54.39.6.113
IP Intelligence Briefing: 54.39.6.113
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: Moderate (40/100)
- Ownership:
- ASn: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: 54.39.6.0/24 (OVH-CUST-281059680)
- Geolocation:
- Country: Canada (QC, Beauharnois)
- Accuracy: 3000 km radius
- Network Role:
- Type: CloudCompute Hosting
- Provider: OVH
- Subnet Abuse Density: High (0.5082)
---
**2. Threat & Activity**
- Threat Indicators:
- No direct malicious indicators (no malware, spam, or known attacker activity).
- DNS Associations: Linked to `proxy-ca001-san113.ahrefs.net` (Ahrefs domain).
- Historical Observations:
- Recent DNS resolution for `ahrefs.net` (2026-06-10).
- Subnet abuse density classified as "high_abuse" (0.5082).
- Network stability: Unstable (route changes detected).
---
**3. Network Relationships**
- Subnet: 54.39.6.0/24 (244 IPs total, 133 active).
- Neighboring IPs:
- Risk Distribution: 79 medium-risk, 21 low-risk IPs.
- High-Risk Siblings: 124 IPs flagged in the subnet.
- Key Associations:
- OVH-CUST-281059680 (same network).
- Ahrefs.net (DNS host).
---
**4. Actionable Insights**
- Monitor Subnet: The 54.39.6.0/24 subnet has high abuse density. Investigate traffic patterns and correlate with neighboring IPs.
- Check Ahrefs Infrastructure: The DNS host `proxy-ca001-san113.ahrefs.net` is linked to the IP. Verify if itβs part of legitimate Ahrefs services.
- Network Stability: The IPβs route is unstable (route changes detected). Monitor for potential network hijacking or misconfigurations.
- Geolocation Discrepancy: The IPβs geolocation (Canada) does not align with the subnetβs high abuse density, suggesting possible spoofing or misconfigured infrastructure.
---
Conclusion:
The IP is part of a OVH-hosted network associated with Ahrefs. While no direct threats are detected, the subnetβs high abuse density and unstable routing warrant further investigation. SOC teams should prioritize monitoring traffic patterns and validating DNS relationships to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059680 |
| CIDR Block | 54.39.6.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca001-san113.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca001-san113.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 2 |
| geolocation | 34% | 2 | 3 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 12:24:28 UTC |
| Last Seen | 2026-06-28 22:02:07 UTC |
| Profile Built | 2026-06-29 04:06:30 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.