IPDebrief

54.39.136.14

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 54.39.136.14/32

Classification: Moderate Risk (Score: 45/100)

Date: 2026-06-25

Status: Active Threat Monitoring Required

---

## EXECUTIVE SUMMARY

IP 54.39.136.14 is an OVH hosting infrastructure asset located in Beaucharnois, Quebec, Canada. The IP presents moderate risk with a reputation score of 45. While no direct malicious activity indicators were identified, the IP demonstrates threat associations within its subnet environment and maintains DNS blacklist listings on 2 of 8 queried lists.

---

## OWNERSHIP AND INFRASTRUCTURE

FieldValue
**ASN**16276 (OVH SAS)
**Organization**Dmytro, Ahrefs Pte Ltd
**CIDR Block**54.39.136.0/24
**Infrastructure Type**Cloud Compute / Hosting
**Provider**OVH

The IP resolves to hostname proxy-ca002-san14.ahrefs.net under the ahrefs.net domain. The asset functions as firewalled infrastructure with no active service ports detected.

---

## GEOLOCATION ANALYSIS

Multiple geolocation sources report conflicting data, suggesting potential misattribution or cloud infrastructure masking.

---

## THREAT INDICATORS

IndicatorStatus
**Blacklist Count**2 of 8 lists
**Known Attacker**No
**Spam Source**No
**Tor Exit Node**No
**Abuse Confidence**Not calculated
**Known Campaigns**None

The IP maintains a moderate reputation score of 45 with no direct malicious indicators, though DNSBL listings indicate prior abuse history.

---

## NETWORK CONTEXT AND NEIGHBORHOOD RISK

Subnet Risk Profile:

The /24 subnet exhibits elevated abuse density. Of 118 threat-sibling IPs identified, the local IP inherits contextual risk from the neighborhood environment.

---

## OBSERVATION HISTORY (28 RECENT OBSERVATIONS)

Recent Signal Activity (2026-06-25):

Temporal analysis shows 28 observations over the monitoring window with persistent cloud hosting classification and intermittent threat indicator presence.

---

## RECOMMENDED ACTIONS

Firewall Rules (Deploy Immediately)

iptables:

```

iptables -A INPUT -s 54.39.136.14 -j DROP

```

nftables:

```

nft add rule inet filter input ip saddr 54.39.136.14 drop

```

nginx:

```

deny 54.39.136.14;

```

pfSense:

```

54.39.136.14/32

```

Cloudflare WAF:

```json

{

"description": "Block 54.39.136.14 โ€” IPDebrief risk score 45",

"action": "block",

"filter": {

"expression": "ip.src eq 54.39.136.14"

}

}

```

AWS WAF:

```json

{

"Addresses": ["54.39.136.14/32"],

"Description": "IPDebrief risk 45"

}

```

---

## ANALYST NOTES

1. Subnet Correlation: 118 threat siblings in /24 warrant monitoring of adjacent IPs in the 54.39.136.0/24 range.

2. Geolocation Discrepancy: RTT violation suggests either misconfigured geolocation data or potential cloud infrastructure manipulation.

3. DNSBL Presence: Two blacklist listings indicate prior abuse activity requiring investigation into associated domains.

4. Hosting Infrastructure: The IP serves as firewalled hosting with no open services detected, limiting direct exploitation vectors.

Recommendation: Block at perimeter firewall and monitor subnet for correlated malicious activity.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡จ๐Ÿ‡ฆ Canada
RegionQC
CityBeauharnois
Timezoneโ€”
Latitude45.32
Longitude-73.87

๐Ÿข Ownership & Registration

OrganizationDmytro, Ahrefs Pte Ltd
ASNAS16276
Network NameOVH-CUST-281059681
CIDR Block54.39.136.0/24
RIRARIN
CountrySingapore
Abuse Contactโ€”

๐ŸŒ DNS Intelligence

PTRproxy-ca002-san14.ahrefs.net
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesproxy-ca002-san14.ahrefs.net

๐Ÿ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAAPresent

โ˜๏ธ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierTier 3 โ€” Basic operator with some routing infrastructure
Hosting

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
31%
24
routing
24%
34
services
12%
22
ownership
30%
34
reputation
31%
13
geolocation
37%
23
Overall27%1320
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) โ€” 1 contradiction(s)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
โš  Claimed geolocation contradicts RTT physics measurement

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-09 17:41:41 UTC
Last Seen2026-06-27 16:28:24 UTC
Profile Built2026-06-28 10:33:18 UTC
Data FreshnessLive
Signal Types27
Total Observations33
๐Ÿ” 27 signal types ยท 33 observations collected
This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.