54.37.118.90
## IP INTELLIGENCE BRIEFING
Target IP: 54.37.118.90/32
Classification: Moderate Risk
Date: Current Intelligence Cycle
---
EXECUTIVE SUMMARY
IP 54.37.118.90 is a cloud infrastructure asset operated by OVH within the Ahrefs Pte Ltd Dmytro organization. The IP carries a risk score of 40 (Moderate Risk) and is associated with the 54.37.0.0/16 BGP prefix under ASN 16276. While no active threat indicators are present, the IP resides in a high-abuse-density subnet (54.37.118.0/24) with 25 of 32 sibling IPs exhibiting threat characteristics.
---
OWNERSHIP AND GEOLOCATION
| Attribute | Value |
|---|---|
| **Organization** | Ahrefs Pte Ltd Dmytro |
| **ASN** | 16276 |
| **ISP/Provider** | OVH (CloudCompute/Hosting) |
| **Geolocation** | France (FR), Europe/Paris timezone |
| **Geographic Consensus** | 1 source, consensus verified |
| **Registration** | ARIN RIR |
---
THREAT INDICATORS
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Campaigns: None correlated
- Tor Exit Node: False
- Known Attacker: False
- Spam Source: False
- DNSBL Listings: 1 of 8 total lists
- Threat Feeds: No active indicators
- DNSBL Listed Count: 1
---
NETWORK INFRASTRUCTURE
- Infrastructure Type: CloudCompute
- Connection Type: Cloud-hosted
- Services Detected: None (Firewalled / No Services)
- Open Ports: None
- Reverse DNS: proxy-fr000-san90.ahrefs.net
- Forward Resolution: proxy-fr000-san90.ahrefs.net
- Domain Association: ahrefs.net
- Infrastructure Classification: Hosting environment with no active services
---
NEIGHBORHOOD ANALYSIS (54.37.118.0/24)
- Total Sibling IPs: 32
- Active Siblings: 23
- Threat Siblings: 25
- Abuse Density: 0.7812 (High Abuse Classification)
- Inherited Risk Score: 31
- Risk Distribution: 0 High / 31 Medium / 0 Low
- Neighbor Risk Scores: Consistently 40-50 across all observed IPs
The subnet exhibits elevated abuse characteristics. All 31 observed neighbors maintain risk scores between 40-50 with authority scores at 50, indicating consistent cloud infrastructure usage with moderate risk profiles.
---
OBSERVATION HISTORY
Total observations: 19 signals
- Recent Activity: June 2026 timeframe
- Ownership Changes: 0 changes detected
- Threat Persistence: 0 days
- Threat Observation Count: 1
- Persistently Malicious: False
- Control Plane Stability: Route changes recorded within 30-day window
- DNSSEC Status: Valid
- CAA Records: Present
The IP shows minimal temporal volatility with no persistent malicious activity detected. Signals indicate stable ownership with periodic monitoring across subnet abuse density, operator scoring, and multi-dimensional risk assessments.
---
SECURITY ACTIONS AND RECOMMENDATIONS
Risk-Based Classification: Moderate Risk (Score 40)
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 54.37.118.90 -j DROP
# nftables
nft add rule inet filter input ip saddr 54.37.118.90 drop
# nginx
deny 54.37.118.90;
# pfSense
54.37.118.90/32
# Cloudflare WAF
{"description":"Block 54.37.118.90 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 54.37.118.90"}}
# AWS WAF
{"Addresses":["54.37.118.90/32"],"Description":"IPDebrief risk 40"}
```
Action Notes: No specific security action recommendations generated. The IP is classified as moderate risk with no active threat indicators. Blocking should be considered based on organizational risk tolerance and correlation with other traffic analysis signals.
---
INTELLIGENCE CONCLUSIONS
1. Legitimate Cloud Infrastructure: The IP operates within OVH cloud hosting infrastructure associated with Ahrefs, a known search engine marketing tool provider.
2. Subnet Context: The 54.37.118.0/24 subnet demonstrates high abuse density (0.7812), suggesting shared infrastructure usage patterns typical of cloud environments.
3. No Active Threats: No blacklist entries, known campaigns, or threat indicators detected.
4. Monitoring Recommendation: While the IP is not actively malicious, the elevated neighborhood abuse density warrants continued monitoring, particularly for anomalous traffic patterns.
---
*Report generated from IPDebrief intelligence platform. All data sourced from real-time network observation and analysis.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr000-san90.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr000-san90.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 17:48:44 UTC |
| Last Seen | 2026-06-28 12:27:30 UTC |
| Profile Built | 2026-06-29 06:32:03 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.