IP Intelligence Briefing: 54.39.0.229
Date: 2026-06-09
---
**1. Risk Profile**
- Overall Risk Score: 40 (Moderate)
- Provider: OVH (ASN 16276)
- Organization: Ahrefs Pte Ltd (OVH-CUST-281059683)
- Geolocation: Registered to Canada (QC, Beauharnois), but geo-plausibility flagged due to RTT discrepancy (observed 25ms vs. expected 112.6ms for 5,629km).
- Network Role: Cloud compute instance (OVH Hosting).
---
**2. Threat Indicators**
- No Malicious Activity: No indicators of spam, attacker, or Tor exit node.
- DNS Associations: Linked to `proxy-ca004-san229.ahrefs.net` (Ahrefs domain).
- Subnet Abuse:
- /24 Subnet (54.39.0.0/24): High abuse density (62.45%), with 158 active siblings and 158 threat siblings.
- Inherited Risk: 24 (substantial risk from neighboring IPs).
---
**3. Historical Observations**
- First Seen: 2026-06-09 (1 observation).
- No Persistent Threats: No repeated malicious activity or ownership changes.
---
**4. Network Relationships**
- Shared Network: Part of OVHβs OVH-CUST-281059683 network.
- DNS: Resolves to `proxy-ca004-san229.ahrefs.net` (no email auth records).
---
**5. Neighborhood Analysis**
- Subnet (54.39.0.0/24):
- Total IPs: 253, with 158 active.
- Threat Density: 62.45% (high abuse classification).
- Neighbors: 89 medium-risk IPs, 11 low-risk IPs.
---
**6. Recommended Actions**
- Firewall Rules:
- iptables: `iptables -A INPUT -s 54.39.0.229 -j DROP`
- Cloudflare/WAF: Block IP with rule: `{"action":"block","filter":{"expression":"ip.src eq 54.39.0.229"}}`
- Monitoring:
- Monitor subnet activity due to high abuse density.
- Investigate DNS association with `proxy-ca004-san229.ahrefs.net` for legitimacy.
- Geolocation Discrepancy: Verify if IP is spoofed or residential (no residential flag set).
---
Conclusion:
The IP is associated with a legitimate OVH-hosted cloud instance (Ahrefs) with no direct malicious activity. However, its subnet has high abuse density, suggesting potential risk from neighboring IPs. Block the IP if not required, and monitor subnet activity. No immediate action needed, but vigilance is advised due to the subnetβs risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca004-san229.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san229.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 40% | 3 | 5 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 30% | 12 | 20 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 21:01:06 UTC |
| Last Seen | 2026-06-28 16:33:16 UTC |
| Profile Built | 2026-06-29 04:38:31 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 30 |
Full dossier details are available via our API.