54.39.89.210
## INTELLIGENCE BRIEFING: 54.39.89.210/32
Classification: Moderate Risk | Risk Score: 50/100 | Last Updated: 2026-06-20
---
EXECUTIVE SUMMARY
IP address 54.39.89.210 is a cloud hosting endpoint associated with OVH infrastructure (ASN 16276) located in Beauharnois, Quebec, Canada. The IP hosts the domain ahrefs.net and presents moderate risk characteristics with no active threat indicators. However, the surrounding subnet demonstrates elevated abuse density requiring monitoring.
---
INFRASTRUCTURE PROFILE
Ownership & Provider:
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Netname: OVH-CUST-281059691
- Infrastructure Type: CloudCompute / Hosting
- Provider: OVH
Network Classification:
- Cloud Provider: Yes
- Hosting Service: Yes
- CDN: No
- VPN/Proxy: No
- Tor Exit: No
- Anycast: No
Geolocation:
- Country: Canada (CA)
- Region: Quebec (QC)
- City: Beauharnois
- Note: RTT measurements indicate geolocation inconsistency (observed RTT 25ms vs minimum possible 112.6ms for claimed distance)
---
DNS & SERVICE ANALYSIS
PTR Record: proxy-ca012-san210.ahrefs.net
Forward Resolution: proxy-ca012-san210.ahrefs.net (forward not confirmed)
Domain: ahrefs.net
Service Status:
- Open Ports: None detected
- HTTP/HTTPS: No active services
- TLS Certificate: Not present
- Email Authentication: SPF/DMARC not configured
DNSBL Status: Listed on 2 of 8 total DNSBL lists
---
THREAT INDICATOR ASSESSMENT
Current Threat Signals: None
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Active Campaigns: None detected
- Threat Feeds: No matches
Control Plane Data:
- Route Stability: Not stable
- Route Changes (30d): 0
- RPKI State: Not available
- IRR Consistency: Not available
---
SUBNET CONTEXT ANALYSIS
Network: 54.39.89.0/24
Abuse Density: 0.8125 (HIGH)
Classification: high_abuse
Total Siblings: 256
Active Siblings: 178
Threat Siblings: 208
Inherited Risk: 32/100
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 100
- Low Risk: 0
The IP resides within a subnet showing significant abuse concentration. While the specific endpoint lacks active threat indicators, the neighborhood context warrants defensive consideration.
---
OBSERVATION HISTORY
Total Observations: 19
Timeline: Recent observations from 2026-06-20
Key Historical Signals:
- Consistent classification as high_abuse subnet
- Persistent cloud infrastructure classification
- Geolocation inconsistencies observed across multiple probes
- No escalation in threat severity
---
RELATIONSHIP MAPPING
Identified Relationships:
- Same Network: OVH-CUST-281059691 (multiple entries)
The IP demonstrates limited relationship diversity with primary associations to the parent OVH network block.
---
RECOMMENDED ACTIONS
Risk-Based Mitigation:
| Platform | Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 54.39.89.210 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 54.39.89.210 drop` |
| **nginx** | `deny 54.39.89.210;` |
| **pfSense** | `54.39.89.210/32` |
| **Cloudflare WAF** | Block (expression: `ip.src eq 54.39.89.210`) |
| **AWS WAF** | Block (CIDR: 54.39.89.210/32) |
Priority: Monitor (no immediate threat indicators present)
Rationale: Firewall rules generated based on risk score 50 and high-abuse subnet classification. Recommended for defensive hardening in high-threat environments.
---
ANALYST NOTES
This IP represents a cloud hosting endpoint with no active malicious indicators. The primary concern is the high-abuse density of the parent subnet. SOC teams should:
1. Monitor for pattern changes in the /24 subnet
2. Correlate with known Ahrefs infrastructure
3. Consider the geolocation inconsistency as a potential indicator of compromised routing or proxying
Confidence Level: Moderate
Data Sources: IPDebrief intelligence platform
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san210.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san210.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 23% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 12:42:55 UTC |
| Last Seen | 2026-06-29 01:49:07 UTC |
| Profile Built | 2026-06-29 07:50:57 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.