54.39.89.138
# IP Intelligence Briefing: 54.39.89.138
Classification: Moderate Risk
Date: 2026-06-15
Analyst: IPDebrief SOC Intelligence Team
---
## Executive Summary
IP address 54.39.89.138 is a cloud-based infrastructure asset hosted on OVH infrastructure with moderate risk characteristics (Risk Score: 40). The IP resolves to ahosted under the Ahrefs domain infrastructure and is part of a subnet exhibiting elevated abuse density metrics. No active threat indicators or known malicious campaigns were identified during the latest observation window.
---
## Technical Profile
| Attribute | Value |
|---|---|
| **IP Address** | 54.39.89.138/32 |
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Netname** | OVH-CUST-281059691 |
| **CIDR Block** | 54.39.89.0/24 |
| **Geolocation** | Canada (QC, Beauharnois) |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Reputation** | Moderate Risk (40) |
---
## DNS & Service Analysis
DNS Resolution:
- PTR Hostname: `proxy-ca012-san138.ahrefs.net`
- Forward Resolution: Confirmed
- Forward Hostnames: `proxy-ca012-san138.ahrefs.net`
Service Exposure:
- Open Ports: None detected
- TLS Certificate: Not observed
- HTTP Title: Not observed
- Status: Firewalled / No Services
---
## Threat Indicators
| Indicator | Status |
|---|---|
| Blacklist Count | 0 |
| Is Tor Exit | No |
| Is Known Attacker | No |
| Is Spam Source | No |
| Abuse Confidence Score | Not Available |
| Known Campaigns | None |
| Threat Feeds | Empty |
---
## Neighborhood Analysis (54.39.89.0/24)
- Total Siblings: 256
- Active Siblings: 125
- Threat Siblings: 182
- Abuse Density: 0.7109 (High Abuse Classification)
- Inherited Risk: 28
- Risk Distribution in /24: 0 High, 100 Medium, 0 Low
Note: The subnet shows elevated abuse density with a significant portion of sibling IPs flagged as medium-risk. The target IP shares infrastructure characteristics with multiple neighboring addresses.
---
## Observation History
Total Observations: 19 signals
Key Historical Signals:
1. Ownership Stability: Consistent ownership with no changes detected (0 ownership changes)
2. Threat Persistence: 0 threat persistence days (no persistent malicious activity)
3. Geo Validation: Discrepancy detected between claimed geolocation (Beauharnois, QC) and network latency measurements. RTT violation: 27ms observed vs. minimum possible 112.6ms for 5,629km distance.
4. Control Plane: DNSSEC validation confirmed. Operator score: 0.2174 (Minimal)
5. Route Stability: BGP route changes recorded in last 30 days
---
## Relationship Graph
Total Relationships: 48 identified
- Primary relationship type: Same Network (OVH-CUST-281059691)
- No external entity relationships detected (organizations, hostnames, certificates beyond DNS)
---
## Recommended Security Actions
Based on the moderate risk profile and infrastructure classification:
1. Allow by default: The IP is cloud-hosted infrastructure with no open services detected
2. Monitor for changes: Track DNS resolution patterns for the ahrefs.net hostname
3. Contextual review: Consider the subnet-level abuse density (0.7109) when evaluating traffic patterns
4. No immediate blocking recommended: No active threat indicators present
---
## Conclusion
IP 54.39.89.138 is a cloud-compute infrastructure address associated with OVH hosting. The moderate risk score reflects the subnet-level abuse density rather than IP-specific malicious activity. No direct threat indicators were observed. SOC teams should monitor for changes in DNS resolution patterns and be aware of the elevated abuse density within the parent subnet.
---
*Intelligence generated by IPDebrief Platform. Data current as of 2026-06-15.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san138.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san138.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:58:07 UTC |
| Last Seen | 2026-06-28 14:49:12 UTC |
| Profile Built | 2026-06-29 08:54:03 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 25 |
Full dossier details are available via our API.