54.39.89.201
IP Intelligence Briefing: 54.39.89.201
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership: Registered to Ahrefs Pte Ltd (OVH, ASN 16276).
- Geolocation: Quebec, Canada (Beauharnois).
- Network Role: Hosting provider (OVH).
- Threat Indicators: No direct malicious activity detected.
---
**2. Threat & Network Analysis**
- Subnet: 54.39.89.0/24
- Abuse Density: 51.41% (High Abuse classification).
- Neighbor Risk:
- 88 IPs flagged as medium-risk.
- 12 IPs flagged as low-risk.
- 0 high-risk IPs in the subnet.
- Subnet Activity:
- 96 active IPs; 128 are associated with threats.
- Inherited risk score: 20.
---
**3. Observations & History**
- Recent Activity:
- DNS records linked to proxy-ca012-san201.ahrefs.net.
- BGP prefix: 54.39.0.0/16 (OVH).
- No recent scans or honeypot hits.
- Trend: Stable risk profile with no significant changes over 30 days.
---
**4. Relationships**
- Network Connections:
- Linked to OVH-CUST-281059691 (same subnet).
- No direct ties to known malicious campaigns or domains.
- DNS:
- PTR hostname: proxy-ca012-san201.ahrefs.net.
- No email authentication (SPF/DKIM) detected.
---
**5. Recommendations**
- Monitor Subnet: High abuse density in 54.39.89.0/24 warrants closer scrutiny.
- Check Hosting Compliance: Verify Ahrefsβ hosting infrastructure for potential compromised servers.
- Block Neighbor IPs: Consider blocking high-risk neighbors (if not already in scope).
- Validate Geolocation: Discrepancy between Canada and OVHβs global infrastructure may require further validation.
---
Note: No direct malicious activity detected, but the subnetβs high abuse density and hosting role necessitate continued monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca012-san201.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san201.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 20% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-08 17:18:10 UTC |
| Last Seen | 2026-06-27 14:06:26 UTC |
| Profile Built | 2026-06-28 08:11:34 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.