54.39.203.105
IP Intelligence Briefing: 54.39.203.105
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Provider: OVH (ASN 16276)
- Organization: Ahrefs Pte Ltd (OVH-CUST-281059687)
- Geolocation: Canada (QC, Beauharnois)
- Network Role: Cloud Compute (OVH Hosting)
- Subnet: 54.39.203.0/24 (Abuse Density: 44.98%)
---
**2. Threat Indicators**
- No Direct Threats: No malicious indicators, spam, or known attacker associations.
- DNS Associations: Linked to `proxy-ca008-san105.ahrefs.net` (likely a legitimate proxy service).
- Security Posture:
- DNSSEC valid, CAA records present.
- Subnet shows mixed classification with 112 threat siblings (medium/high risk).
---
**3. Observation History**
- Recent Signals (30d):
- DNSSEC validation and CAA records (confidence: 60%).
- Subnet abuse density analysis (confidence: 19%).
- No persistent malicious activity or campaign correlations.
---
**4. Relationships & Network**
- Key Associations:
- Same network: OVH-CUST-281059687.
- DNS: `proxy-ca008-san105.ahrefs.net` (AHREFS domain).
- Subnet Neighbors (54.39.203.0/24):
- 42 IPs flagged as medium risk.
- 58 IPs flagged as low risk.
- 17 inherited risk from subnet.
---
**5. Actionable Insights**
- Monitor Subnet: The subnet has a moderate abuse density (44.98%), suggesting potential for future threats.
- Verify DNS Usage: Confirm legitimacy of `proxy-ca008-san105.ahrefs.net` as part of Ahrefsβ infrastructure.
- Watch for Changes: Track shifts in the subnetβs risk profile or new threat indicators.
- Firewall Rules: Consider blocking high-risk neighbors (42 IPs) if they are not part of your infrastructure.
---
Conclusion:
This IP is part of a legitimate cloud-hosted service (Ahrefs) with no direct malicious activity. However, its subnet contains a notable number of medium-risk neighbors, warranting closer monitoring. No immediate mitigation is required, but ongoing observation is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059687 |
| CIDR Block | 54.39.203.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca008-san105.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca008-san105.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-19 03:36:42 UTC |
| Last Seen | 2026-06-28 08:35:29 UTC |
| Profile Built | 2026-06-29 02:40:51 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.