54.39.136.155
# IP Intelligence Briefing: 54.39.136.155/32
Classification: Moderate Risk
Date: Current Analysis
Subject: OVH Cloud Compute Infrastructure
---
## Executive Summary
IP address 54.39.136.155 is hosted on OVH cloud infrastructure and classified as moderate risk (score: 40). The IP resolves to ahrefs.net domain infrastructure, specifically proxy proxy-ca002-san155.ahrefs.net. The subnet 54.39.136.0/24 exhibits high abuse density (0.6094), with 156 threat siblings among 256 total IPs. No active services or open ports detected.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **Provider** | OVH (ASN 16276) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network** | OVH-CUST-281059681 |
| **CIDR Block** | 54.39.136.0/24 |
| **Geolocation** | Beauharnois, QC, Canada |
| **Infrastructure Type** | CloudCompute |
---
## DNS & Domain Information
- PTR Record: proxy-ca002-san155.ahrefs.net
- Forward Resolution: proxy-ca002-san155.ahrefs.net (confirmed)
- Domain: ahrefs.net
- Email Authentication: SPF and DMARC not configured
- Forward Resolution Count: 1
---
## Network Classification
- Provider: OVH
- Connection Type: Cloud hosting
- Infrastructure: CloudCompute
- Status: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: None
- HTTP Service: None
---
## Threat Indicators
- Threat Score: 40 (Moderate)
- Blacklist Count: 0
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- DNSBL Listings: 1 of 8 lists
- Abuse Confidence Score: Not applicable
---
## Neighborhood Analysis
The /24 subnet 54.39.136.0/24 shows elevated abuse activity:
- Abuse Density: 0.6094 (High)
- Total Siblings: 256
- Active Siblings: 158
- Threat Siblings: 156
- Inherited Risk: 24
- Risk Distribution: 100 Medium, 0 High, 0 Low
Neighbor IPs in the subnet consistently show riskScore: 40 and authorityScore: 50, indicating systematic cloud infrastructure usage rather than isolated malicious activity.
---
## Control Plane Analysis
- Origin ASN: 16276 (OVH)
- BGP Prefix: 54.39.0.0/16
- Route Stability: Not stable
- RPKI State: Not verified
- DNSSEC: Valid
- CAA Records: Present
- DNSBL Listed: Yes (1 count)
- Operator Score: 0.2174 (Minimal)
---
## Observation History
21 total observations recorded. Recent activity includes:
- Geolocation Signals: Multiple location reports with varying confidence (0.18-0.85). Notable RTT violation: claimed location 5628.6 km from probe with 28ms RTT, but minimum possible RTT for that distance is 112.6ms.
- Threat Signals: Single threat observation recorded.
- Subnet Classification: Consistently classified as "high_abuse" with abuse density 0.6094.
- Ownership: No ownership changes detected.
- Persistence: Not persistently malicious.
---
## Relationship Graph
54 relationships identified, primarily connecting to:
- Same Network: OVH-CUST-281059681 (recurring across multiple relationship types)
---
## Threat Assessment & Recommendations
Overall Assessment: Moderate Risk
Key Findings:
1. Cloud-hosted infrastructure (OVH) with no exposed services
2. Subnet shows high abuse densityβcommon in shared cloud hosting environments
3. DNSBL listing indicates prior abuse activity within the subnet
4. No direct threat indicators (no known campaigns, attacks, or spam)
5. RTT/geolocation inconsistencies suggest potential geo-spoofing or measurement error
Recommended Actions:
- Monitor subnet 54.39.136.0/24 for additional malicious activity
- Consider blocking or rate-limiting if outbound connections observed
- Review DNSBL listing context for specific feed concerns
- No immediate blocking recommendedβinfrastructure appears legitimate (ahrefs.net) but warrant monitoring
SOC Analyst Notes: This IP represents legitimate cloud hosting infrastructure (ahrefs.net) within a high-abuse-density subnet. The moderate risk score reflects subnet-level abuse patterns rather than direct malicious indicators. Monitor for anomalous behavior but no urgent action required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059681 |
| CIDR Block | 54.39.136.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca002-san155.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca002-san155.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:58:04 UTC |
| Last Seen | 2026-06-28 14:37:46 UTC |
| Profile Built | 2026-06-29 02:43:10 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.