54.39.136.14
# INTELLIGENCE BRIEFING: 54.39.136.14/32
Classification: Moderate Risk (Score: 45/100)
Date: 2026-06-25
Status: Active Threat Monitoring Required
---
## EXECUTIVE SUMMARY
IP 54.39.136.14 is an OVH hosting infrastructure asset located in Beaucharnois, Quebec, Canada. The IP presents moderate risk with a reputation score of 45. While no direct malicious activity indicators were identified, the IP demonstrates threat associations within its subnet environment and maintains DNS blacklist listings on 2 of 8 queried lists.
---
## OWNERSHIP AND INFRASTRUCTURE
| Field | Value |
|---|---|
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **CIDR Block** | 54.39.136.0/24 |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Provider** | OVH |
The IP resolves to hostname proxy-ca002-san14.ahrefs.net under the ahrefs.net domain. The asset functions as firewalled infrastructure with no active service ports detected.
---
## GEOLOCATION ANALYSIS
- Reported Location: Beaucharnois, Quebec, Canada
- Coordinates: 45.3161°N, -73.8736°W
- GeoValidation Status: INCONSISTENT
- RTT Violation: 26ms observed vs 112.6ms minimum expected for claimed distance (5,629km)
- Geolocation Confidence: Low (geoPlausible: false)
Multiple geolocation sources report conflicting data, suggesting potential misattribution or cloud infrastructure masking.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| **Blacklist Count** | 2 of 8 lists |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Tor Exit Node** | No |
| **Abuse Confidence** | Not calculated |
| **Known Campaigns** | None |
The IP maintains a moderate reputation score of 45 with no direct malicious indicators, though DNSBL listings indicate prior abuse history.
---
## NETWORK CONTEXT AND NEIGHBORHOOD RISK
Subnet Risk Profile:
- Subnet: 54.39.136.0/24
- Abuse Density: 0.4609 (46%)
- Inherited Risk Score: 18
- Total Siblings: 256
- Active Siblings: 189
- Threat Siblings: 118
- Classification: Mixed
The /24 subnet exhibits elevated abuse density. Of 118 threat-sibling IPs identified, the local IP inherits contextual risk from the neighborhood environment.
---
## OBSERVATION HISTORY (28 RECENT OBSERVATIONS)
Recent Signal Activity (2026-06-25):
- Cloud Infrastructure: Confirmed (OVH)
- Threat Indicators: Present (pulse_count: 3)
- Network Classification: Hosting/Cloud Compute
- Operator Score: 0.2174 (Minimal)
Temporal analysis shows 28 observations over the monitoring window with persistent cloud hosting classification and intermittent threat indicator presence.
---
## RECOMMENDED ACTIONS
Firewall Rules (Deploy Immediately)
iptables:
```
iptables -A INPUT -s 54.39.136.14 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 54.39.136.14 drop
```
nginx:
```
deny 54.39.136.14;
```
pfSense:
```
54.39.136.14/32
```
Cloudflare WAF:
```json
{
"description": "Block 54.39.136.14 โ IPDebrief risk score 45",
"action": "block",
"filter": {
"expression": "ip.src eq 54.39.136.14"
}
}
```
AWS WAF:
```json
{
"Addresses": ["54.39.136.14/32"],
"Description": "IPDebrief risk 45"
}
```
---
## ANALYST NOTES
1. Subnet Correlation: 118 threat siblings in /24 warrant monitoring of adjacent IPs in the 54.39.136.0/24 range.
2. Geolocation Discrepancy: RTT violation suggests either misconfigured geolocation data or potential cloud infrastructure manipulation.
3. DNSBL Presence: Two blacklist listings indicate prior abuse activity requiring investigation into associated domains.
4. Hosting Infrastructure: The IP serves as firewalled hosting with no open services detected, limiting direct exploitation vectors.
Recommendation: Block at perimeter firewall and monitor subnet for correlated malicious activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059681 |
| CIDR Block | 54.39.136.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca002-san14.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca002-san14.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 24% | 3 | 4 |
| services | 12% | 2 | 2 |
| ownership | 30% | 3 | 4 |
| reputation | 31% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 27% | 13 | 20 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 17:41:41 UTC |
| Last Seen | 2026-06-27 16:28:24 UTC |
| Profile Built | 2026-06-28 10:33:18 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 33 |
Full dossier details are available via our API.