54.39.136.216
# IP Intelligence Briefing: 54.39.136.216/32
## Executive Summary
IP address 54.39.136.216 is classified as Low Risk (risk score: 25) and represents cloud infrastructure from OVH's customer network. The IP resolves to ahrefs.net and shows no active threat indicators. However, the /24 subnet exhibits moderate abuse density (0.4675) with mixed classification, warranting contextual monitoring of adjacent addresses.
---
## Ownership and Infrastructure
- Organization: Dmytro, Ahrefs Pte Ltd (OVH customer)
- ASN: 16276 (OVH SAS)
- Network: OVH-CUST-281059681 (54.39.136.0/24)
- Infrastructure Type: Cloud Compute
- Geolocation: Canada (QC), Beauharnois (3,000km accuracy radius)
- Ownership Stability: No changes observed
---
## Network Role and Services
- Connection Type: Firewalled / No Services detected
- Open Ports: None
- DNS Resolution: proxy-ca002-san216.ahrefs.net β ahrefs.net
- Cloud Provider: OVH (confirmed)
- Not Identified As: CDN, VPN, Proxy, Tor Exit, Mobile, or Residential
---
## Threat Intelligence Assessment
- Risk Score: 25 (Low Risk)
- Abuse Confidence: None recorded
- Blacklist Status: 0 blacklists
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
---
## Neighborhood Analysis (54.39.136.0/24)
The /24 subnet contains 246 total sibling IPs with 100 active and 115 threat-identified. Abuse density is 0.4675 (46.75%), classified as mixed. Neighbor risk distribution:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
Notable Neighbor IPs:
- 54.39.136.0-54.39.136.5: Risk score 40, Authority score 50
---
## Observation History
24 observations recorded over recent monitoring period:
- Most Recent: 2026-06-19T06:07:18
- Operator Score: 0.2174 (Minimal risk)
- Data Sufficiency: 6/6 dimensions covered
- Confidence Level: 0.21-0.30 range
- Threat Persistence: 0 days (not persistently malicious)
---
## Control Plane and Routing
- BGP Prefix: 54.39.0.0/16
- Route Stability: Not stable
- DNSSEC: Valid
- DNSBL Listings: 1/8 total lists (minor listing)
- Hop Count: 18
- Minimum RTT: 27ms (geolocation validation shows 5,629km distance with 27ms RTTβan inconsistency indicating potential routing anomaly)
---
## Security Actions and Recommendations
- Current Status: No immediate blocking recommended
- Monitoring Priority: Medium (due to subnet abuse density)
- Suggested Actions: Monitor adjacent IPs in 54.39.136.0/24 for correlated activity; verify legitimate business use given OVH cloud hosting
---
## Threat Intelligence Narrative
The target IP 54.39.136.216 operates as cloud infrastructure for Ahrefs, a legitimate SEO analytics enterprise. No direct threat indicators are present against this specific address. However, the hosting subnet demonstrates elevated abuse characteristics with 46.75% abuse density. While this IP itself presents minimal risk, SOC teams should contextualize traffic patterns against neighboring addresses and maintain awareness of the broader subnet's mixed classification. No immediate defensive actions are required, but ongoing monitoring of the /24 block is advisable.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059681 |
| CIDR Block | 54.39.136.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca002-san216.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca002-san216.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:28 UTC |
| Last Seen | 2026-06-27 08:11:16 UTC |
| Profile Built | 2026-06-28 02:18:05 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 29 |
Full dossier details are available via our API.