54.39.89.50
# IP INTELLIGENCE BRIEFING: 54.39.89.50/32
## EXECUTIVE SUMMARY
IP 54.39.89.50 presents as a moderate-risk cloud infrastructure endpoint hosted by OVH. The IP resolves to an Ahrefs domain (ahrefs.net) but demonstrates firewalled behavior with no active services. While the endpoint itself shows no direct malicious indicators, the /24 subnet exhibits high abuse density (0.7109), warranting contextual monitoring.
---
## INFRASTRUCTURE PROFILE
Ownership & Network
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- CIDR Block: 54.39.89.0/24
- Infrastructure Type: CloudCompute / Hosting
- Connection Type: Firewalled / No Services
Geolocation
- Reported Location: Beaucharnois, QC, Canada
- Geographic Validity: Flagged โ RTT violation (28ms observed vs. 112.6ms minimum possible for 5,629km distance)
- Probe Count: 5 probes across network path
DNS Resolution
- PTR Hostname: proxy-ca012-san50.ahrefs.net
- Forward Resolution: proxy-ca012-san50.ahrefs.net (ahrefs.net)
- Forward Confirmed: False
- Email Auth: No SPF/DMARC records configured
---
## THREAT ASSESSMENT
Risk Metrics
- Overall Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not scored
- Blacklist Status: Clean (0 blacklists)
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Correlation: None
Control Plane Indicators
- Route Stability: Unstable
- DNSBL Listings: 1 of 8 lists
- RPKI State: Not reported
- Moas Status: No
---
## NETWORK CONTEXT
Subnet Analysis (54.39.89.0/24)
- Abuse Density: 0.7109 (High)
- Classification: high_abuse
- Total Siblings: 256 IPs
- Active Siblings: 125
- Threat Siblings: 182
- Inherited Risk Score: 28
Neighbor Risk Distribution
- 100 neighbors sampled
- Medium Risk: 100
- High Risk: 0
- Low Risk: 0
- Multiple neighboring IPs (54.39.89.0-54.39.89.50) consistently show risk score of 40 and authority score of 50
---
## OBSERVATION HISTORY
Tracking Period: 22 observations
Recent Activity: June 15โ20, 2026
Signal Timeline:
- June 20, 2026: DNS resolution for ahrefs.net (confidence: 0.80)
- June 15, 2026: Subnet abuse density classification (confidence: 0.75)
- June 15, 2026: Network threat assessment (confidence: 0.20)
- June 15, 2026: Control plane operator score 0.2174 (confidence: 0.60)
Temporal Indicators:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Persistently Malicious: No
---
## RELATIONSHIP MAPPING
Identified Relationships: 45 total
- All relationships map to same network identifier: OVH-CUST-281059691
- No certificate, hostname, or organization cross-references beyond network-level associations
- Limited lateral relationship data available
---
## SECURITY ACTIONS & RECOMMENDATIONS
Current Risk Posture: Moderate
Recommended Actions:
1. Block or Monitor: Given the high-abuse subnet classification and moderate risk score, implement monitoring or block rules for this IP at perimeter security controls.
2. Subnet-Level Context: The /24 subnet shows elevated abuse density (0.7109). Consider broader subnet-level policies for 54.39.89.0/24.
3. Geographic Validation: RTT anomaly suggests potential geo-spoofing or misconfiguration. Verify expected traffic patterns match Canadian origin.
4. No Active Services: Endpoint appears firewalled. No port scanning or service enumeration recommended beyond existing controls.
Firewall Rule Pattern (Example):
```
# Block or rate-limit based on risk profile
iptables -A INPUT -s 54.39.89.50/32 -j DROP
# OR for monitoring
iptables -A INPUT -s 54.39.89.50/32 -j LOG --log-prefix "54.39.89.50- "
```
Related IPs for Monitoring:
- 54.39.89.0-54.39.89.255 (full /24 subnet)
- 182 threat siblings identified within same subnet
---
## ANALYST NOTES
This IP represents a cloud hosting endpoint with legitimate Ahrefs DNS resolution but operates in a high-abuse subnet environment. The moderate risk score reflects the subnet context rather than endpoint-specific malicious activity. Monitor for outbound connections from this IP to threat actors and consider the subnet-level risk in incident correlation workflows.
---
Report Generated: [Current Date]
Data Source: IPDebrief Intelligence Platform
Classification: Defensive Security Intelligence
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san50.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san50.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:58:07 UTC |
| Last Seen | 2026-06-28 14:51:13 UTC |
| Profile Built | 2026-06-29 08:56:23 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.