54.38.147.28
# IP INTELLIGENCE BRIEFING
Target IP: 54.38.147.28/32
Date: 2026-06-20
Classification: Moderate Risk (Score: 40/100)
---
## EXECUTIVE SUMMARY
IP address 54.38.147.28 is assigned to OVH (ASN 16276) under Ahrefs Pte Ltd Dmytro. The IP resolves to a UK-based cloud compute infrastructure (London, England) associated with the ahrefs.net domain. While no direct malicious indicators were observed, the IP exhibits elevated neighborhood risk within its /24 subnet and maintains a single DNSBL listing. Recommended for blocking at perimeter controls.
---
## OWNERSHIP AND INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Provider** | OVH (ASN 16276) |
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **Network** | OVH_282347341 |
| **Geolocation** | GB/England/London |
| **Infrastructure** | CloudCompute |
| **IP Type** | Hosting/Cloud |
The IP is part of the 54.38.0.0/16 BGP prefix with route stability marked as false. DNS resolution confirms the hostname proxy-uk005-san28.ahrefs.net.
---
## THREAT INDICATORS
- Risk Score: 40 (Moderate)
- DNSBL Listings: 1 of 8 total lists
- Threat Classification: No known attacker, spam source, or Tor exit node
- Abuse Confidence: Not explicitly scored
- Blacklist Count: 0 (direct)
- Control Plane Risk: Operator score 0.2174 (Minimal)
The IP shows no active threat indicators in current feeds, but maintains a single high-severity DNSBL listing observed during recent scans.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 54.38.147.0/24
Abuse Density: 0.668 (High)
Classification: high_abuse
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 204 |
| Threat Siblings | 171 |
| Inherited Risk | 26 |
The subnet exhibits elevated abuse activity. Risk distribution across the /24 shows 44 medium-risk and 56 low-risk neighbors, with no high-risk siblings directly observed. The target IP's neighborhood classification suggests correlation with broader subnet-level abuse patterns.
---
## OBSERVATION HISTORY
Total Observations: 19
Recent signals indicate:
- Operator Score: 0.2174 (Minimal) as of 2026-06-20
- DNSBL Listing: High severity listing observed during 2026-06-15 scan
- Domain Resolution: ahrefs.net with CAA records present
- Network Signals: Consistent routing and ownership patterns
No persistent malicious behavior detected. Threat persistence days: 0.
---
## RELATIONSHIPS
Total Relationships: 43
Primary: Same Network (OVH_282347341)
Multiple network-level relationships identified to the same OVH infrastructure block. No organizational or certificate-level relationships beyond network association.
---
## SERVICE ANALYSIS
- Open Ports: None detected
- HTTP/HTTPS: No services responding
- TLS Certificate: None
- Banner: None
- Status: Firewalled / No Services
The IP presents no active service vectors for exploitation.
---
## RECOMMENDED ACTIONS
Based on risk assessment and neighborhood correlation, the following firewall rules are recommended:
Network Perimeter
- iptables: `iptables -A INPUT -s 54.38.147.28 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 54.38.147.28 drop`
Application Layer
- nginx: `deny 54.38.147.28;`
- pfSense: `54.38.147.28/32`
- Cloudflare WAF: Block IP with expression `ip.src eq 54.38.147.28`
- AWS WAF: Add address `54.38.147.28/32` with description "IPDebrief risk 40"
Note: These recommendations should be combined with additional threat intelligence signals before implementation.
---
## ASSESSMENT
IP 54.38.147.28 represents a moderate-risk cloud infrastructure asset under OVH hosting. While no direct malicious activity was observed, the high-abuse classification of its /24 subnet warrants defensive blocking. The IP's association with legitimate hosting infrastructure (ahrefs.net) suggests potential for legitimate use, but the DNSBL listing and neighborhood risk profile justify conservative blocking at network perimeter controls.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san28.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san28.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 05:45:10 UTC |
| Last Seen | 2026-06-28 11:30:13 UTC |
| Profile Built | 2026-06-29 05:34:50 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.