54.39.0.135
# INTELLIGENCE BRIEFING: 54.39.0.135/32
Classification: Moderate Risk - Cloud Infrastructure IP
Date: 2026-06-18
---
## EXECUTIVE SUMMARY
IP 54.39.0.135 is a cloud-compute infrastructure address hosted on OVH infrastructure, associated with Ahrefs Pte Ltd. The IP presents a moderate risk score (40) primarily due to elevated neighborhood abuse density rather than direct malicious indicators. No open services detected; traffic is likely firewalled.
---
## OWNERSHIP & INFRASTRUCTURE
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 54.39.0.0/24
- Infrastructure Type: CloudCompute / Hosting
- DNS Resolution: proxy-ca004-san135.ahrefs.net (Ahrefs network)
- Services: No open ports detected (Firewalled / No Services)
- Location: Beauharnois, QC, Canada (CA)
- Note: Geolocation validation shows RTT discrepancy (26ms observed vs. 112.6ms minimum possible for distance)
---
## THREAT ASSESSMENT
Risk Score: 40 (Moderate Risk)
| Category | Finding |
|---|---|
| **Abuse Confidence** | Not directly confirmed |
| **Blacklist Count** | 0 |
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Campaign Correlation** | None |
| **Threat Feeds** | Empty |
Risk Drivers:
- Subnet-level abuse density: 0.6953 (High)
- Inherited risk from neighborhood: 27
- DNSBL listings: 1 of 8 total lists
- Operator score: 0.2174 (Minimal)
---
## NEIGHBORHOOD ANALYSIS
Subnet: 54.39.0.0/24
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 220 |
| Threat Siblings | 178 |
| Abuse Density | 0.6953 |
| Classification | high_abuse |
| Average Neighbor Risk | 40 |
Context: The /24 subnet shows significant abuse concentration. 178 of 220 active sibling IPs are flagged as threat IPs. This contextual risk elevates the target IP's risk profile despite lack of direct malicious indicators.
---
## OBSERVATION HISTORY
Total Observations: 23 signals
Recent Activity:
- 2026-06-18T13:48:32 UTC: Subnet abuse classification confirmed (abuse_density: 0.6953)
- 2026-06-18T13:45:54 UTC: Control plane operator score: 0.2174 (Minimal)
- 2026-06-14T05:53:49 UTC: Geographic location signal: CA (confidence: 0.175)
Temporal Analysis: No evidence of persistently malicious behavior. Threat observation count: 1. Ownership stable with zero changes recorded.
---
## RELATIONSHIP GRAPH
Connected Entities: 45 relationship indicators
- Primary Association: OVH-CUST-281059683 (Multiple network-level links)
- DNS Relationship: Ahrefs.net domain infrastructure
- Network Classification: Same Network relationships to OVH customer subnet
---
## RECOMMENDED ACTIONS
Blocking Recommended: Yes (Probabilistic - combine with other signals)
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 54.39.0.135 -j DROP
# nftables
nft add rule inet filter input ip saddr 54.39.0.135 drop
# nginx
deny 54.39.0.135;
# pfSense
54.39.0.135/32
# Cloudflare WAF
ip.src eq 54.39.0.135 โ Block
# AWS WAF
54.39.0.135/32 โ Block
```
---
## ANALYST NOTES
- Infrastructure Context: This is a headless cloud server with no exposed services. The risk profile is neighborhood-driven rather than IP-specific.
- Ahrefs Association: DNS resolution points to Ahrefs proxy infrastructure, suggesting legitimate use case. However, the high-abuse subnet context warrants monitoring.
- Mitigation Strategy: Consider subnet-level policies if the threat profile extends across the /24. Monitor for correlated malicious activity from sibling IPs.
- False Positive Risk: Moderate. The IP may be legitimately hosted infrastructure within a high-risk cloud block.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca004-san135.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san135.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:28 UTC |
| Last Seen | 2026-06-27 07:57:41 UTC |
| Profile Built | 2026-06-28 02:03:11 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 29 |
Full dossier details are available via our API.