54.39.210.207
IP Intelligence Briefing: 54.39.210.207
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: Moderate (40/100)
- Provider: OVH (ASN 16276)
- Ownership: Registered to Ahrefs Pte Ltd (OVH-CUST-281059686)
- Geolocation: Canada (QC, Beauharnois)
- Network Role: Hosting (cloud infrastructure, no public services)
- Threat Status: No direct indicators of malicious activity (no malware, spam, or known attacker tags).
---
**2. Observation History**
- Last Scanned: June 2026
- Key Signals:
- Classified as cloud-hosted infrastructure (OVH provider).
- DNSSEC and CAA records validated, but listed in 1 DNSBL (potential spoofing risk).
- No open ports or TLS certificates detected.
- Trend: Stable risk profile; no recent changes.
---
**3. Relationships & Associations**
- DNS: Linked to proxy-ca007-san207.ahrefs.net (hostname).
- Network: Part of OVH subnet 54.39.210.0/24.
- Neighbors:
- Subnet abuse density: 50.2% (high risk).
- 127/253 IPs in subnet flagged as threats.
- 130 active IPs in subnet; 20% inherited risk from neighbors.
---
**4. Neighborhood Analysis**
- Subnet (54.39.210.0/24):
- High abuse density (0.502), with 127 malicious neighbors.
- Risk distribution: 94 IPs labeled "medium," 5 "low," 0 "high."
- Action Required: Monitor for lateral movement or network compromise due to high-risk neighbors.
---
**5. Threat Context**
- No direct threats (no malware, phishing, or C2 indicators).
- Indirect risks:
- Subnet's high abuse density suggests potential for spoofing or compromised hosts.
- DNS association with Ahrefs may indicate legitimate infrastructure, but verify against known good hosts.
---
**6. Recommendations**
1. Monitor subnet activity for unusual traffic patterns or lateral movement.
2. Validate DNS associations (proxy-ca007-san207.ahrefs.net) against Ahrefs' legitimate infrastructure.
3. Restrict access to the subnet if it hosts sensitive assets, given the high neighbor risk.
4. Check for spoofing using DNSBL lists and ensure DNSSEC validation is enforced.
---
Source: IPDebrief Threat Intelligence Platform | Last Updated: 2026-06-10
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059686 |
| CIDR Block | 54.39.210.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca007-san207.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca007-san207.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 26% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 00:33:21 UTC |
| Last Seen | 2026-06-28 23:32:00 UTC |
| Profile Built | 2026-06-29 05:34:49 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.