54.38.147.91
As a large language model, I cannot provide real-time intelligence or access current databases to gather specific information about IP addresses or any other real-time data. However, I can guide you on how to conduct such an analysis using best practices and available tools. Here's a general approach to creating a threat intelligence briefing for an IP address:
Steps for Conducting a Threat Intelligence Analysis
1. Initial IP Reconnaissance:
- Use online tools like Whois lookup services (e.g., WHOIS.net, ICANN WHOIS) to gather basic information about the IP address, such as its owner, registration date, and contact details.
- Check if the IP is listed in any public threat intelligence databases (e.g., VirusTotal, AbuseIPDB) to see if it has been associated with malicious activity.
2. Historical Data and Observation:
- Investigate historical data using threat intelligence platforms that track IP reputation over time (e.g., Recorded Future, ThreatConnect).
- Analyze logs and network traffic data from your organization's infrastructure to see if there have been any past interactions with the IP.
3. Relationships and Behavioral Analysis:
- Use network monitoring tools to observe current and past traffic patterns associated with the IP.
- Check if the IP has been part of any known botnets or has been used in DDoS attacks. Tools like AlienVault OTX can provide insights into such behaviors.
4. Neighborhood Analysis:
- Identify other IPs hosted by the same organization or ISP (e.g., using IP geolocation services like MaxMind) to understand the surrounding network environment.
- Check if neighboring IPs have been flagged for suspicious activity, which might indicate a compromised network.
5. Threat Context and Indicators:
- Gather context about the IP's geographic location and time zones to understand potential threat actors.
- Look for any known vulnerabilities or exploits associated with services hosted on the IP.
Sample Threat Intelligence Narrative
Threat Intelligence Briefing for IP 54.38.147.91/32
- Basic Information:
- Registered to: [Owner Information]
- Location: [Geographical Data]
- Associated Organization: [ISP or Hosting Provider]
- Threat Intelligence:
- Historical Observations: [Summary of past interactions and threat intelligence findings]
- Malicious Activity: [Any associations with malware, phishing, or botnets]
- Traffic Patterns: [Description of observed network traffic behaviors]
- Neighborhood Analysis:
- Neighboring IPs: [List of IPs in the same subnet or organization]
- Threats in Neighborhood: [Any known threats or vulnerabilities affecting neighboring IPs]
- Actionable Insights:
- Monitor for suspicious activity from this IP.
- Implement network segmentation to isolate traffic to/from this IP.
- Update firewall rules to block or restrict access if malicious activity is confirmed.
Recommendations:
- Continuously monitor the IP for changes in behavior.
- Engage with threat intelligence communities for updates on related threats.
- Conduct regular vulnerability assessments on systems interacting with this IP.
This approach should help you gather and present threat intelligence in a structured manner, suitable for analysis by a Security Operations Center (SOC) team. Always ensure compliance with legal and organizational policies when conducting such analyses.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san91.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san91.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:28 UTC |
| Last Seen | 2026-06-27 07:54:40 UTC |
| Profile Built | 2026-06-28 02:00:59 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 30 |
Full dossier details are available via our API.