54.39.6.240
IP Intelligence Briefing: 54.39.6.240
Date: 2026-06-09
---
**1. Risk Profile**
- Risk Score: 50 (Moderate Risk)
- Threat Indicators: No malicious indicators, blacklists, or known attacker associations.
- Network Classification: CloudCompute (OVH-hosted).
- Subnet Abuse Density: High (0.5082).
---
**2. Ownership & Geolocation**
- ISP/Organization: OVH (ASN 16276), registered to "Dmytro, Ahrefs Pte Ltd."
- Geolocation: Canada (QC, Beauharnois).
- Subnet: 54.39.6.0/24, with 244 total IPs.
---
**3. Observation History**
- Recent Activity:
- Minimal risk score (0.2174) with stable routing and DNSSEC validation.
- No persistent malicious activity detected (0 threat persistence days).
- Trend: Risk scores fluctuated between "Minimal" and "Moderate" over the past 30 days.
---
**4. Relationships & DNS**
- DNS Associations:
- Linked to `proxy-ca001-san240.ahrefs.net` (Ahrefs, a cloud infrastructure provider).
- Network Relationships:
- Same network as 131 active IPs, 124 flagged as high-risk.
- No Tor, CDN, or mobile carrier associations.
---
**5. Neighborhood Analysis**
- Subnet Risk:
- 79% of neighbors scored "Medium" risk, 21% "Low."
- 100+ IPs in the subnet; 124 are linked to high-risk activity.
- Abuse Density: Subnet classified as "high_abuse."
---
**6. Actionable Insights**
- SOC Recommendation:
- Monitor the 54.39.6.0/24 subnet for lateral movement or suspicious traffic.
- Verify DNS associations with `ahrefs.net` for potential infrastructure compromises.
- No immediate mitigation required for this IP, but watch for changes in subnet behavior.
Note: The IP is associated with a legitimate cloud provider, but its subnet exhibits elevated risk. Correlate with internal threat intel for context.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059680 |
| CIDR Block | 54.39.6.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca001-san240.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca001-san240.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:36 UTC |
| Last Seen | 2026-06-28 18:04:45 UTC |
| Profile Built | 2026-06-29 06:09:07 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 23 |
Full dossier details are available via our API.