54.39.0.63
IP Intelligence Briefing: 54.39.0.63
Date: 2026-06-01
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Provider: OVH (ASN 16276)
- Ownership: Ahrefs Pte Ltd (OVH-CUST-281059683)
- Geolocation: Canada (QC, Beauharnois), inferred with 3000km accuracy radius.
- Network Role: Cloud Compute (OVH infrastructure, hosting services).
- Threat Indicators: No malicious activity, no blacklists, no known attacker campaigns.
---
**2. Historical Observations**
- Last 30 Days:
- Stable network classification (OVH / CloudCompute).
- Subnet abuse density: 0.48 (mixed risk, 19 inherited risk points).
- No persistent malicious activity or threat persistence.
---
**3. Relationships & DNS**
- DNS Associations:
- PTR hostname: `proxy-ca004-san63.ahrefs.net` (linked to `ahrefs.net`).
- No email authentication records (SPF/DKIM).
- Network Relationships:
- Shares subnet `54.39.0.0/24` with 248 IPs (110 active, 120 threat siblings).
- Same ASN (OVH) and provider across all siblings.
---
**4. Neighborhood Analysis**
- Subnet: `54.39.0.0/24`
- Abuse Density: 48% (moderate risk).
- Neighbor Risk Distribution:
- 73 IPs: Medium Risk (25โ40 score).
- 27 IPs: Low Risk (0โ25 score).
- No high-risk IPs in the subnet.
---
**5. Recommendations**
- Monitor Subnet: Moderate abuse density suggests reviewing neighboring IPs for anomalies.
- Verify DNS: Ensure `ahrefs.net` DNS records align with legitimate Ahrefs infrastructure.
- Baseline Traffic: No suspicious services or open ports detected; no firewall rules required.
---
Conclusion:
54.39.0.63 is a low-risk IP associated with Ahrefs' OVH cloud infrastructure. While the subnet shows moderate abuse density, no direct malicious indicators are present. SOC teams should prioritize monitoring the broader subnet for potential lateral movement or anomalous activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca004-san63.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san63.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 45% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 08:56:03 UTC |
| Last Seen | 2026-06-28 13:18:32 UTC |
| Profile Built | 2026-06-29 07:22:53 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.