54.39.6.200
# INTELLIGENCE BRIEFING: IP 54.39.6.200/32
## EXECUTIVE SUMMARY
IP address 54.39.6.200/32 is a moderate-risk infrastructure host operated by OVH in Canada. The IP belongs to a high-abuse density subnet with significant neighborhood risk, though the target IP itself shows no direct threat indicators. Current classification indicates cloud compute infrastructure with no active services.
## PROFILE OVERVIEW
Risk Assessment: Moderate Risk (Score: 40/100)
Provider: OVH (ASN 16276)
Organization: Dmytro, Ahrefs Pte Ltd
Network Block: 54.39.6.0/24
Geolocation: Beaucharnois, Quebec, Canada
Infrastructure Type: Cloud Compute / Hosting
## THREAT INTELLIGENCE
Direct Threat Indicators: None detected
- Not classified as Tor exit node, known attacker, or spam source
- Blacklist count: 0
- DNSBL listings: 1 of 8 total lists
- No known threat campaigns correlated
Network Role: Cloud infrastructure with firewalled configuration (no services detected on open ports)
Control Plane Data:
- BGP Prefix: 54.39.0.0/16
- Route stability: Flagged as unstable
- DNSSEC: Valid
- Operator score: 0.2174 (Minimal operator concern)
## NEIGHBORHOOD ANALYSIS
Subnet Risk Profile: HIGH ABUSE
- Abuse density: 0.6602
- Subnet classification: High abuse
- Total sibling IPs: 256
- Active sibling IPs: 182
- Threat sibling IPs: 169 (67% of active siblings)
- Inherited risk score: 26
Risk Distribution in /24:
- High risk: 0
- Medium risk: 100
- Low risk: 0
The /24 subnet demonstrates elevated abuse activity with the majority of active neighbors scoring in the medium risk range. This contextualizes the IP within a broader infrastructure pattern of hosting-related abuse.
## OBSERVATION HISTORY
Total Observations: 21
Timeline: June 2019 through June 2026
Key Trends:
- Consistent "high_abuse" classification for subnet across observation periods
- Subnet abuse density maintained at 0.6602
- Operator scores fluctuated between 0.087 and 0.2174
- No ownership changes recorded
- Threat persistence: 0 days (not persistently malicious)
Most Recent Signals (June 25, 2026):
- Operator score: 0.1 (Minimal concern)
- Overall profile confidence: Low (0.1956)
- Signal coverage: All 6 dimensions covered
## RELATIONSHIP GRAPH
Total Relationships: 62
Primary Association: OVH-CUST-281059680 network
- Multiple relationships confirm infrastructure ownership
- Consistent network attribution across all relationship types
- No relationships to known malicious organizations or campaigns
## DNS & SERVICES
PTR Record: proxy-ca001-san200.ahrefs.net
Domain: ahrefs.net
Forward Resolution: Confirmed (1 hostname)
Services: No open ports detected
TLS Certificate: Not available
HTTP Title: Not available
## RECOMMENDED ACTIONS
No specific firewall rules or blocking recommendations generated based on current risk profile. The IP demonstrates moderate risk primarily due to neighborhood context rather than direct threat indicators.
Recommended Monitoring Strategy:
- Monitor for changes in service exposure (currently firewalled)
- Track neighborhood activity in 54.39.6.0/24 subnet
- Watch for DNSBL listing changes (currently 1 of 8 lists)
- No immediate blocking advised; maintain passive monitoring
---
Analyst Notes: This IP represents legitimate cloud infrastructure hosting services (Ahrefs.net) within a high-abuse neighborhood. The moderate risk score (40) reflects neighborhood context rather than IP-specific malicious activity. SOC teams should focus on behavioral monitoring rather than static blocking.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059680 |
| CIDR Block | 54.39.6.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca001-san200.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca001-san200.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 20% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 17:18:10 UTC |
| Last Seen | 2026-06-27 14:06:06 UTC |
| Profile Built | 2026-06-28 08:11:34 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 26 |
Full dossier details are available via our API.