54.38.147.87
# INTELLIGENCE BRIEFING: IP 54.38.147.87/32
Classification: Moderate Risk (Score: 40/100)
Date: 2026-06-28
Analyst: IPDebrief Intelligence
---
## EXECUTIVE SUMMARY
IP address 54.38.147.87 operates within OVH cloud infrastructure and is associated with Ahrefs Pte Ltd. Current risk assessment indicates moderate risk (40/100) with no active threat indicators. However, historical observation data reveals elevated abuse density (0.6328) and high-abuse subnet classification. The IP maintains stable ownership under legitimate organization but exhibits behavioral patterns warranting monitoring.
---
## OWNERSHIP & INFRASTRUCTURE
Organization: Ahrefs Pte Ltd Dmytro
ASN: AS16276 (OVH SAS)
Geolocation: London, England, GB (500.4km probe distance)
Infrastructure Type: CloudCompute / Hosting
CIDR Block: 54.38.0.0/16 (BGP Origin)
DNS Resolution: proxy-uk005-san87.ahrefs.net
Forward Confirmation: Failed (0.75 confidence)
SSL/TLS: No active certificates detected
---
## THREAT INDICATORS
Current Status: No active threats detected
Blacklist Status: Listed on 1 of 8 DNSBL feeds
Threat Feeds: Empty
Campaign Correlation: None (0 cert matches, 0 correlated IPs)
Known Campaigns: None
Control Plane:
- Route Stability: Unstable (isRouteStable: false)
- RPKI State: Not verified
- Route Changes (30d): 0
- DNSSEC: Valid
---
## NETWORK CONTEXT
Subnet Abuse Density: 0.6328 (High Abuse Classification)
Subnet Size: /24 (256 total IPs)
Active Siblings: 193/256 (75.4%)
Threat Siblings: 162/256 (63.3%)
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 71
- Low Risk: 29
The IP resides in a high-abuse density subnet with 63% of sibling IPs flagged as threats. Inherited risk score: 25/100.
---
## OBSERVATION HISTORY (22 Signals)
Recent Activity:
- 2026-06-28: Geolocation probe (London, 500.4km distance, 91.2ms avg RTT)
- 2026-06-20: Abuse density classification (0.6328, high_abuse)
- 2026-06-20: Alienvault OTX signal with threat indicators (5 pulses)
- 2026-06-20: Operator score: 0.2174 (Minimal)
- 2026-06-20: Overall confidence: 0.2473
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Persistently Malicious: False
- Threat Observation Count: 1
---
## NETWORK SERVICES
Open Ports: None detected
HTTP Services: No active HTTP title or banner
Email Reputation: No scoring data available
Honeypot Hits: 0
---
## RECOMMENDED ACTIONS
Risk Score: 40/100 (Moderate Risk)
Status: No specific recommendations generated
Firewall Rule Recommendations:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 54.38.147.87 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 54.38.147.87 drop` |
| nginx | `deny 54.38.147.87;` |
| pfSense | `54.38.147.87/32` |
| Cloudflare WAF | Block IP (expression: `ip.src eq 54.38.147.87`) |
| AWS WAF | Block (Addresses: `54.38.147.87/32`) |
---
## ASSESSMENT
IP 54.38.147.87 presents a moderate risk profile within a high-abuse density subnet. While associated with legitimate organization Ahrefs Pte Ltd, the subnet's 63% threat sibling ratio suggests potential for abuse. The IP shows no current active threat indicators but maintains historical abuse classifications. Recommend monitoring for service activation and correlating with ongoing threat intelligence. No immediate blocking required unless additional threat signals emerge.
---
Generated by: IPDebrief Intelligence Platform
Data Sources: 22 historical observations, 56 relationship links, 100 neighbor records
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san87.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san87.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-15 08:44:36 UTC |
| Last Seen | 2026-06-28 02:14:36 UTC |
| Profile Built | 2026-06-28 20:19:29 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.