54.39.6.87
# IP Intelligence Briefing: 54.39.6.87/32
Classification: Moderate Risk Cloud Infrastructure Asset
---
## Executive Summary
IP address 54.39.6.87 is a cloud compute endpoint hosted on OVH infrastructure (ASN 16276) in Beauharnois, Quebec, Canada. The IP resolves to ahrefs.net with a reverse DNS entry of proxy-ca001-san87.ahrefs.net. Despite the association with a known legitimate security service provider (Ahrefs), the IP resides within a high-abuse density subnet (0.6602) containing 169 identified threat siblings. The asset presents a moderate risk score of 40 with no active open ports or TLS services detected.
---
## Technical Profile
Network Ownership:
- ASN: 16276 (OVH SAS)
- Organization: OVH-CUST-281059680
- RIR: ARIN
- CIDR Block: 54.39.6.0/24
Geolocation:
- Country: Canada (CA)
- Region: Quebec
- City: Beauharnois
- Accuracy Radius: 3,000 km
Infrastructure Classification:
- Type: Cloud Compute
- Provider: OVH
- Hosting: Yes
- CDN: No
- Proxy/Tor: No
- Status: Firewalled / No Services Detected
DNS Resolution:
- PTR Hostname: proxy-ca001-san87.ahrefs.net
- Forward Resolution: ahrefs.net
- Forward Confirmed: No
- DNSSEC: Valid
- CAA Records: Present
---
## Threat Assessment
Current Risk Score: 40 (Moderate Risk)
Threat Indicators:
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Abuse Confidence: Not available
Control Plane Analysis:
- BGP Prefix: 54.39.0.0/16
- Route Stability: Unstable
- Route Changes (30d): 0
- MOAS Status: No
- IRR Consistency: Not assessed
---
## Neighborhood Analysis
Subnet: 54.39.6.0/24
- Total Siblings: 256
- Active Siblings: 174
- Threat Siblings: 169
- Abuse Density: 0.6602 (High Abuse Classification)
- Inherited Risk: 26
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
The subnet exhibits elevated abuse density with a significant portion of active IPs classified as threats. This environment should be monitored for lateral movement patterns.
---
## Historical Observations
Total Observations: 22
Recent Activity (June 18, 2026):
- Port scanning activity observed
- Subnet abuse density monitoring active
- Operator score assessment: Minimal (0.2174)
- DNS resolution confirmed for ahrefs.net domain
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: No
---
## Relationship Graph
Total Relationships: 42
Key Connections:
- Multiple "Same Network" relationships to OVH-CUST-281059680
- Network-level associations to OVH infrastructure blocks
---
## Recommended Security Actions
Risk Score: 40 β Consider blocking based on organizational policy
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 54.39.6.87 -j DROP
# nftables
nft add rule inet filter input ip saddr 54.39.6.87 drop
# nginx
deny 54.39.6.87;
# pfSense
54.39.6.87/32
# Cloudflare WAF
Expression: ip.src eq 54.39.6.87
Action: Block
# AWS WAF
Addresses: 54.39.6.87/32
Description: IPDebrief risk 40
```
---
## Intelligence Narrative
The target IP 54.39.6.87 operates within OVH cloud infrastructure in Quebec, Canada, with reverse DNS mapping to ahrefs.netβa legitimate web analytics and SEO platform. However, the IP's subnet (54.39.6.0/24) demonstrates significant abuse density with 66% of active neighbors classified as threats. While the specific IP shows no direct malicious indicators (no blacklist entries, no known campaigns, no open services), the high-abuse neighborhood environment warrants defensive consideration.
The absence of open ports and services suggests this endpoint may be used for firewalling, NAT, or as a jump host rather than direct service provision. The moderate risk score of 40 combined with the subnet's elevated abuse profile supports a block recommendation pending organizational policy review. Security teams should monitor the subnet for any changes in risk posture and consider implementing broader subnet-level filtering if the organization's threat model permits.
---
Report Generated: Based on IPDebrief Intelligence Platform data
Analysis Status: Complete
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059680 |
| CIDR Block | 54.39.6.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca001-san87.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca001-san87.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:29 UTC |
| Last Seen | 2026-06-27 08:48:43 UTC |
| Profile Built | 2026-06-28 02:54:26 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 29 |
Full dossier details are available via our API.