54.39.136.170
# IP Intelligence Briefing: 54.39.136.170/32
## Executive Summary
The IP address 54.39.136.170 is a moderate-risk (50) cloud infrastructure endpoint operated by OVH on behalf of Ahrefs Pte Ltd. The IP resolves to a hostname in the ahrefs.net domain and is located in Quebec, Canada, though geolocation data shows significant anomalies. The subnet exhibits high abuse density with 174 out of 256 active siblings flagged as threats.
## Network Profile
- IP Address: 54.39.136.170/32
- Risk Score: 50 (Moderate Risk)
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: 54.39.136.0/24
- Infrastructure Type: CloudCompute / Hosting
- Country: Canada (CA)
- Region: Quebec (QC)
- City: Beauharnois
## Threat Indicators
- DNSBL Listings: 2 of 8 lists
- Tor Exit: No
- Known Attacker: No
- Spam Source: No
- Active Threats: None currently detected
- Network Role: Firewalled / No Services (no open ports detected)
## Geolocation Anomalies
Geolocation data exhibits significant inconsistencies:
- Claimed location: Beauharnois, Quebec
- Inferred geolocation: Latitude 56.13, Longitude -106.35 (implies Canadian Arctic region)
- RTT Anomaly: Observed RTT of 27ms contradicts minimum possible RTT of 112.6ms for 5,628km distance
- Geo-plausibility: False
## Subnet Analysis
The /24 subnet (54.39.136.0/24) demonstrates elevated abuse characteristics:
- Abuse Density: 0.6797 (High)
- Classification: High Abuse
- Active Siblings: 182
- Threat Siblings: 174
- Inherited Risk Score: 27
- Neighborhood Risk Distribution: 100 medium-risk IPs, 0 high-risk IPs
## DNS Resolution
- PTR Hostname: proxy-ca002-san170.ahrefs.net
- Resolved Domain: ahrefs.net
- Forward Confirmation: False
- DNSSEC Valid: Yes
- CAA Records: Present
- Email Authentication: No SPF or DMARC records detected
## Historical Observations (19 Total)
Recent signals indicate:
- Multiple confirmed OVH hosting classification
- Consistent ahrefs.net DNS association
- Persistent geolocation discrepancies
- No persistent malicious activity observed (threat persistence: 0 days)
- No ownership changes detected
## Relationship Graph
- Network Associations: Multiple entries for OVH-CUST-281059681
- DNS Associations: proxy-ca002-san170.ahrefs.net (15 relationship entries)
- No external campaign correlations
## Recommended Actions
Based on risk profile, the following firewall rules are recommended:
iptables:
```bash
iptables -A INPUT -s 54.39.136.170 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 54.39.136.170 drop
```
nginx:
```nginx
deny 54.39.136.170;
```
Cloudflare WAF:
```json
{"description":"Block 54.39.136.170 โ IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 54.39.136.170"}}
```
AWS WAF:
```json
{"Addresses":["54.39.136.170/32"],"Description":"IPDebrief risk 50"}
```
## Intelligence Assessment
This IP represents legitimate cloud infrastructure (OVH hosting for Ahrefs) but resides in a high-abuse-density subnet. The geolocation anomalies and DNSBL listings suggest potential reputation issues within the hosting environment. While no active malicious indicators are present, the inherited subnet risk (27) and high abuse density warrant monitoring. The moderate risk score (50) combined with the subnet context suggests defensive blocking may be warranted depending on organizational threat tolerance.
Classification: Moderate Risk โ Monitor/Block Based on Context
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059681 |
| CIDR Block | 54.39.136.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca002-san170.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca002-san170.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 17% | 1 | 2 |
| geolocation | 37% | 2 | 3 |
| Overall | 21% | 9 | 11 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-09 06:34:29 UTC |
| Last Seen | 2026-06-21 15:50:31 UTC |
| Profile Built | 2026-06-21 16:10:35 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.