54.39.203.30
# IP INTELLIGENCE BRIEFING
Target: 54.39.203.30/32
Classification: Moderate Risk - Cloud Hosting Infrastructure
Date: 2026-06-26
Data Source: IPDebrief Intelligence Platform
---
## EXECUTIVE SUMMARY
IP 54.39.203.30 is a cloud hosting address assigned to OVH Canada (ASN 16276), operating under organization Dmytro, Ahrefs Pte Ltd. The IP resolves to hostname proxy-ca008-san30.ahrefs.net within the ahrefs.net domain infrastructure. While no direct threat indicators were observed, the IP resides within a /24 subnet with high abuse density (0.707) and 181 of 256 sibling IPs classified as threats. The address shows no active open ports or services, indicating it may be firewalled or in a non-service state.
---
## OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Netname | OVH-CUST-281059687 |
| Country | Canada (CA) |
| Region | Quebec (QC) |
| City | Beauharnois |
| RIR | ARIN |
| CIDR Block | 54.39.203.0/24 |
| Infrastructure Type | Cloud Compute (Hosting) |
---
## THREAT ASSESSMENT
Risk Score: 50 (Moderate)
Abuse Confidence: Not applicable
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Blacklist Count: 0
Network Threat Context: The parent /24 subnet (54.39.203.0/24) exhibits elevated abuse characteristics:
- Abuse Density: 0.707 (High)
- Threat Siblings: 181 of 256 IPs
- Subnet Classification: high_abuse
- Inherited Risk Score: 28
Direct Threat Indicators: None observed for this specific IP address.
---
## NETWORK BEHAVIOR & DNS
PTR Record: proxy-ca008-san30.ahrefs.net
Forward Resolution: ahrefs.net
DNSSEC Valid: Yes
CAA Records: Present
Open Ports: None detected
Service State: Firewalled / No Services
HTTP Services: None observed
---
## OBSERVATION HISTORY
Total signals collected: 19 observations
Recent activity pattern shows consistent network classification signals with repeated subnet abuse density assessments (0.707) and provider identification (OVH) across multiple timestamps. No escalation in threat indicators observed over the observation window.
---
## NETWORK RELATIONSHIPS
49 relationship records identified, predominantly network-level associations:
- All relationships map to network identifier: OVH-CUST-281059687
- No organization-to-organization or IP-to-domain relationships beyond subnet scope
- Control plane indicates stable BGP prefix (54.39.0.0/16)
---
## RECOMMENDED ACTIONS
While no direct threat indicators exist, the high-abuse subnet context warrants defensive posture. Recommended firewall rules:
iptables:
```bash
iptables -A INPUT -s 54.39.203.30 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 54.39.203.30 drop
```
nginx:
```nginx
deny 54.39.203.30;
```
AWS WAF:
```json
{
"Addresses": ["54.39.203.30/32"],
"Description": "IPDebrief risk 50"
}
```
Note: These recommendations are probabilistic and should be combined with other contextual signals before implementing blocking rules.
---
## ANALYST NOTES
This IP operates within OVH's Canadian hosting infrastructure under an Ahrefs-associated customer account. The absence of open ports and direct threat indicators suggests the address is either dormant, misconfigured, or intentionally shielded. However, the parent subnet's high abuse density warrants monitoring for lateral threat activity. Recommend periodic re-evaluation if outbound connections are observed from this address.
Data Confidence: High โ Multiple observation signals confirm network classification and geolocation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059687 |
| CIDR Block | 54.39.203.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca008-san30.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca008-san30.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 26% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 00:33:20 UTC |
| Last Seen | 2026-06-28 23:32:01 UTC |
| Profile Built | 2026-06-29 05:34:49 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.