54.39.0.18
IP Intelligence Briefing: 54.39.0.18
Date: 2026-06-15
---
**1. Risk Profile**
- Overall Risk Score: 40 (Moderate Risk)
- Provider/Organization: OVH (AS16276) β Ahrefs Pte Ltd (netname: OVH-CUST-281059683)
- Geolocation: Canada (QC, Beauharnois)
- Network Role: Cloud compute infrastructure (OVH hosting)
- Threat Indicators: No direct malicious activity detected (no blacklisted domains, spam, or known attacker flags).
---
**2. Observation History**
- Recent Activity (June 2026):
- Subnet abuse density: 0.581 (high abuse risk).
- DNSSEC validation: Valid.
- BGP route stability: Unstable (route changes detected).
- No open ports or TLS certificates observed.
---
**3. Network Relationships**
- Subnet: 54.39.0.0/24
- Key Associations:
- Linked to OVH-CUST-281059683 (same network).
- DNS PTR record: `proxy-ca004-san18.ahrefs.net` (Ahrefs infrastructure).
- Neighbor Risk: Subnet has 147 threat siblings (253 total IPs), with 89 medium-risk and 11 low-risk IPs.
---
**4. Threat Context**
- Subnet Abuse: High abuse density (0.581) suggests potential compromise or malicious activity in the subnet.
- Cloud Infrastructure: Likely part of a legitimate cloud service (OVH), but route instability and high neighbor risk warrant closer monitoring.
- DNS Activity: No malicious domains or email authentication (SPF/DKIM) detected.
---
**5. Recommended Actions**
1. Monitor Subnet: Investigate high-risk neighbors (54.39.0.0/24) for suspicious activity.
2. Verify Ownership: Confirm if the IP is part of Ahrefs' legitimate infrastructure or misconfigured cloud assets.
3. Block High-Risk Neighbors: Consider firewall rules to isolate or block IPs with elevated risk scores.
4. Check BGP Stability: Collaborate with OVH to address route instability in the subnet.
---
Note: No direct malicious indicators found, but the subnetβs high abuse density and unstable routing suggest elevated risk. SOC teams should prioritize monitoring and containment strategies for the broader network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca004-san18.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san18.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:58:04 UTC |
| Last Seen | 2026-06-28 14:34:53 UTC |
| Profile Built | 2026-06-29 02:38:38 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.