54.39.89.160
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
## INTELLIGENCE BRIEFING: 54.39.89.160/32
CLASSIFICATION: Moderate Risk | TIMESTAMP: 2026-06-23
EXECUTIVE SUMMARY
IP address 54.39.89.160 is assigned to OVH cloud infrastructure (ASN 16276, organization: Dmytro/Ahrefs Pte Ltd) and maintains a moderate risk profile with a risk score of 40/100. The address operates within a high-abuse density subnet (54.39.89.0/24) showing elevated neighborhood threat indicators.
OWNERSHIP & INFRASTRUCTURE
- Network: 54.39.89.0/24 (OVH-CUST-281059691)
- ASN: 16276
- Organization: Dmytro, Ahrefs Pte Ltd
- Infrastructure Type: CloudCompute (Hosting enabled)
- Geolocation: Canada, Quebec, Beauharnois (3000km accuracy radius)
- Registration: ARIN
NETWORK ROLE & CLASSIFICATION
- Primary Classification: Cloud hosting infrastructure
- Provider: OVH
- Connection Type: Firewalled/No Services detected
- Anycast: No
- Proxies/VPN/Tor: Not identified
DNS & HOSTING ANALYSIS
- PTR Hostnames: proxy-ca012-san160.ahrefs.net
- Forward Resolution: Forward confirmed to ahrefs.net (1 hostname)
- Email Authentication: SPF and DMARC not configured
- Service Status: No open ports detected; infrastructure appears firewalled
THREAT INDICATORS
- Abuse Confidence: Not scored
- Known Campaigns: None identified
- Blacklist Count: 0 (profile) / 1 DNSBL listing (control plane)
- Tor Exit: No
- Known Attacker: No
- Spam Source: No
NETWORK THREAT LANDSCAPE
- Subnet Abuse Density: 0.75 (high_abuse classification)
- Total Siblings: 256 in /24 block
- Active Siblings: 132
- Threat Siblings: 192
- Inherited Risk Score: 30/100
- Neighborhood Risk Distribution: 100 medium-risk neighbors, 0 high-risk, 0 low-risk
OBSERVATION HISTORY (24 TOTAL OBSERVATIONS)
- Latest Observation: 2026-06-23T18:36:10
- Signal Consistency: Mixed signals with minimal operator scores (0.087-0.30)
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0 recorded
GEOVALIDATION ANOMALIES
- RTT Violation Detected: 27.0ms measured vs. 112.6ms minimum possible for 5629km distance
- Geo Plausible: No
- Minimum RTT: 27ms
- Average RTT: 31.2ms
- Probe Count: 5
RECOMMENDED ACTIONS
- Monitor: Track subnet-level threat indicators; 192 threat siblings in same /24 block
- Block Consideration: Evaluate blocking if traffic patterns indicate malicious activity; neighborhood shows elevated abuse density
- Email Security: Verify email authentication headers (SPF/DMARC not configured)
- Traffic Analysis: No services detected; monitor for service emergence
ENDNOTES
This IP belongs to OVH cloud hosting infrastructure and is associated with the ahrefs.net domain. While the IP itself shows no direct threat indicators, the subnet demonstrates high abuse density. Monitor for anomalous traffic patterns or service emergence that could indicate compromised infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san160.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san160.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 22% | 10 | 14 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Claimed geolocation contradicts RTT physics measurement
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:29 UTC |
| Last Seen | 2026-06-27 08:52:26 UTC |
| Profile Built | 2026-06-28 02:57:51 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 30 |
๐ 21 signal types ยท 30 observations collected
This report is generated from 21+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.