# IP Intelligence Briefing: 54.39.89.78/32
Date: 2026-06-15
Status: ACTIVE MONITORING
Classification: Moderate Risk Cloud Infrastructure
---
## Executive Summary
IP 54.39.89.78 is a cloud-hosted endpoint operating within OVH SAS infrastructure in Canada. The IP presents a moderate risk profile (score: 40) with no active threat indicators, though it resides within a high-abuse density subnet (54.39.89.0/24). Geolocation validation reveals inconsistencies requiring verification.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **IP Address** | 54.39.89.78/32 |
| **Risk Score** | 40 (Moderate Risk) |
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Block** | 54.39.89.0/24 |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Country** | Canada (QC) - Beaucharnois |
| **DNS Alias** | proxy-ca012-san78.ahrefs.net |
---
## Threat Assessment
Current Threat Indicators
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists
- Active Threat Campaigns: None detected
- Open Ports/Services: None detected (Firewalled / No Services)
Control Plane Analysis
- BGP Prefix: 54.39.0.0/16
- Route Stability: False (unstable routing)
- DNSSEC: Valid
- Operator Score: 0.2174 (Minimal)
- IRR Consistency: Not reported
---
## Geolocation Validation
Status: โ ๏ธ ANOMALY DETECTED
The IP exhibits geolocation inconsistencies:
- Claimed Location: Beaucharnois, QC, Canada
- Distance Discrepancy: 5,628.6 km from probe origin
- RTT Violation: Observed RTT (27ms) is significantly below minimum possible RTT (112.6ms) for claimed distance
- geoPlausible: False
- Probe Count: 5
This suggests either geolocation spoofing, routing anomalies, or probe origin mismatch.
---
## Neighborhood Analysis
Subnet: 54.39.89.0/24
- Total IPs: 256
- Active IPs: 125
- Abuse Density: 0.7539 (High Abuse)
- Threat Siblings: 193 IPs flagged as threats
- Neighbor Risk Distribution: 100 medium-risk, 0 high/low risk
All monitored neighbors in the /24 block maintain a consistent risk score of 40. This indicates systematic cloud infrastructure usage rather than isolated malicious activity.
---
## Relationship Graph
- Total Relationships: 34
- Relationship Types: Same Network (OVH-CUST-281059691)
- Associated Entities: Multiple OVH customer network references
The IP shows strong association with OVH customer network infrastructure, consistent with cloud hosting deployment patterns.
---
## Historical Observations
Total Observations: 19
- Latest Observation: 2026-06-15T20:03:29 UTC
- Threat Persistence Days: 0
- Ownership Changes: 0
Recent signals indicate:
- ASN identification: AS16276 ovh sas
- Operator score: Minimal (0.2174)
- Subnet abuse classification: High abuse (0.7539)
- No persistent malicious behavior detected
---
## Recommended Security Actions
Firewall Rules
| System | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 54.39.89.78 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 54.39.89.78 drop` |
| **nginx** | `deny 54.39.89.78;` |
| **pfSense** | Block 54.39.89.78/32 |
WAF Integration
Cloudflare WAF:
```json
{
"description": "Block 54.39.89.78 โ IPDebrief risk score 40",
"action": "block",
"filter": { "expression": "ip.src eq 54.39.89.78" }
}
```
AWS WAF:
```json
{
"Addresses": ["54.39.89.78/32"],
"Description": "IPDebrief risk 40"
}
```
---
## Analyst Notes
1. Monitor Closely: The subnet (54.39.89.0/24) exhibits 75.39% abuse density with 193 threat siblings. While this IP shows no active malicious indicators, the neighborhood context warrants enhanced monitoring.
2. Geolocation Anomaly: The RTT violation indicates either routing manipulation or data center misreporting. Consider cross-referencing with additional telemetry sources.
3. Infrastructure Pattern: The lack of open ports and zero threat indicators suggests this endpoint may be legitimate cloud infrastructure rather than a compromised host.
4. Action Priority: Low to Medium. Block if traffic is unexpected, but consider whitelisting if this IP is known to be legitimate internal infrastructure.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059691 |
| CIDR Block | 54.39.89.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca012-san78.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca012-san78.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 9 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:24:31 UTC |
| Last Seen | 2026-06-28 22:09:19 UTC |
| Profile Built | 2026-06-29 04:12:21 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.