54.38.147.94
# IP INTELLIGENCE BRIEFING: 54.38.147.94/32
Classification: Low Risk / Legitimate Infrastructure
Date: Current Analysis
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP address 54.38.147.94 is a low-risk, cloud-compute infrastructure endpoint owned by Ahrefs Pte Ltd Dmytro, hosted on OVH UK infrastructure in London, GB. The IP presents no active threat indicators and is classified as legitimate cloud hosting infrastructure. No immediate blocking or mitigation actions are recommended.
---
## RISK ASSESSMENT
| Metric | Value | Assessment |
|---|---|---|
| Risk Score | 25 | Low Risk |
| Provider Score | 0 | Neutral |
| Authority Score | 0 | Neutral |
| Reputation | Low Risk | Clean |
| Abuse Confidence | Not Applicable | Legitimate Use |
Overall Classification: Legitimate cloud infrastructure with no active threat indicators.
---
## INFRASTRUCTURE PROFILE
Ownership & Network:
- ASN: 16276 (OVH)
- Organization: Ahrefs Pte Ltd Dmytro
- Network Block: 54.38.0.0/16
- Registration: ARIN
- Infrastructure Type: Cloud Compute / Hosting
- Location: London, England, GB (Europe/London timezone)
DNS Resolution:
- PTR Hostname: proxy-uk005-san94.ahrefs.net
- Forward Resolution: ahrefs.net
- DNSSEC: Valid
- CAA Records: Present
Network Classification:
- Cloud Environment: Yes
- CDN: No
- VPN: No
- Proxy: No
- TOR Exit: No
- Mobile: No
- Residential: No
---
## THREAT INDICATORS
Active Threat Signals: None Detected
- Threat Indicators: 0
- Known Campaigns: None
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
DNSBL Status:
- Listed on 8 DNSBLs
- DNSBL Listed Count: 1 (high severity listing noted in observation history)
Service Exposure:
- Open Ports: None (Firewalled / No Services)
- TLS Certificate: None exposed
- HTTP Services: None accessible
---
## NEIGHBORHOOD ANALYSIS
Subnet: 54.38.147.0/24
- Total Siblings: 256 IPs
- Active Siblings: 211
- Threat Siblings: 108
- Abuse Density: 0.4219 (moderate)
- Inherited Risk Score: 16
- Classification: Mixed
Risk Distribution in /24 Subnet:
- High Risk: 0 IPs
- Medium Risk: 74 IPs
- Low Risk: 26 IPs
Observation: The subnet shows moderate abuse density typical of shared cloud hosting infrastructure. The target IP (54.38.147.94) maintains a low risk profile despite neighborhood activity.
---
## OBSERVATION HISTORY
Total Observations: 23 signal observations recorded
Recent Activity (June 2026):
- Subnet abuse density monitoring: 0.4219
- DNSBL listing activity: 8 total lists, 1 high severity
- Operator score: 0.087 (Minimal risk classification)
- Route stability: False (indicating some BGP changes)
- Threat persistence: 0 days (not persistently malicious)
Temporal Analysis: No evidence of persistent malicious behavior. Ownership and threat signals remain stable.
---
## RELATIONSHIP GRAPH
Connected Entities: 63 relationships identified
- Primary relationship type: Same Network (OVH_282347341)
- All relationships indicate OVH network infrastructure association
- No anomalous cross-network or suspicious entity relationships detected
---
## SECURITY RECOMMENDATIONS
Current Risk Level: Low (25/100)
Recommended Actions:
1. No blocking required โ IP is classified as legitimate cloud infrastructure
2. Standard monitoring โ Maintain baseline traffic logging
3. No firewall rules โ No specific iptables/nftables rules recommended
4. Contextual review โ Evaluate based on actual traffic patterns and organizational context
Actions Not Recommended:
- IP blocking or rate limiting not warranted given low risk profile
- No WAF rules needed for this endpoint
---
## CONCLUSION
IP 54.38.147.94 represents legitimate cloud hosting infrastructure associated with Ahrefs Pte Ltd Dmytro on OVH UK networks. The IP presents no active threat indicators, maintains a low-risk profile, and is classified as standard cloud compute infrastructure. The moderate abuse density in the surrounding /24 subnet is attributable to shared hosting characteristics rather than malicious activity specific to this endpoint.
Status: Monitor / No Action Required
---
*Report generated by IPDebrief Intelligence Platform. Data sourced from authoritative threat intelligence feeds and real-time network observation.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-uk005-san94.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk005-san94.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:44:43 UTC |
| Last Seen | 2026-06-27 20:32:58 UTC |
| Profile Built | 2026-06-28 14:38:37 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.