 relationship instances)
- Network Classification: Cloud infrastructure within OVH provider ecosystem
---
## RECOMMENDED ACTIONS
For SOC Teams:
1. Monitor Subnet Activity: Flag all 54.38.147.x traffic for anomaly detection due to high abuse density (0.5391)
2. Baseline Traffic: Establish normal traffic patterns for this IP to distinguish legitimate Ahrefs activity from abuse
3. Correlate with Threat Intel: Monitor for connections to known malicious IPs from the same subnet (138 threat siblings identified)
For Network Defense:
```
# Recommended firewall rule (nftables example)
# Monitor rather than block due to legitimate cloud infrastructure presence
nft add rule ip filter input ip saddr 54.38.147.247 log prefix "monitor-ahrefs-54.38.147.247"
```
For Threat Hunting:
- Investigate any traffic from this IP to/from known malicious destinations
- Monitor for unusual outbound connections from the subnet
- Review historical threat activity from other 54.38.147.x addresses for correlation
---
## CONCLUSION
54.38.147.247 is legitimate OVH cloud infrastructure associated with Ahrefs, operating from London. The moderate risk score (40) and high subnet abuse density warrant monitoring but do not indicate immediate threat. Focus efforts on correlating subnet-wide activity rather than blocking this specific endpoint. Treat as trusted infrastructure with elevated monitoring requirements.
---
Prepared by: IPDebrief Intelligence System
Data Sources: IPDebrief Platform
Confidence Level: High (21 historical observations)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san247.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san247.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:45:10 UTC |
| Last Seen | 2026-06-28 11:29:32 UTC |
| Profile Built | 2026-06-29 05:34:51 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.