54.39.89.246
IP Intelligence Briefing: 54.39.89.246
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Ownership:
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Subnet: 54.39.89.0/24
- Geolocation:
- Country: Canada (QC, Beauharnois)
- Latitude/Longitude: Unresolved
- Threat Indicators:
- No known malicious activity (no blacklists, campaigns, or spam).
- DNS PTR: `proxy-ca012-san246.ahrefs.net` (linked to Ahrefs, a legitimate SEO tool).
- Network Role:
- Hosting provider (OVH) with no public services (open ports, TLS, or HTTP).
---
**2. Observation History**
- Recent Activity (Last 30 Days):
- Listed in 8 threat intelligence sources (1 high-severity listing).
- Domain `proxy-ca012-san246.ahrefs.net` hosted by Ahrefs.
- Operator score: "Minimal" (0.2174).
- Subnet abuse density: 41.98% (mixed classification).
---
**3. Relationships & Neighbors**
- Linked Entities:
- Same network: OVH-CUST-281059691 (243 IPs in subnet).
- DNS: Ahrefs subdomain (`proxy-ca012-san246.ahrefs.net`).
- Subnet Risk:
- 102 threat siblings (44% of 243 IPs).
- 56 medium-risk IPs, 44 low-risk IPs.
- 16 inherited risk points from subnet.
---
**4. Security Actions**
- Recommended Mitigations:
- Block via firewall:
- `iptables -A INPUT -s 54.39.89.246 -j DROP`
- `nft add rule inet filter input ip saddr 54.39.89.246 drop`
- Cloud/WAF rules:
- Cloudflare: Block IP with description "IPDebrief risk 50".
- AWS WAF: Add `54.39.89.246/32` to a rule.
---
**5. Analysis & Recommendations**
- Context:
- The IP is associated with Ahrefs, a legitimate company, but resides in a subnet with mixed risk.
- No direct malicious indicators, but 41.98% subnet abuse density suggests potential for compromise.
- SOC Actions:
- Monitor traffic to/from this IP, especially given its hosting role.
- Consider blocking based on subnet risk if further anomalies are detected.
- Validate DNS associations with Ahrefs to confirm legitimate use.
Conclusion: Moderate risk due to subnet context. No immediate action required unless suspicious activity is observed.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san246.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Hosted Domain | ip246.ip-54-39-89.net |
| Forward Hostnames | proxy-ca012-san246.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 09:11:22 UTC |
| Last Seen | 2026-06-28 05:00:28 UTC |
| Profile Built | 2026-06-28 23:05:59 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.