54.39.89.174
IP Intelligence Dossier
Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 54.39.89.174
Date: June 18, 2026
---
**1. Risk Profile**
- Overall Risk: Moderate (Risk Score: 40)
- Provider: OVH (ASN: 16276)
- Ownership: Registered to *Dmytro, Ahrefs Pte Ltd* (OVH-CUST-281059691)
- Geolocation: Canada (QC, Beauharnois) | Geo Validation: High RTT (27ms) vs. 5,629km distance (expected min 112ms) β potential misconfiguration or proxy.
- Network Role: Cloud Compute (OVH) | Hosting | No open services detected.
---
**2. Threat Indicators**
- No direct malicious activity: No abuse confidence scores, blacklists, or known campaigns.
- Subnet Abuse:
- 54.39.89.0/24 has 61% abuse density (157/256 IPs flagged).
- 105 active IPs in subnet, with 24 inherited risk points.
- DNS:
- PTR hostname: `proxy-ca012-san174.ahrefs.net` (linked to Ahrefs, a legitimate SEO tool company).
- No email auth (SPF/DKIM) detected.
---
**3. Historical Observations**
- Single observation (June 18, 2026):
- Minimal risk score (0.2174) | High abuse classification (subnet).
- DNSSEC/CAA validated but DNSBL listed (1/8 lists).
---
**4. Network Relationships**
- Linked to OVH network (OVH-CUST-281059691) | 256 IPs in subnet.
- No direct relationships to known malicious entities or campaigns.
---
**5. Recommendations**
- Monitor subnet activity: High abuse density in 54.39.89.0/24 suggests potential lateral movement or shared infrastructure risks.
- Verify geolocation anomalies: Investigate the low RTT vs. distance discrepancy (could indicate spoofing or proxy use).
- Check Ahrefsβ infrastructure: Confirm if this IP is part of legitimate cloud hosting or unusual activity.
- Block suspicious siblings: Consider firewall rules for high-risk IPs in the subnet (e.g., via iptables/nftables).
Conclusion: While the IP itself shows no direct malicious signals, its association with a high-abuse subnet and geo validation anomalies warrants further investigation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca012-san174.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san174.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
No certificate
Issued by β
N/A
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 10 | 15 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
β Claimed geolocation contradicts RTT physics measurement
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:29 UTC |
| Last Seen | 2026-06-27 08:52:56 UTC |
| Profile Built | 2026-06-28 02:57:51 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 29 |
π 22 signal types Β· 29 observations collected
This report is generated from 22+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.