54.39.89.251
# IP INTELLIGENCE BRIEFING: 54.39.89.251/32
Classification: Moderate Risk Cloud Infrastructure | Data Freshness: Recent (2026-06-28)
---
## EXECUTIVE SUMMARY
IP 54.39.89.251 is a cloud-compute infrastructure address hosted within OVH hosting infrastructure. The IP resolves to the Ahrefs domain (ahrefs.net) and carries a moderate risk score of 40. While the IP itself shows no active threat indicators, the /24 subnet exhibits high abuse density (0.8125), indicating systemic risk within the broader network block.
---
## OWNERSHIP & NETWORK CONTEXT
| Field | Value |
|---|---|
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Netname** | OVH-CUST-281059691 |
| **CIDR Block** | 54.39.89.0/24 |
| **Country/Region** | Canada (QC - Quebec) |
| **City** | Beauharnois |
| **Infrastructure Type** | CloudCompute (OVH) |
| **Hosting Provider** | Yes |
---
## THREAT ASSESSMENT
Current Risk Profile
- Overall Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not reported
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listed: 1 out of 8 total lists
DNS & Reputation Signals
- PTR Hostname: proxy-ca012-san251.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed (1 hostname)
- Email Authentication: No SPF, No DMARC records detected
- HTTP Services: None detected (firewalled/no services)
- TLS Certificates: None
---
## NEIGHBORHOOD ANALYSIS
The /24 subnet (54.39.89.0/24) demonstrates elevated risk characteristics:
| Metric | Value |
|---|---|
| **Subnet Abuse Density** | 0.8125 (High) |
| **Classification** | High Abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 178 |
| **Threat Siblings** | 208 |
| **Inherited Risk Score** | 32 |
Risk Distribution in /24:
- High Risk: 0 IPs
- Medium Risk: 100 IPs
- Low Risk: 0 IPs (all sampled neighbors show Risk Score 40, Authority Score 50)
---
## OBSERVATION HISTORY
The IP has been observed over 20 times, with signals from June 2026 timeframe. Key temporal observations:
- Ownership Stability: 0 ownership changes recorded
- Threat Persistence: 0 days (not persistently malicious)
- Threat Observation Count: 1
- Operator Score: 0.2174 (Minimal)
- GeoValidation: RTT 32.0ms vs minimum possible 112.6ms for 5,629km distance โ indicates possible geo-misattribution or measurement anomaly
---
## NETWORK CONTROLS & CLASSIFICATION
| Flag | Status |
|---|---|
| **isCloud** | Yes |
| **isHosting** | Yes |
| **isCdn** | No |
| **isProxy** | No |
| **isTor** | No |
| **isMobile** | No |
| **isResidential** | No |
| **isBogon** | No |
| **isAnycast** | No |
| **Route Stable** | No |
| **MoAS** | No |
---
## RELATIONSHIP GRAPH
Total Relationships: 38
Primary relationship type: Same Network (OVH-CUST-281059691) โ 33+ instances. The IP is tightly associated with the OVH customer network block.
---
## SOC ACTIONABLE INTELLIGENCE
Risk Indicators
- No direct threat indicators on this specific IP
- High subnet abuse density suggests potential for compromised neighbors
- DNSBL listing on 1 of 8 lists indicates minor reputation issues
- Geovalidation anomaly (RTT vs distance mismatch) warrants monitoring
Monitoring Recommendations
1. Monitor subnet neighbors: 208 threat-sibling IPs in the /24 block require ongoing surveillance
2. DNSBL monitoring: Track additional blacklist additions
3. Geolocation validation: Investigate distance/RTT anomaly for potential spoofing or misattribution
4. Email authentication: No SPF/DMARC detected โ potential spoofing vector if this IP is misused
Firewall/Blocking Guidance
- No immediate blocking required (no active threat indicators)
- Consider blocking if:
- DNSBL count increases beyond current threshold
- Subnet abuse density rises above 0.9
- Related IPs in /24 block show malicious activity
- Allow traffic for legitimate Ahrefs services if required
---
Report Generated: Based on IPDebrief intelligence platform data
Classification: Internal Threat Intelligence
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san251.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san251.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 9 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:24:30 UTC |
| Last Seen | 2026-06-28 22:08:19 UTC |
| Profile Built | 2026-06-29 10:11:50 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.