54.39.210.163
IP INTELLIGENCE BRIEFING: 54.39.210.163/32
Classification: Moderate Risk | Status: Under Investigation
---
EXECUTIVE SUMMARY
IP address 54.39.210.163 is a cloud-compute infrastructure endpoint operated by OVH under the netname OVH-CUST-281059686. The IP resolves to the ahrefs.net domain (proxy-ca007-san163.ahrefs.net), indicating association with Ahrefs Pte Ltd. Current risk assessment scores 40 (Moderate Risk) with no active threat indicators detected. The endpoint is firewalled with no open services detected.
---
OWNERSHIP & INFRASTRUCTURE
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 54.39.210.0/24
- Infrastructure Type: Cloud Compute / Hosting
- Provider: OVH (Canadian operations)
- Geolocation: Beauharnois, QC, Canada (CA)
---
THREAT ASSESSMENT
- Overall Risk Score: 40/100 (Moderate)
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 threat intelligence feeds
The IP lacks threat indicators including no known campaigns, no associated threat feeds, and no active abuse confidence score. The endpoint is classified as hosting infrastructure with firewall protection enabled.
---
NETWORK ENVIRONMENT ANALYSIS
Subnet Profile (54.39.210.0/24):
- Abuse Density: 0.6641 (High Abuse Classification)
- Active Siblings: 168 of 256 total addresses
- Threat Siblings: 170
- Neighborhood Risk: Inherited risk score of 26/100
Sampled neighbors (100 addresses) show consistent risk distribution:
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
This indicates the /24 subnet is heavily utilized for hosting services with elevated neighbor risk scores (40-50 range across samples).
---
DNS & SERVICES
- PTR Record: proxy-ca007-san163.ahrefs.net
- Forward Resolution: Confirmed to ahrefs.net domain
- Open Ports: None detected
- Services: Firewalled / No Services
- TLS Certificate: Not present
- Email Authentication: SPF/DMARC not configured
---
OBSERVATION HISTORY
Total observations recorded: 23 (as of June 2026)
Temporal Analysis:
- Ownership Changes: 0 (Stable)
- Threat Persistence: 0 days
- Threat Observation Count: 1
- Persistently Malicious: False
Recent signal observations indicate consistent network classification as OVH hosting infrastructure with stable abuse density metrics (0.6641) and operator scores (~0.22) across multiple measurement periods.
---
GEOLOCATION VALIDATION
Status: Flagged for Review
- Probe Count: 5
- Average RTT: 30.2ms
- Minimum Possible RTT: 112.6ms (for 5,629km distance)
- Violation: RTT 29.0ms < minimum possible 112.6ms
The geolocation data shows a 5,628.6km distance from probe origin to reported Canada location, but measured RTT times are physically impossible for this distance. This suggests the reported geolocation may be inaccurate or the IP is operating in an unexpected location.
---
RELATIONSHIP GRAPH
Total relationships identified: 48
- Primary Association: OVH-CUST-281059686 (Same Network)
- Relationship Diversity: Limited (primarily network-level associations)
- No correlated external entities detected
---
RECOMMENDED ACTIONS
For SOC Analysts:
1. Monitor: Track for any changes in threat indicators or service activation
2. Context: Recognize as Ahrefs infrastructure (SEO tooling provider)
3. Network Context: Be aware of elevated abuse density in /24 subnet
4. Geolocation Caution: Treat location data as unreliable; RTT anomalies suggest data mismatch
5. Firewall: No immediate blocking required; endpoint appears to be properly secured
Classification: LOW-PRIORITY | Recommended Action: MONITOR
---
Report Generated: 2026-06-19
Data Sources: IPDebrief Intelligence Platform
Analysis Confidence: Medium (limited service discovery, geolocation anomalies)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059686 |
| CIDR Block | 54.39.210.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca007-san163.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca007-san163.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 03:44:15 UTC |
| Last Seen | 2026-06-27 21:03:33 UTC |
| Profile Built | 2026-06-28 15:08:31 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.