54.39.210.194

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP INTELLIGENCE BRIEFING: 54.39.210.194/32

Classification: Moderate Risk / High-Abuse Subnet

Date: 2026-06-15

Analyst: IPDebrief Intelligence Team

Executive Summary

IP 54.39.210.194 is a cloud-hosted IP address belonging to OVH network (ASN 16276) with a moderate risk score of 40. The IP is associated with Ahrefs Pte Ltd and is part of a high-abuse subnet (54.39.210.0/24) with 73.44% abuse density. The address resolves to proxy-ca007-san194.ahrefs.net and shows evidence of blacklist listings.

Ownership and Infrastructure

ASN: 16276 (OVH)
Organization: Dmytro, Ahrefs Pte Ltd
Network: 54.39.210.0/24
Infrastructure Type: Cloud Compute / Hosting
Country: CA (Canada) - Beauharnois, QC
DNS Resolution: proxy-ca007-san194.ahrefs.net (forward confirmed)

Risk Indicators

Risk Score: 40 (Moderate Risk)
Abuse Confidence: Evidence of blacklist listings (1 of 8 DNSBL lists)
Operator Score: 0.2174 (Minimal)
Route Stability: Unstable (route changes detected in 30-day window)
Geo Validation: Implausible - RTT of 27ms inconsistent with 5,629km reported distance (minimum possible 112.6ms)

Neighborhood Analysis

The /24 subnet (54.39.210.0/24) shows elevated abuse characteristics:

Abuse Density: 0.7344 (high abuse)
Active Siblings: 172 of 256 total
Threat Siblings: 188
Risk Distribution: 100 medium-risk IPs in neighborhood
Subnet Classification: high_abuse

Historical Observations

Total Signals: 18 observations over monitoring period
Latest Subnet Classification (2026-06-15): high_abuse (confidence 0.75)
Blacklist Activity (2026-06-10): Listed on 8 blacklist categories with maximum severity "high"
Threat Persistence: Single threat observation event, not persistently malicious

Services Assessment

Open Ports: None detected
HTTP/HTTPS Services: No active services observed
TLS Certificates: Not applicable
Network State: Firewalled / No Services

Recommended Actions

Immediate Blocking Recommended. Implement the following firewall rules:

iptables: `iptables -A INPUT -s 54.39.210.194 -j DROP`
nftables: `nft add rule inet filter input ip saddr 54.39.210.194 drop`
nginx: `deny 54.39.210.194;`
pfSense: Block 54.39.210.194/32
Cloudflare WAF: Block with expression `ip.src eq 54.39.210.194`
AWS WAF: Add 54.39.210.194/32 to block list

Intelligence Context

This IP is part of OVH's cloud infrastructure hosting Ahrefs services. The subnet-level abuse density is significant, suggesting this environment is frequently leveraged for malicious activities. While the specific IP shows no active open ports or direct attack indicators, the high-abuse neighborhood context warrants defensive blocking. The implausible geolocation data may indicate spoofed or misconfigured DNS records commonly associated with hosting environments used for compromised downstream traffic.

---

*This briefing is based on IPDebrief intelligence data. Combine with other signals before taking action. Rules provided are probabilistic recommendations.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Beauharnois
Timezone	—
Latitude	45.32
Longitude	-73.87

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059686
CIDR Block	54.39.210.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca007-san194.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca007-san194.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	39%	2	3
routing	13%	1	1
services	8%	1	1
ownership	19%	2	2
reputation	31%	1	3
geolocation	33%	2	3
Overall	24%	9	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 15:20:12 UTC
Last Seen	2026-06-28 19:57:22 UTC
Profile Built	2026-06-29 08:01:26 UTC
Data Freshness	Live
Signal Types	19
Total Observations	23

🔍 19 signal types · 23 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

54.39.210.194📋 Copy