54.39.89.1
IP Intelligence Briefing: 54.39.89.1/32
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: Low (25/100)
- Ownership:
- ISP: OVH (ASN 16276)
- Organization: Ahrefs Pte Ltd (OVH-CUST-281059691)
- Geolocation: Registered to Quebec, Canada, but geo-validation flags it as implausible (RTT discrepancy suggests non-residential origin).
- Network Role: Hosting infrastructure (no public services detected).
- Threat Indicators: No malicious activity, spam, or known attacker associations.
---
**2. Observation History**
- Stability: Ownership has been stable for ~9,237 days (over 25 years).
- Recent Activity:
- Last network transfer recorded in 2017 (3,150 days ago).
- No recent threat signals or DNS anomalies.
- Subnet Analysis:
- 54.39.89.0/24 subnet has mixed risk: 79% medium-risk IPs, 21% low-risk.
- Abuse Density: 44.9% of siblings show suspicious behavior (110/245 IPs).
---
**3. Relationships**
- DNS Associations:
- Linked to `proxy-ca012-san1.ahrefs.net` (likely Ahrefsβ internal proxy infrastructure).
- Network Affiliation:
- Same ASN (OVH) as 110 high-risk neighbors, suggesting shared hosting environment.
---
**4. Neighborhood Analysis**
- Subnet: 54.39.89.0/24
- Neighbor Risks:
- 79 IPs flagged as medium-risk (average score 40β50).
- 21 low-risk IPs.
- Abuse Density: 44.9% of subnet IPs show abuse indicators.
---
**5. Recommendations**
- Monitor Subnet: High-risk neighbors (e.g., 54.39.89.0, 54.39.89.2) may require closer scrutiny.
- Verify Geolocation: Discrepancy between registered location (Canada) and RTT (suggests non-residential origin) warrants further investigation.
- Block Suspicious Neighbors: Consider isolating high-risk IPs in the subnet to mitigate potential lateral movement.
- Check DNS: Ensure no unauthorized DNS associations or spoofing activity.
Note: This IP appears legitimate but is part of a subnet with notable abuse activity. SOC teams should prioritize monitoring neighboring IPs and validate the geolocation anomaly.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca012-san1.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san1.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 30% | 3 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 27% | 12 | 18 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 18:30:57 UTC |
| Last Seen | 2026-06-28 23:05:08 UTC |
| Profile Built | 2026-06-29 05:09:47 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 27 |
Full dossier details are available via our API.