54.39.136.180
## INTELLIGENCE BRIEFING: 54.39.136.180/32
CLASSIFICATION: MODERATE RISK (Score: 40/100)
DATE: 2026-06-19
PREPARED FOR: SOC Analyst
---
EXECUTIVE SUMMARY
IP 54.39.136.180 is a cloud hosting infrastructure address operated by OVH SAS within a high-abuse density subnet. The IP is associated with the ahrefs.net domain but shows no active services. Despite moderate individual risk scoring, the subnet exhibits elevated abuse characteristics with 66.8% abuse density.
---
INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Block** | 54.39.136.0/24 |
| **Location** | Beauharnois, QC, CA |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Cloud Provider** | OVH |
| **DNS PTR** | proxy-ca002-san180.ahrefs.net |
| **Domain** | ahrefs.net |
---
THREAT INDICATORS
- Risk Score: 40/100 (Moderate)
- Abuse Confidence: Not explicitly assigned; neighborhood indicates high-abuse classification
- Blacklist Count: 0 (traditional)
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
- Campaign Likelihood: None
- Known Campaigns: 0 matches
- Is Tor Exit: No
- Is Known Attacker: No
- Is Spam Source: No
---
NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 54.39.136.0/24
| Metric | Value |
|---|---|
| **Abuse Density** | 0.668 (66.8%) |
| **Classification** | HIGH ABUSE |
| **Inherited Risk** | 26 |
| **Total Siblings** | 256 |
| **Active Siblings** | 182 |
| **Threat Siblings** | 171 |
Risk Distribution Among Neighbors:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
The subnet demonstrates significant abuse prevalence. Of 182 active sibling addresses, 171 are identified as threats, indicating concentrated malicious activity within this cloud hosting block.
---
OBSERVATION HISTORY
Total Observations: 22
Recent Signals (Chronological):
1. 2026-06-19 06:04:34 UTC โ Threat detected (Confidence: 0.75). Source: AlienVault OTX. ASN: AS16276 OVH SAS. Location: Beauharnois, QC. Pulse count: 2.
2. 2026-06-18 13:58:35 UTC โ Subnet analysis: High abuse classification (0.668 abuse density).
3. 2026-06-18 13:58:15 UTC โ Operator score: 0.2174 (Minimal).
Temporal Analysis:
- Ownership changes: 0
- Threat observation count: 1
- Persistently malicious: No
- Threat persistence days: 0
---
SERVICE ANALYSIS
- Open Ports: None detected
- TLS Certificate: None
- HTTP Title: None
- Server Banner: None
- Service Purpose: Firewalled / No Services
---
GEOLOCATION VALIDATION
| Metric | Value |
|---|---|
| **Country** | CA (Canada) |
| **Region** | QC (Quebec) |
| **City** | Beauharnois |
| **Geo Plausible** | No |
| **Distance Violation** | 5,629 km vs. minimum possible 112.6ms RTT |
| **Actual RTT** | 27ms |
| **Minimum Possible RTT** | 112.6ms |
| **Probe Count** | 5 |
Note: Geolocation data indicates implausible distance metrics, suggesting potential data quality issues or routing anomalies.
---
RECOMMENDATIONS
Based on the threat profile and neighborhood analysis:
1. Monitoring Priority: MEDIUM โ Monitor for outbound connections and command-and-control activity given the high-abuse subnet context
2. Firewall Rules: No explicit deny rules recommended at this time; maintain logging and monitor for suspicious outbound patterns
3. Threat Hunting: Consider correlating with known ahrefs.net infrastructure; investigate any traffic patterns that deviate from expected hosting behavior
4. Subnet Context: Apply heightened scrutiny to all 54.39.136.0/24 addresses; 66.8% abuse density warrants proactive defensive posture
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059681 |
| CIDR Block | 54.39.136.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca002-san180.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca002-san180.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:28 UTC |
| Last Seen | 2026-06-27 08:08:55 UTC |
| Profile Built | 2026-06-28 02:15:49 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.