54.39.0.164
## IP Intelligence Briefing: 54.39.0.164/32
Classification: Moderate Risk | Date: 2026-06-16
---
Executive Summary
IP 54.39.0.164 is a cloud hosting infrastructure address assigned to OVH (ASN 16276) under organizational control of Ahrefs Pte Ltd. The IP shows no direct threat indicators but operates within a high-abuse density subnet (0.7109). No open services detected; classified as firewalled backend infrastructure.
---
Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **CIDR Block** | 54.39.0.0/24 |
| **Country/Region** | Canada (QC, Beauharnois) |
| **Infrastructure Type** | CloudCompute, Hosting |
| **DNS Hostname** | proxy-ca004-san164.ahrefs.net |
| **Primary Domain** | ahrefs.net |
---
Risk Assessment
- Overall Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not reported
- Blacklist Count: 0
- Known Campaigns: None identified
- Tor Exit Node: False
- Known Attacker: False
- Spam Source: False
Control Plane Indicators:
- DNSSEC Valid: True
- Has CAA Record: True
- Operator Score: 0.2174 (Minimal)
- DNSBL Listed: 1 of 8 total lists
---
Neighborhood Analysis
Subnet: 54.39.0.0/24
- Abuse Density: 0.7109 (High Abuse Classification)
- Total Siblings: 256
- Active Siblings: 212
- Threat Siblings: 182
- Inherited Risk Score: 28
The IP resides in an OVH-hosted subnet with elevated abuse activity. However, the target IP shows no direct malicious indicators, suggesting it is legitimate backend infrastructure in a high-density hosting environment.
---
Service & Port Scan Results
- Open Ports: None detected
- HTTP/HTTPS Services: No active services exposed
- TLS Certificates: None
- Server Banner: None
- Connection Type: Firewalled / No Services
---
Temporal Observations
- Ownership Changes: 0
- Threat Observation Count: 1
- Threat Persistence Days: 0
- Is Persistently Malicious: False
- Route Stability: False
Recent observations (2026-06-16) confirm consistent abuse density metrics and operator scoring. Geolocation data consistently resolves to Canada with moderate confidence (0.35).
---
Network Relationships
- Network Association: Multiple "Same Network" relationships to OVH-CUST-281059683
- DNS Associations: 18+ hostname relationships to proxy-ca004-san164.ahrefs.net
- Traceroute: 17 hops, 6 timed out, transit via Comcast
---
Recommended Actions
1. Allow List Consideration: IP shows no direct threat indicators and is associated with legitimate Ahrefs infrastructure. Monitor rather than block.
2. Neighborhood Monitoring: The /24 subnet shows high abuse density (0.7109). Monitor adjacent IPs for correlated activity.
3. Traffic Analysis: No open ports detected. If this IP appears in traffic logs, verify it matches expected Ahrefs service patterns.
4. Baseline: Risk score of 40 with no blacklist listings. Treat as low-priority unless traffic patterns indicate compromise.
---
Conclusion
This IP is legitimate cloud hosting infrastructure for Ahrefs operations with no evidence of malicious activity. The elevated neighborhood abuse score reflects OVH's multi-tenant hosting model rather than specific IP compromise. SOC teams may safely allow traffic while monitoring for anomalous patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca004-san164.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san164.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 18% | 9 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-26 00:51:01 UTC |
| Last Seen | 2026-06-29 02:34:00 UTC |
| Profile Built | 2026-06-29 02:42:00 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.