54.39.136.190
IP Intelligence Briefing: 54.39.136.190
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Owner: Dmytro, Ahrefs Pte Ltd (OVH customer)
- Geolocation: Canada (QC), Beauharnois (plausibility: False)
- Network Role: CloudCompute (OVH infrastructure)
- Threat Indicators: No malicious activity detected; not listed in blacklists or threat feeds.
---
**2. Observation History**
- Recent Activity:
- June 14, 2026: RTT anomalies (27ms vs. expected 112.6ms for 5,629km distance).
- June 3, 2026: Network scan detected no open ports; TLS/HTTP banners not found.
- Trend: Stable risk profile with no persistent malicious behavior.
---
**3. Network Relationships**
- Subnet: 54.39.136.190/24 (OVH-CUST-281059681)
- Neighbors:
- 100 IPs in subnet (246 total).
- 115 IPs flagged as threats (46.75% abuse density).
- Key Risks: Moderate risk siblings (86 IPs), low risk siblings (14 IPs).
- Provider: OVH (ASN 16276).
---
**4. Threat Context**
- No Direct Threats: IP itself is clean, but subnet has mixed risk (18 inherited risk points).
- Geolocation Discrepancy: RTT data suggests misrepresentation of location (Canadian claims vs. actual distance).
- Cloud Compute: Likely a legitimate cloud instance (Ahrefs Pte Ltd), but monitor for suspicious traffic patterns.
---
**5. Recommendations**
- SOC Actions:
- Monitor subnet for unusual traffic due to moderate abuse density.
- Validate geolocation claims for this IP and neighbors.
- Apply firewall rules to block high-risk siblings in the 54.39.136.0/24 subnet.
- Tools: Use IPDebriefβs actions module for tailored firewall rules (e.g., iptables, Cloudflare WAF).
---
Summary: 54.39.136.190 is a low-risk cloud instance tied to Ahrefs, but its subnet contains notable threats. Prioritize monitoring and geolocation validation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059681 |
| CIDR Block | 54.39.136.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca002-san190.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca002-san190.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:28 UTC |
| Last Seen | 2026-06-27 08:09:55 UTC |
| Profile Built | 2026-06-28 02:15:48 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.