54.39.210.111
IP Intelligence Briefing: 54.39.210.111
Date: 2026-06-15
---
**1. Core Profile**
- Risk Score: Moderate (40/100)
- Ownership:
- ASN: AS16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: 54.39.210.0/24
- Geolocation:
- Country: Canada (QC, Beauharnois)
- Plausibility: GeoPlausible: False (RTT anomaly detected)
- Network Role:
- Type: Cloud Compute (OVH)
- Hosting: Yes
- Subnet Abuse Density: 61.72% (high_abuse classification)
---
**2. Threat Indicators**
- Threat Signals:
- No direct malware, phishing, or exploit indicators detected.
- DNS: Resolves to `proxy-ca007-san111.ahrefs.net` (Ahrefs-related hostname).
- Services: No open ports or TLS certificates detected.
- Blacklists: Not listed in major DNSBLs.
---
**3. Observation History**
- Recent Activity (Last 30 Days):
- June 15, 2026: Linked to OVH with 50% confidence.
- June 9, 2026: No active services or banners detected.
- Geo Validation: RTT anomaly (26ms vs. expected 112.6ms for 5,629km distance).
---
**4. Network Relationships**
- Subnet: 54.39.210.0/24
- Neighbors:
- Abuse Density: 61.72% (158/256 IPs flagged as threats).
- High-Risk Neighbors: 98 IPs with medium/high risk scores.
- Shared Network: OVH-CUST-281059686 (same ASN/organization).
---
**5. Actionable Insights**
- SOC Recommendations:
- Monitor Subnet: High abuse density in 54.39.210.0/24 suggests potential for lateral movement or compromised hosts.
- Verify Geolocation: Investigate RTT anomaly (26ms) for spoofing or misconfigured routing.
- Check Ahrefs IP Legitimacy: Confirm if the IP is part of Ahrefs' legitimate infrastructure.
- Block Subnet (If Applicable): Consider blocking the subnet if associated with malicious activity.
---
Conclusion:
The IP is associated with Ahrefs (OVH) but shows geolocation inconsistencies and resides in a high-abuse subnet. While no direct threats are detected, the network context warrants closer monitoring for potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059686 |
| CIDR Block | 54.39.210.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca007-san111.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca007-san111.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 23% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:58:05 UTC |
| Last Seen | 2026-06-28 14:42:38 UTC |
| Profile Built | 2026-06-29 08:48:15 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.