54.39.89.203
IP Intelligence Briefing: 54.39.89.203
*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership:
- ASN 16276 (OVH)
- Organization: *Dmytro, Ahrefs Pte Ltd*
- Netname: *OVH-CUST-281059691*
- Geolocation:
- Country: Canada (CA)
- Region: Quebec (QC)
- City: Beauharnois
- Geo Plausibility: False (RTT anomalies detected)
- Network Role:
- Cloud Compute (OVH infrastructure)
- Hosting: Yes
- Subnet: 54.39.89.0/24
---
**2. Threat & Activity**
- Threat Indicators: None detected (no malware, spam, or known attacker associations).
- DNS Associations:
- Resolves to `proxy-ca012-san203.ahrefs.net` (likely a proxy or server for Ahrefs).
- Routing Anomalies:
- Traceroute shows RTT (Round-Trip Time) of 27ms, inconsistent with 5,628km distance (minimum expected: ~112ms).
- Geo plausibility flag: False (potential spoofing or data center location).
---
**3. Network Relationships**
- Subnet: 54.39.89.0/24 (OVH-owned)
- Neighbors:
- 100 IPs in subnet (91 medium-risk, 9 low-risk).
- Abuse density: 0% (subtle risk).
- Linked Entities:
- Direct DNS ties to `ahrefs.net` (Ahrefs, a legitimate SEO tool provider).
---
**4. Historical Observations (2026-06-09)**
- DNS Activity:
- `ahrefs.net` resolved with CAA records (valid DNSSEC).
- Routing Stability:
- BGP route stability: Basic (operator score: 0.43).
- Traffic Patterns:
- No persistent threats or ownership changes detected.
---
**5. Actionable Insights**
- Monitor: Traffic to/from `ahrefs.net` for anomalies (e.g., unexpected volumes, geolocation mismatches).
- Verify: Confirm if the IP is a legitimate proxy or misconfigured server.
- Subnet Context: While the subnet has low abuse density, the IPโs geo plausibility issues warrant closer scrutiny.
Conclusion: 54.39.89.203 appears to be a legitimate OVH-hosted server for Ahrefs, but its anomalous RTT and geo plausibility flags suggest potential spoofing or data center origins. No immediate threat detected, but monitor for unusual behavior.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san203.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san203.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 20% | 2 | 3 |
| services | 21% | 2 | 2 |
| ownership | 26% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 12 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 21:01:09 UTC |
| Last Seen | 2026-06-28 16:49:10 UTC |
| Profile Built | 2026-06-29 04:53:19 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.