54.39.210.31
# IP INTELLIGENCE BRIEFING
Target: 54.39.210.31/32
Classification: Cloud Infrastructure / Legitimate Hosting
Risk Level: MODERATE (Score: 40/100)
Report Date: 2026-06-16
---
## EXECUTIVE SUMMARY
IP 54.39.210.31 is a cloud-hosted infrastructure address operating under OVH customer network OVH-CUST-281059686 (ASN 16276). The IP is associated with the Ahrefs.net domain and registered to Dmytro, Ahrefs Pte Ltd. The address is hosted in Canada (Quebec, Beauharnois) and functions as a cloud compute resource with firewall protection. While the IP itself shows no active threat indicators, it resides within a /24 subnet exhibiting elevated abuse density (0.7969). No immediate defensive action required; maintain monitoring.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **ASN** | 16276 (OVH) |
| **Network** | OVH-CUST-281059686 |
| **CIDR Block** | 54.39.210.0/24 |
| **Registration** | ARIN |
| **Infrastructure Type** | CloudCompute |
| **Network Role** | Hosting Provider (Firewalled/No Services) |
The IP has no open ports or active services detected. DNS resolution maps to proxy-ca007-san31.ahrefs.net with forward confirmation pending.
---
## GEOLOCATION
| Attribute | Value |
|---|---|
| **Country** | CA (Canada) |
| **Region** | QC (Quebec) |
| **City** | Beauharnois |
| **Accuracy Radius** | 3000 km |
| **Geo Consensus** | True |
---
## THREAT ASSESSMENT
Current Risk Profile:
- Overall Risk Score: 40/100 (Moderate)
- Abuse Confidence: None
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- Known Campaigns: None
Control Plane Indicators:
- DNSSEC: Valid
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.2174 (Minimal)
- Route Stability: Unstable (isRouteStable: false)
- BGP Prefix: 54.39.0.0/16
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 54.39.210.0/24
| Metric | Value |
|---|---|
| **Abuse Density** | 0.7969 (High) |
| **Classification** | high_abuse |
| **Inherited Risk** | 31/100 |
| **Total Siblings** | 256 |
| **Active Siblings** | 172 |
| **Threat Siblings** | 204 |
Risk Distribution (100 neighbors analyzed):
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
The /24 subnet demonstrates elevated abuse activity with 204 threat siblings and 79.69% abuse density. However, the target IP itself (54.39.210.31) shows no direct threat indicators. Neighboring addresses consistently display risk scores of 40 with authority scores of 50.
---
## OBSERVATION HISTORY
Total Observations: 19 signals tracked
Recent Signal Timeline (2026-06-16):
1. 00:54:17 β Geolocation signal (Canada, confidence: 0.35)
2. 00:54:02 β Ownership signal (no changes, confidence: 0.85)
3. 00:53:40 β Subnet abuse density signal (high_abuse, confidence: 0.75)
4. 00:53:00 β Network role signal (not attacker/Not Tor/Not spam, confidence: 0.20)
5. 00:50:58 β Control plane operator score (Minimal, confidence: 0.60)
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: No
---
## RELATIONSHIP GRAPH
| Relationship Type | Target | Count |
|---|---|---|
| Same Network | OVH-CUST-281059686 | Multiple |
| DNS Association | proxy-ca007-san31.ahrefs.net | Multiple |
The IP maintains strong DNS relationships with the ahrefs.net hostname family. No certificate or organization relationships detected.
---
## RECOMMENDED ACTIONS
Based on current risk profile, no blocking or filtering actions required. Maintain passive monitoring.
Suggested Rules:
- No firewall rules recommended
- No WAF rules recommended
- No email reputation actions needed
Monitoring Considerations:
- Monitor /24 subnet for abuse density trends (0.7969)
- Track DNS resolution patterns for proxy-ca007-san31.ahrefs.net
- Watch for service emergence on previously closed ports
---
## THREAT INTELLIGENCE CONTEXT
The target IP operates within OVH's cloud infrastructure ecosystem. While the immediate address shows no malicious activity, the surrounding /24 subnet exhibits significant abuse density. This suggests the broader network segment warrants continued intelligence gathering. The IP's association with Ahrefs.net indicates legitimate SEO analytics or marketing infrastructure usage.
Final Assessment: LEGITIMATE HOST
CONFIDENCE LEVEL: MODERATE
DATA FRESHNESS: CURRENT (Within 24 hours)
LAST UPDATED: 2026-06-16 00:54:17 UTC
SOC INTEGRATION NOTES:
Integrate this IP into existing cloud-compute monitoring workflows. No immediate threat response required. Update SIEM rules to observe subnet-level abuse density changes within 54.39.210.0/24. Flag any service emergence on this address for further investigation.
END OF BRIEFING
---
*This intelligence briefing was generated by IPDebriefβ’ Threat Intelligence Platform for authorized defensive security operations. All data derived from automated observation and threat feed aggregation.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059686 |
| CIDR Block | 54.39.210.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca007-san31.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca007-san31.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 17% | 9 | 12 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-26 06:51:32 UTC |
| Last Seen | 2026-06-29 02:56:57 UTC |
| Profile Built | 2026-06-29 03:25:15 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 23 |
Full dossier details are available via our API.