54.39.6.66
IP Intelligence Briefing: 54.39.6.66
Date: 2026-06-18
---
**1. Core Profile**
- Risk Score: Moderate (40/100)
- Provider: OVH (ASN 16276)
- Organization: Ahrefs Pte Ltd (OVH-CUST-281059680)
- Geolocation: Canada (QC, Beauharnois)
- Network Role: Cloud Compute (Hosting, No Public Services)
---
**2. Threat & Security Indicators**
- Malicious Activity: No direct indicators (no malware, spam, or known attacker tags).
- DNS: Resolves to `proxy-ca001-san66.ahrefs.net` (ahrefs.net).
- TLS/Services: No open ports or TLS certificates detected.
- Subnet Risk:
- /24 Subnet (54.39.6.0/24): High abuse density (0.5977), with 153 malicious neighbors.
- Inherited Risk: 23/100 (substantial risk from neighboring IPs).
---
**3. Observation History**
- Recent Signals (Last 30 Days):
- Minimal operator risk (0.2174).
- DNSSEC and CAA records validated.
- Subnet abuse density flagged as "high_abuse."
- Consistency: Stable ownership (OVH) but high-risk subnet.
---
**4. Network Relationships**
- Linked Entities:
- Same network: OVH-CUST-281059680 (54.39.6.0/24).
- DNS: `ahrefs.net` (no email auth records).
- Control Plane:
- BGP prefix: `54.39.0.0/16` (OVH).
- No route stability issues.
---
**5. Recommended Actions**
1. Monitor Subnet: High abuse density in 54.39.6.0/24 suggests potential for lateral movement or compromised hosts.
2. Block Neighbors: Consider blocking IPs with high risk scores in the same subnet.
3. Validate DNS: Investigate `ahrefs.net` for potential misconfiguration or spoofing.
4. Restrict Access: Apply firewall rules to limit traffic from this subnet unless necessary.
---
Summary:
The IP 54.39.6.66 is registered to a legitimate cloud provider (OVH) but resides in a high-risk subnet with numerous malicious neighbors. While no direct threats are detected, the subnet's abuse density warrants close monitoring. SOC teams should prioritize isolating this subnet and validating associated services.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059680 |
| CIDR Block | 54.39.6.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca001-san66.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca001-san66.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 30% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:29 UTC |
| Last Seen | 2026-06-27 08:47:11 UTC |
| Profile Built | 2026-06-28 08:53:56 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 29 |
Full dossier details are available via our API.