54.39.210.190
IP Intelligence Briefing: 54.39.210.190
Date: 2026-06-14
---
**1. Risk Profile**
- Overall Risk: Moderate (Risk Score: 40)
- Provider/Organization: OVH (AS16276), Ahrefs Pte Ltd (netname: OVH-CUST-281059686)
- Geolocation: Canada (QC, Beauharnois)
- Network Role: CloudCompute infrastructure (OVH-hosted, no residential/mobile origin)
- Threat Indicators: No malicious activity detected (no blacklists, campaigns, or DNS abuse).
---
**2. Observation History**
- Last 30 Days:
- Consistent classification as a cloud provider (OVH) with no persistent malicious behavior.
- Subnet abuse density: 0.6641 (high abuse classification).
- 170 of 256 sibling IPs in the 54.39.210.0/24 subnet show risk signals.
---
**3. Network Relationships**
- Linked Entities:
- OVH-CUST-281059686 (same network).
- Domain: `ahrefs.net` (CAA records, DNSSEC validated).
- Control Plane:
- BGP prefix: `54.39.0.0/16` (OVH).
- RPKI state: Not validated.
- IRR consistency: Not checked.
---
**4. Subnet Neighborhood**
- Subnet: `54.39.210.0/24` (256 total IPs).
- Risk Distribution:
- 100 neighbors (40% of subnet) flagged as medium risk.
- 170 IPs show threat signals (e.g., abuse, scanning).
- Abuse Density: 66.41% (high abuse classification).
---
**5. Recommendations**
- Monitor Subnet: The high abuse density in the 54.39.210.0/24 subnet suggests potential lateral movement or compromised hosts.
- Restrict Access: Implement network segmentation or firewall rules to limit traffic to this subnet.
- Validate DNS: Confirm DNSSEC and CAA records for `ahrefs.net` to ensure no spoofing.
- Check for Anomalies: Investigate unusual traffic patterns in the subnet, given the elevated risk of neighboring IPs.
Note: The IP itself is likely legitimate (cloud infrastructure), but the surrounding network requires closer scrutiny due to high abuse density.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059686 |
| CIDR Block | 54.39.210.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca007-san190.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca007-san190.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 17% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 19% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 16:14:41 UTC |
| Last Seen | 2026-06-27 18:09:21 UTC |
| Profile Built | 2026-06-28 12:14:54 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 27 |
Full dossier details are available via our API.