54.39.6.37
IP Intelligence Briefing: 54.39.6.37
Date: 2026-06-16
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: OVH (AS16276)
- Ownership: Registered to *Dmytro, Ahrefs Pte Ltd* (OVH-CUST-281059680)
- Geolocation: Canada (QC, Beauharnois) β Geo Validation: Plausible? No (RTT discrepancy: 30ms vs. expected 112.6ms for 5629km).
- Network Role: CloudCompute (OVH infrastructure).
---
**2. Threat Indicators**
- Threat Detection: No direct indicators (no malware, spam, or known attacker tags).
- Neighborhood Risk:
- Subnet 54.39.6.0/24 has 58.59% abuse density.
- 150/256 IPs in the subnet are flagged as "threat siblings."
- High-risk IPs dominate the subnet (100% high/medium risk).
- DNS Associations: Linked to proxy-ca001-san37.ahrefs.net (Ahrefs).
---
**3. Temporal Observations**
- Recent Activity (2026-06-16):
- Low-confidence DNSSEC validation (score 0.2174).
- BGP routing stability: Unstable (route changes in 30d).
- TLS/HTTP scans: No open ports or services detected.
- Historical Data: Minimal observations (0 threat persistence days).
---
**4. Relationships & Context**
- Linked Entities:
- OVH-CUST-281059680 (same network).
- proxy-ca001-san37.ahrefs.net (DNS hostname).
- Certificates/TLS: No TLS certs or HTTP services detected.
---
**5. Recommended Actions**
- Block IP: Implement firewall rules to block traffic from 54.39.6.37/32.
- Subnet Monitoring: Investigate the 54.39.6.0/24 subnet for compromised hosts.
- DNS Analysis: Monitor proxy-ca001-san37.ahrefs.net for malicious activity.
- Geolocation Verification: Validate the IP's location (potential spoofing).
---
**6. Summary**
This IP is part of a high-abuse subnet managed by OVH, linked to Ahrefs. While no direct threats are detected, the subnetβs abuse density and geo validation anomalies warrant close monitoring. Consider blocking the IP and correlating it with other hosts in the subnet for potential compromise.
Next Steps: Verify DNS associations, check subnet-wide threats, and validate the IPβs geolocation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059680 |
| CIDR Block | 54.39.6.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca001-san37.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca001-san37.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 17% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-10 19:50:35 UTC |
| Last Seen | 2026-06-21 17:48:03 UTC |
| Profile Built | 2026-06-21 17:49:18 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.