54.39.0.36
IP Intelligence Briefing: 54.39.0.36
*Generated via IPDebrief Analysis*
---
**Risk Profile**
- Overall Risk Score: Moderate (40/100)
- Provider: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- Geolocation: Canada (QC, Beauharnois)
- Network Role: Cloud compute instance (OVH-hosted)
---
**Threat Indicators**
- Malicious Activity: No direct threats detected (no malware, phishing, or known attacker indicators).
- DNSBL Listings: Listed in 8 DNSBLs (medium severity), suggesting potential abuse but no confirmed malicious activity.
- Subnet Abuse: Subnet 54.39.0.0/24 has a high abuse density (0.55), with 137 of 249 IPs flagged as threats.
---
**Observation History**
- Recent Activity:
- Subnet abuse density and risk classification updated on 2026-06-03.
- DNS records resolved to `ahrefs.net` (CAA validation confirmed).
- No persistent threats or campaign correlations detected.
---
**Network Relationships**
- Linked Entities:
- Subnet OVH-CUST-281059683 (same network).
- DNS hostname: `proxy-ca004-san36.ahrefs.net`.
- Parent organization: Ahrefs Pte Ltd (OVH customer).
---
**Neighborhood Analysis**
- Subnet: 54.39.0.0/24 (256 IPs).
- Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 89 IPs
- Low Risk: 11 IPs
- Neighbor Risks: 137 IPs in the subnet are flagged as threats.
---
**Actionable Insights**
1. Monitor Subnet Activity: The high abuse density in 54.39.0.0/24 warrants closer scrutiny.
2. Verify DNS Listings: Investigate DNSBL entries for potential abuse (e.g., open resolvers, spam).
3. Check Ahrefs Context: Confirm if the OVH-hosted IP is part of legitimate Ahrefs infrastructure or compromised.
4. Isolate High-Risk Neighbors: Segment or block IPs with high risk scores in the same subnet.
---
Conclusion: While 54.39.0.36 itself is not malicious, its subnet exhibits significant abuse. SOC teams should prioritize monitoring related IPs and validating the legitimacy of Ahrefs' cloud infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca004-san36.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san36.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:28 UTC |
| Last Seen | 2026-06-27 08:03:53 UTC |
| Profile Built | 2026-06-28 02:10:04 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.