54.39.6.11
IP Intelligence Briefing: 54.39.6.11
*Generated via IPDebrief Analysis*
---
**Key Findings**
- Risk Profile: Moderate risk (score: 40) with no direct malicious indicators.
- Ownership: Registered to Ahrefs Pte Ltd (OVH ASN 16276), a hosting provider.
- Geolocation: Located in Quebec, Canada (subnet: 54.39.6.0/24), but coordinates and timezone are unverified.
- Network Role: Identified as a cloud-hosted infrastructure (OVH), with no residential/mobile/VPN/CDN flags.
- Threat Context: No active malware, phishing, or spam indicators. However, the subnet (54.39.6.0/24) has high abuse density (51.42%) and 127 threat siblings.
---
**Critical Observations**
1. Subnet Risk:
- The 54.39.6.0/24 subnet is classified as "high_abuse", with 144 active IPs and 127 flagged as threats.
- Inherited risk: 20% (likely from neighboring IPs).
2. DNS & Hosting:
- Linked to ahrefs.net, a legitimate domain with DNSSEC and CAA records.
- No malicious domains or email authentication (SPF/DKIM) detected.
3. Historical Activity:
- Stable over 30 days with no spikes in risk or network changes.
- Last observed on 2026-06-14 with abuse density of 58.98% (subnet-level).
4. Security Posture:
- No open ports or TLS certificates detected.
- No Tor/VPN/proxy associations.
---
**Recommended Actions**
- Monitor Subnet: Track neighboring IPs (e.g., 54.39.6.0, 54.39.6.1) for suspicious activity.
- Verify Hosting: Confirm Ahrefsβ use of this IP and ensure no unauthorized services are hosted.
- Block IP: Consider blocking via firewall rules (see below) if the subnetβs abuse density persists.
---
**Firewall Rules (IPDebrief Recommendations)**
```bash
iptables -A INPUT -s 54.39.6.11 -j DROP
nft add rule inet filter input ip saddr 54.39.6.11 drop
Cloudflare WAF: {"action":"block","filter":{"expression":"ip.src eq 54.39.6.11"}}
AWS WAF: {"Addresses":["54.39.6.11/32"],"Description":"IPDebrief risk 40"}
```
---
**Conclusion**
While 54.39.6.11 itself lacks direct malicious indicators, its subnetβs high abuse density and hosting provider context warrant vigilance. Prioritize monitoring the broader network and verify the IPβs legitimate use.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059680 |
| CIDR Block | 54.39.6.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca001-san11.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca001-san11.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:29 UTC |
| Last Seen | 2026-06-27 08:38:05 UTC |
| Profile Built | 2026-06-28 02:44:16 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.