54.38.147.82
# IP INTELLIGENCE BRIEFING: 54.38.147.82/32
Date: 2026-06-19
Classification: Moderate Risk
Risk Score: 40/100
---
## EXECUTIVE SUMMARY
IP 54.38.147.82 is a cloud infrastructure address hosted on OVH SAS infrastructure (ASN 16276) with moderate overall risk. The IP belongs to a high-abuse subnet (54.38.147.0/24) showing elevated threat activity across sibling addresses. While the target IP itself shows no active threat indicators, its subnet context warrants defensive consideration.
---
## TECHNICAL PROFILE
Ownership & Network:
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- Infrastructure Type: CloudCompute
- Registration: ARIN
Geolocation:
- Country: GB (England, London)
- GeoConsensus: False (minor inconsistency detected)
- Accuracy Radius: 750km
- Min RTT: 91ms | Avg RTT: 93.2ms
DNS Resolution:
- PTR: proxy-uk005-san82.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- DNSBL Listings: 1/8 total lists
---
## THREAT ASSESSMENT
Current Risk Level: Moderate (Score: 40)
Threat Indicators:
- No known attack campaigns
- Not a Tor exit node or known attacker
- No spam source classification
- 0 blacklist entries (current profile)
Control Plane Analysis:
- Route Stability: False
- DNSSEC Valid: Yes
- RPKI State: Unknown
- IRR Consistency: Unknown
Subnet Context (54.38.147.0/24):
- Abuse Density: 0.5039 (High Abuse Classification)
- Total Siblings: 256
- Active Siblings: 168
- Threat Siblings: 129 (50% of active addresses)
- Inherited Risk Score: 20
---
## OBSERVATION HISTORY
Analysis Period: 28 observations tracked
Notable Trends:
- Subnet abuse density fluctuated between 0.5039 and 0.625
- Classification remained consistently "high_abuse"
- One historical observation (2026-06-14) showed French (FR) geolocation from alienvault-otx, indicating potential routing anomalies
- Operator score: 0.2174 (Minimal)
- Threat persistence: 0 days (not persistently malicious)
---
## NETWORK RELATIONSHIPS
Identified Relationships: 88 total
- Primary: Same Network (OVH_282347341) - 83+ instances
- No certificate or hostname relationships beyond network-level
- No organization-level correlations
---
## SERVICE ANALYSIS
Open Ports: None detected
Service Purpose: Firewalled / No Services
TLS Certificate: None
HTTP Title: None
Server Banner: None
The IP appears to be a reserved or firewall-protected address with no publicly exposed services.
---
## RECOMMENDED ACTIONS
Primary Recommendation: Monitor or Block (context-dependent)
Firewall Rules Generated:
- iptables: `iptables -A INPUT -s 54.38.147.82 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 54.38.147.82 drop`
- nginx: `deny 54.38.147.82;`
- pfSense: `54.38.147.82/32`
- Cloudflare WAF: Block with expression `ip.src eq 54.38.147.82`
- AWS WAF: Block IP 54.38.147.82/32
Additional Context:
- No specific attack vectors identified against this IP
- Block decision should consider organizational policy and threat intelligence context
- Consider monitoring the /24 subnet for correlated activity given high abuse density
---
## ANALYST NOTES
This IP warrants attention primarily due to subnet-level risk context rather than individual threat indicators. The high-abuse classification of the /24 subnet, with 129 threat siblings, suggests this infrastructure segment is actively exploited. While the target IP itself shows no active malicious behavior, defensive positioning may be justified depending on threat scenario. The geographic inconsistency (GB primary, FR historical) indicates potential routing complexity or abuse patterns that warrant continued observation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san82.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san82.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 17% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 21% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:12:10 UTC |
| Last Seen | 2026-06-27 17:13:37 UTC |
| Profile Built | 2026-06-28 11:19:51 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.