54.39.89.57
IP Intelligence Briefing: 54.39.89.57/32
*Generated via IPDebrief Tools*
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership:
- ISP: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- Subnet: 54.39.89.0/24
- Geolocation:
- Country: Canada (QC, Beauharnois)
- Plausibility: Geo validation failed (RTT inconsistent with distance).
- Threat Indicators:
- No direct malicious indicators (no blacklists, campaigns, or spam).
- DNS: PTR record points to `proxy-ca012-san57.ahrefs.net` (Ahrefs proxy).
---
**2. Network Context**
- Network Role:
- Cloud Compute: Hosted by OVH, likely a virtualized infrastructure.
- Subnet Abuse Density: 54.9% (classified as "high_abuse").
- Neighbors:
- Subnet: 54.39.89.0/24 (255 IPs).
- Threat Siblings: 140 IPs flagged as threats.
- Risk Distribution: 0 high-risk, 99 medium, 1 low.
- Abuse Density: 0.549 (high risk).
---
**3. Observation History (Last 30 Days)**
- Key Signals:
- RTT Anomalies: Observed RTT of 26ms for 5,629km distance (implausible).
- DNSSEC: Validated.
- CAA Records: Present.
- BGP Stability: Unstable route (0 route changes in 30 days).
- Threat Signals:
- Listed in 1 DNSBL (out of 8 total lists).
---
**4. Relationships & Dependencies**
- Linked Entities:
- Same Network: OVH-CUST-281059691 (same ASN).
- Domain: `ahrefs.net` (proxy hostname).
- Services:
- No open ports or TLS certificates detected.
---
**5. Recommendations**
- Monitoring:
- Track traffic from this IP, given its high-risk subnet.
- Validate geolocation anomalies (e.g., spoofed location or routing optimization).
- Firewall:
- Block or restrict traffic from this IP if it aligns with known malicious patterns.
- Investigation:
- Analyze DNS proxy (`proxy-ca012-san57.ahrefs.net`) for potential obfuscation of malicious activities.
---
Conclusion:
This IP is part of a high-abuse subnet (54.39.89.0/24) with 140 malicious neighbors. While the IP itself shows no direct threats, its network context and geolocation inconsistencies warrant closer scrutiny. SOC teams should monitor traffic from this IP and investigate potential misuse of the OVH cloud infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san57.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san57.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:38 UTC |
| Last Seen | 2026-06-28 18:06:37 UTC |
| Profile Built | 2026-06-29 06:09:07 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.