54.39.210.132
# IP Intelligence Briefing: 54.39.210.132
Classification: Moderate Risk / High-Abuse Neighborhood
Date: Current Analysis
Analysis Tool: IPDebrief Intelligence Platform
---
## Executive Summary
IP address 54.39.210.132 is assigned to OVH hosting infrastructure (ASN 16276) with ownership attributed to Dmytro, Ahrefs Pte Ltd. The IP exhibits moderate risk (score: 40) with no active threat indicators. However, the surrounding /24 subnet (54.39.210.0/24) is classified as high-abuse density (0.5547) with 142 of 256 sibling IPs flagged as threats.
---
## Infrastructure Profile
Ownership & Provider:
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Network Block: 54.39.210.0/24
- Geolocation: Canada, Quebec, Beauharnois (3000km accuracy radius)
Network Role:
- Infrastructure Type: Cloud Compute / Hosting
- Classification: Cloud infrastructure with hosted DNS services
- DNS Resolution: proxy-ca007-san132.ahrefs.net (ahrefs.net domain)
- Service Status: No open ports detected; service marked as "Firewalled / No Services"
---
## Threat Assessment
Current Risk Indicators:
- Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not reported
- Blacklist Count: 0 (current)
- DNSBL Listings: 1 of 8 total lists
- Known Campaigns: None identified
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane Data:
- BGP Prefix: 54.39.0.0/16
- Route Stability: False (route changes detected)
- RPKI State: Not validated
- DNSSEC: Valid
---
## Neighborhood Analysis
The /24 subnet (54.39.210.0/24) demonstrates elevated abuse characteristics:
- Abuse Density: 0.5547 (High)
- Total Siblings: 256
- Active Siblings: 208
- Threat Siblings: 142 (55% of active IPs)
- Classification: High-Abuse
Sample Neighbor Risk Scores (54.39.210.x/32 range):
- All sampled neighbors show risk score of 40 with authority score of 50
- Risk distribution: 100 medium, 0 high, 0 low (based on sampled set)
---
## Observation History
Signal Observations: 22 total observations tracked
Recent Activity (June 2026):
- June 27, 2026: Operator score 0.1 (Minimal), routing/services/ownership/reputation/geolocation signals detected
- June 26, 2026: Subnet abuse density 0.5547 confirmed with high_abuse classification
- June 26, 2026: Provider classification OVH confirmed
- June 26, 2026: Geolocation CA confirmed with cymru-country method
Temporal Indicators:
- Persistence: 0 threat persistence days
- Malicious Activity: Not persistently malicious
- Observation Count: 1 threat observation
---
## Relationship Graph
Detected Relationships: 55 total
- Primary classification: Same Network (OVH-CUST-281059686)
- Multiple network-level relationships indicating shared infrastructure
- No organizational or hostname relationships beyond network classification
---
## Security Recommendations
For SOC Analysts:
1. Monitor Neighborhood Context: The IP resides in a high-abuse subnet. Monitor for correlated activity from sibling IPs (54.39.210.x range), particularly the 142 flagged threat siblings.
2. DNS Activity: The IP resolves to proxy-ca007-san132.ahrefs.net. Monitor DNS queries to this hostname for potential command-and-control or data exfiltration patterns.
3. No Immediate Blocking: Current risk profile does not warrant immediate blocking. However, implement logging and monitoring for baseline behavior.
4. Threat Intelligence Feeds: While no current threat indicators exist, maintain awareness of OVH hosting infrastructure in threat assessments due to neighborhood abuse density.
5. Route Stability: Monitor BGP changes for the 54.39.0.0/16 prefix given the route stability flag is false.
---
Reporting Tool: IPDebrief Intelligence Platform
Data Sufficiency: Complete profile with full geolocation, ownership, and threat context available
Confidence Level: Moderate (based on cloud hosting infrastructure classification)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059686 |
| CIDR Block | 54.39.210.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca007-san132.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca007-san132.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 19% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 16:14:41 UTC |
| Last Seen | 2026-06-27 18:08:48 UTC |
| Profile Built | 2026-06-28 18:12:55 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 28 |
Full dossier details are available via our API.