54.39.210.229
# IP INTELLIGENCE BRIEFING: 54.39.210.229/32
Classification: MODERATE RISK
Date: 2026-06-20
Status: ACTIVE MONITORING RECOMMENDED
## 1. EXECUTIVE SUMMARY
IP address 54.39.210.229 is a cloud hosting infrastructure endpoint registered to Ahrefs Pte Ltd via OVH SAS hosting. The IP presents a moderate risk score (40) with no active threat indicators currently associated. However, the subnet environment exhibits elevated abuse density, warranting ongoing monitoring. No malicious campaigns or known attacker associations have been identified.
## 2. INFRASTRUCTURE PROFILE
Ownership & Registration:
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 54.39.210.0/24
- RIR: ARIN
- Network Name: OVH-CUST-281059686
Geolocation Data:
- Reported Location: Beaucharnois, Quebec, Canada
- Geographic Consensus: TRUE (1 source)
- Geographic Plausibility: FALSE (significant RTT violation detected)
- Observed RTT: 27.0ms vs minimum possible 112.6ms for claimed distance
- Distance from Probe Location: 5,628.6km
DNS Resolution:
- PTR Hostname: proxy-ca007-san229.ahrefs.net
- Forward Resolution: proxy-ca007-san229.ahrefs.net
- Domain: ahrefs.net
- Email Authentication: SPF/Dmarc records NOT configured
Network Services:
- Infrastructure Type: Cloud Compute (Hosting)
- Open Ports: NONE
- TLS Certificate: NOT DETECTED
- Classification: Firewalled / No Services
- Service Purpose: Hosting infrastructure with no exposed services
## 3. THREAT ASSESSMENT
Current Risk Indicators:
- Overall Risk Score: 40/100 (Moderate)
- Abuse Confidence Score: Not Applicable
- Blacklist Count: 0
- Known Threat Feeds: 0
- Tor Exit Node: FALSE
- Known Attacker: FALSE
- Spam Source: FALSE
Control Plane Analysis:
- DNSBL Listed: 1 of 8 total lists
- Route Stability: NOT STABLE (route changes detected)
- RPKI State: Not Evaluated
- Operator Score: 0.2174 (Minimal)
- MoAS Status: FALSE
Campaign Correlation:
- Likelihood: Not Evaluated
- Certificate Matches: 0
- Correlated IPs: 0
## 4. SUBNET ENVIRONMENT ANALYSIS
Subnet: 54.39.210.0/24
- Total Siblings: 256
- Active Siblings: 174
- Threat Siblings: 203
- Abuse Density: 0.793 (HIGH ABUSE CLASSIFICATION)
- Inherited Risk Score: 31
Neighborhood Risk Distribution (Sample of 100):
- High Risk: 0%
- Medium Risk: 100%
- Low Risk: 0%
Assessment: The /24 subnet demonstrates consistent medium-risk classification across sampled neighbors. The high abuse density (0.793) and elevated threat sibling count (203 of 256 total IPs) indicate this subnet is heavily utilized for hosting services that may attract abuse activity.
## 5. OBSERVATION HISTORY
Total Observations: 18 signals recorded
Recent Signal Types:
- Network Classification: Consistent identification as OVH cloud hosting infrastructure
- Geographic Signals: Multiple probes confirming location inconsistencies
- Port Scanning: Detected but no open services identified
- RTT Validation: Persistent geographic implausibility violations
Temporal Analysis:
- Ownership Changes: 0 (stable registration)
- Threat Persistence: 0 days (no persistent malicious activity)
- Threat Observation Count: 0 (no observed threats to date)
- Persistently Malicious: FALSE
## 6. RELATIONSHIP MAPPING
Primary Relationships:
- Same Network: OVH-CUST-281059686 (44 relationship entries)
- Network Classification: Cloud hosting infrastructure
- DNS Association: ahrefs.net domain namespace
Assessment: The IP maintains strong network-level relationships within the OVH customer infrastructure. No certificate-based or organizational cross-references beyond the hosting provider have been identified.
## 7. RECOMMENDATIONS
Immediate Actions:
- [ ] Monitor subnet 54.39.210.0/24 for abuse activity spikes
- [ ] Review firewall rules for inbound connections to this subnet
- [ ] Verify legitimate use case for any connections observed from this IP
Long-term Actions:
- [ ] Implement rate limiting for connections from this subnet
- [ ] Monitor for service exposure changes (currently firewalled)
- [ ] Track geographic signal consistency for anomaly detection
Threat Priority: LOW-MEDIUM
The IP address 54.39.210.229 represents legitimate cloud hosting infrastructure with no active threat indicators. The primary concern is the elevated abuse density in the parent subnet, which warrants continued monitoring rather than immediate blocking. Connections from this IP should be evaluated based on business context and established baseline traffic patterns.
---
Intelligence Source: IPDebrief Platform
Data Currency: 2026-06-20
Classification Level: SOC Analyst Review
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059686 |
| CIDR Block | 54.39.210.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca007-san229.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca007-san229.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 45% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 09:37:59 UTC |
| Last Seen | 2026-06-28 08:56:14 UTC |
| Profile Built | 2026-06-29 03:01:21 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.