54.39.0.253
IP Intelligence Briefing: 54.39.0.253
Date: June 14, 2026
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership: Registered to OVH-CUST-281059683 (Ahrefs Pte Ltd, OVH).
- Geolocation:
- Country: Canada (QC, Beauharnois).
- Validation: Geo-plausibility failed (RTT discrepancy: 26ms vs. expected 112.6ms for 5629km).
- Network Role:
- Cloud Hosting: Part of OVH's cloud infrastructure.
- Subnet: 54.39.0.0/24 (abuse density: 56%, inherited risk: 22).
- Threat Indicators:
- No direct malicious activity (no indicators, blacklists, or campaigns).
- Subnet Risk: High abuse density (140/250 siblings flagged).
---
**2. Observation History**
- Recent Activity (June 14, 2026):
- Geolocation signal with low confidence (0.18).
- Network classification as "high_abuse" subnet.
- Longer-Term Trends:
- No persistent malicious signals (threat persistence: 0 days).
- Single observation of subnet abuse density (June 5, 2026).
---
**3. Network Relationships**
- Key Links:
- OVH-CUST-281059683 (same network).
- Domain: `proxy-ca004-san253.ahrefs.net` (DNS PTR record).
- Hosting: Likely part of Ahrefs' cloud infrastructure.
---
**4. Neighborhood Analysis**
- Subnet: 54.39.0.0/24.
- Risk Distribution:
- 89 IPs flagged as medium risk (score β₯ 40).
- 11 IPs flagged as low risk.
- Abuse Density: 56% (high risk subnet).
---
**5. Recommendations**
- Monitor Subnet: High abuse density in 54.39.0.0/24 suggests potential for malicious activity. Investigate neighboring IPs with elevated risk scores.
- Verify Geolocation: Discrepancy in RTT vs. distance may indicate spoofing or misconfigured routing.
- Check Hosting Provider: Confirm Ahrefs' infrastructure for any known security incidents.
- DNS Monitoring: Track `proxy-ca004-san253.ahrefs.net` for unusual DNS behavior or CNAME changes.
Conclusion: While the IP itself shows no direct malicious activity, its subnetβs high abuse density warrants closer scrutiny. SOC teams should prioritize monitoring related IPs and ensuring network segmentation to mitigate potential lateral movement risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca004-san253.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san253.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-09 22:11:22 UTC |
| Last Seen | 2026-06-27 16:44:25 UTC |
| Profile Built | 2026-06-28 10:49:56 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.