54.39.203.52

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 54.39.203.52/32

Classification: Low Risk Cloud Infrastructure

Report Date: Current Session

## EXECUTIVE SUMMARY

The target IP 54.39.203.52 is a low-risk cloud computing address associated with Ahrefs Pte Ltd, hosted on OVH infrastructure in Quebec, Canada. The IP shows no active threat indicators, no open services, and minimal operator risk scores. The subnet exhibits mixed classification with moderate abuse density, but the specific IP demonstrates stable, benign characteristics.

## OWNERSHIP & INFRASTRUCTURE

ASN: 16276
Organization: Dmytro, Ahrefs Pte Ltd
Network Name: OVH-CUST-281059687
CIDR Block: 54.39.203.0/24
RIR: ARIN
Infrastructure Type: CloudCompute (OVH Hosting Provider)
Country: Canada (QC/Quebec)
City: Beauharnois

## NETWORK CLASSIFICATION

Provider: OVH
Connection Type: Firewalled / No Services
Cloud Provider: Yes
Hosting Service: Yes
CDN/Proxy/VPN/Tor: No
Bogon Address: No
Anycast: No

## DNS & RESOLUTION

PTR Hostname: proxy-ca008-san52.ahrefs.net
Forward Resolution: Confirmed (1 hostname)
Associated Domain: ahrefs.net
Additional Hosted Domain: ip52.ip-54-39-203.net
DNSSEC Valid: Yes
CAA Records: Present
Email Authentication: No SPF/DMARC records configured

## THREAT ASSESSMENT

Overall Risk Score: 25 (Low Risk)
Abuse Confidence Score: None
Blacklist Count: 0
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Threat Persistence Days: 0
Campaign Likelihood: None
Cert Matches: 0
Correlated IPs: 0

## CONTROL PLANE METRICS

Origin ASN: 16276
BGP Prefix: 54.39.0.0/16
Route Stable: No
Route Changes (30d): 0
DNSBL Listed: 1 of 8 total lists
Operator Score: 0.2174 (Minimal)
RPKI State: Not evaluated
IRR Consistency: Not evaluated

## SUBNET ANALYSIS (54.39.203.0/24)

Abuse Density: 0.4531 (Moderate)
Classification: Mixed
Total Siblings: 256
Active Siblings: 229
Threat Siblings: 116
Inherited Risk: 18
Risk Distribution:

- High Risk: 0

- Medium Risk: 64

- Low Risk: 36

## OBSERVATION HISTORY (21 Observations)

Recent signals indicate consistent cloud infrastructure classification with OVH provider. Geolocation signals from multiple sources confirm Canadian placement with ~3000km accuracy radius. Operator assessments remain minimal across observation periods. No escalation in threat indicators observed.

## RELATIONSHIP GRAPH

Total Relationships: 63
Primary Relationship Type: Same Network (OVH-CUST-281059687)
Associated Entities: Network infrastructure relationships

## SECURITY ACTIONS

No specific firewall or blocking actions recommended. The IP demonstrates benign characteristics consistent with legitimate cloud hosting.

## SOC ANALYST NOTES

The IP address 54.39.203.52 represents legitimate cloud infrastructure for Ahrefs, a known SEO analytics company. The subnet shows elevated abuse density due to OVH's shared hosting model, but this IP specifically shows no malicious activity. No port scanning detected; service enumeration indicates firewalled/no services. The absence of open ports and TLS certificates suggests either a headless infrastructure node or a non-public-facing server. Monitor for any service changes, but current posture indicates low operational risk.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Beauharnois
Timezone	—
Latitude	45.32
Longitude	-73.87

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059687
CIDR Block	54.39.203.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca008-san52.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Hosted Domain	ip52.ip-54-39-203.net
Forward Hostnames	`proxy-ca008-san52.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	13%	1	1
services	12%	2	2
ownership	19%	2	2
reputation	28%	1	3
geolocation	23%	2	2
Overall	20%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 17:18:10 UTC
Last Seen	2026-06-27 14:05:59 UTC
Profile Built	2026-06-28 08:11:34 UTC
Data Freshness	Live
Signal Types	21
Total Observations	26

🔍 21 signal types · 26 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

54.39.203.52📋 Copy