54.39.0.254
IP Intelligence Briefing: 54.39.0.254
Date: 2026-06-10
---
**1. Risk Profile**
- Risk Score: 50 (Moderate Risk)
- Provider: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd (OVH-CUST-281059683)
- Geolocation: Canada (QC, Beauharnois)
---
**2. Threat Indicators**
- No direct malicious indicators (no malware, phishing, or C2 activity).
- DNS Associations: Linked to `proxy-ca004-san254.ahrefs.net` (Ahrefs infrastructure).
- Network Role: CloudCompute (OVH-hosted, no public services).
---
**3. Observation History**
- Recent Activity (2026-06-10):
- DNS resolution for `proxy-ca004-san254.ahrefs.net`.
- Network prefix `54.39.0.0/16` registered to OVH (arin).
- No recent threats or abuse reports.
---
**4. Relationships**
- Subnet: `54.39.0.0/24` (OVH-owned).
- Connected Entities:
- Ahrefs Pte Ltd (OVH customer).
- DNS hostname `proxy-ca004-san254.ahrefs.net`.
---
**5. Neighborhood Analysis**
- Subnet Abuse Density: 0.2783 (low risk).
- Neighboring IPs:
- 94 active IPs in the subnet.
- 64 flagged as high/medium risk (likely OVH customers).
- Inherited Risk: 11 (moderate).
---
**6. Recommended Actions**
- Firewall Rules (Example):
- `iptables -A INPUT -s 54.39.0.254 -j DROP`
- AWS WAF: Block `54.39.0.254/32` with description "IPDebrief risk 50".
- Monitoring:
- Track DNS activity for `proxy-ca004-san254.ahrefs.net`.
- Monitor for unusual traffic patterns in the `54.39.0.0/24` subnet.
---
**7. Summary**
The IP `54.39.0.254` is part of OVH's infrastructure, associated with Ahrefs Pte Ltd. While no direct threats are detected, its moderate risk score and connection to a DNS hostname suggest it should be monitored for potential misuse. Firewalls should block this IP unless confirmed as legitimate.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca004-san254.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san254.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 26% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 25% | 12 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 18:30:52 UTC |
| Last Seen | 2026-06-28 22:59:13 UTC |
| Profile Built | 2026-06-29 05:02:59 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 27 |
Full dossier details are available via our API.