54.39.0.196
IP Intelligence Briefing: 54.39.0.196
Date: 2026-06-11
---
**1. Risk Profile**
- Overall Risk: Moderate (Risk Score: 50/100)
- Provider/Authority Scores: 0/100 (no provider score available)
- Network Classification: Cloud Compute (OVH-hosted, high_abuse subnet)
- Threat Indicators: No direct malicious activity detected (no blacklists, spam, or known attacker flags).
---
**2. Ownership & Geolocation**
- Registrar: OVH (ASN 16276, Ahrefs Pte Ltd)
- CIDR Block: 54.39.0.0/24
- Geolocation:
- Country: Singapore (CA/SG discrepancy in data)
- Region: Quebec (possibly data inconsistency)
- Coordinates: Unavailable (null values noted).
---
**3. Network Behavior**
- Subnet Abuse Density: 52.61% (high_abuse classification)
- Neighbor Risk:
- 131/249 sibling IPs flagged as threats.
- 87 medium-risk neighbors, 13 low-risk.
- Inherited Risk: 21 (substantial exposure due to subnet activity).
---
**4. Threat Observations**
- Recent Activity:
- Observed on June 11, 2026 (low confidence, 0.35).
- Subnet abuse density noted on June 1, 2026 (0.5261).
- Historical Trends: No persistent malicious activity detected.
---
**5. Relationships & DNS**
- Linked Entities:
- DNS hostname: `proxy-ca004-san196.ahrefs.net` (Ahrefs infrastructure).
- Same network: OVH-CUST-281059683 (Ahrefs Pte Ltd).
- Email/Domain Security: No SPF/DMArc records detected.
---
**6. Security Recommendations**
- Monitor Subnet: High abuse density suggests potential compromise.
- Restrict Access: Consider firewall rules to block traffic from this subnet unless explicitly required.
- Verify Geolocation: Discrepancies in location data may indicate spoofing or misconfigured resources.
- Investigate Ahrefs Infrastructure: Confirm if this IP is part of legitimate cloud services or a compromised network.
---
Conclusion: While the IP itself is not malicious, its subnet exhibits significant abuse activity. SOC teams should prioritize monitoring and isolating this network segment to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca004-san196.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san196.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-26 06:51:29 UTC |
| Last Seen | 2026-06-29 02:55:16 UTC |
| Profile Built | 2026-06-29 08:58:41 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.