54.39.136.89
## INTELLIGENCE BRIEFING: 54.39.136.89/32
Classification: Low Risk (Score: 25/100) | Status: Active | Date: 2026-06-26
---
EXECUTIVE SUMMARY
IP 54.39.136.89 is a low-risk cloud compute endpoint associated with legitimate Ahrefs infrastructure. While the endpoint itself shows no active threat indicators, its /24 subnet demonstrates mixed security characteristics with elevated peer risk. No immediate blocking required, but subnet-level awareness recommended for monitoring.
---
OWNERSHIP & INFRASTRUCTURE
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059681 (54.39.136.0/24)
- Classification: Cloud Compute / Hosting
- Infrastructure Type: Cloud
---
GEOLOCATION & NETWORK POSITIONING
- Reported Location: Canada, Quebec, Beauharnois
- Geolocation Confidence: 1 source, consensus true
- Geo Validation: โ ๏ธ Anomaly Detected
- Observed RTT: 26ms
- Minimum Possible RTT for distance (5,629km): 112.6ms
- Assessment: Reported geolocation inconsistent with network measurements
---
THREAT PROFILE
- Risk Score: 25/100 (Low)
- Operator Score: 0.087 (Minimal)
- Abuse Confidence: None scored
- Blacklist Status: 0 lists (DNSBL: 1/8 lists)
- Threat Indicators: None detected
- Campaign Affiliation: None identified
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
---
DNS & SERVICE ANALYSIS
- PTR Hostname: proxy-ca002-san89.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- Services: None detected (firewalled/no services)
- Open Ports: 0
- TLS Certificate: None exposed
---
SUBNET NEIGHBORHOOD ANALYSIS
Block: 54.39.136.0/24
- Total Siblings: 256 IPs
- Active Siblings: 189
- Threat Siblings: 119
- Abuse Density: 0.4648 (46.5%)
- Risk Distribution:
- High Risk: 0
- Medium Risk: 55
- Low Risk: 45
Assessment: Subnet exhibits mixed classification with nearly half of active peers flagged as threats. Target IP remains low-risk but operates in a high-density environment requiring contextual awareness.
---
OBSERVATION HISTORY
- Total Observations: 22
- Ownership Changes: 0
- Threat Persistence Days: 0
- Observation Count: 1
- Persistently Malicious: No
- Recent Signals: DNS resolution, ASN assignment, subnet classification, geolocation data
---
RELATIONSHIP MAPPING
- Network Relationships: 54 connections (all Same Network type)
- Target Network: OVH-CUST-281059681
- No External Relationships: No certificates, hostnames, or organizations beyond network scope
---
RECOMMENDED ACTIONS
Current Status: Monitor, No Immediate Action Required
Firewall Rules: None recommended (risk score below threshold)
SOC Guidance:
1. Allow Traffic: Endpoint is legitimate Ahrefs infrastructure with no threat indicators
2. Monitor Subnet: Track 54.39.136.0/24 for elevated threat activity (46.5% abuse density)
3. Geo Validation: Investigate geolocation inconsistency (RTT violation) if security concerns arise
4. Log Correlation: Monitor for any pattern correlation with the 119 flagged threat siblings in this subnet
5. Alert Threshold: No immediate alert warranted; maintain baseline logging
---
INTELLIGENCE NOTES
This IP represents legitimate Ahrefs infrastructure with a clean threat profile. The subnet context indicates it shares infrastructure with potentially compromised peers, which may influence risk assessment for broader network segments. Geovalidation anomaly warrants periodic review but does not currently indicate malicious activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059681 |
| CIDR Block | 54.39.136.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca002-san89.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca002-san89.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 23% | 2 | 2 |
| reputation | 34% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 15:05:32 UTC |
| Last Seen | 2026-06-27 19:46:27 UTC |
| Profile Built | 2026-06-28 13:51:02 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.