54.39.203.119
IP Intelligence Briefing: 54.39.203.119
Date: 2026-06-15
---
**1. Profile Summary**
- Risk Score: Moderate (40/100)
- Ownership:
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Subnet: 54.39.203.0/24
- Geolocation: Quebec, Canada (plausible, 3000km accuracy)
- Network Role: CloudCompute (OVH-hosted, no public services)
- Threat Indicators: No direct malicious activity detected (no known campaigns, spam, or Tor).
---
**2. Observation History**
- Recent Activity (2026-06-15):
- Listed in 8 threat feeds (2 listings), categorized as high severity.
- No DNS/banner anomalies detected.
- Subnet Abuse:
- Subnet 54.39.203.0/24 has high abuse density (0.5391), with 138/256 IPs flagged as threats.
- Inherited risk: 21 (moderate).
---
**3. Relationships**
- Network Affiliation:
- Same ASN/Organization: OVH-CUST-281059687 (Ahrefs).
- No direct links to known malicious domains or campaigns.
- DNS:
- Resolves to `proxy-ca008-san119.ahrefs.net` (AHREFS).
- No email auth (SPF/DKIM) detected.
---
**4. Neighborhood Analysis**
- Subnet Overview:
- 256 IPs in 54.39.203.0/24.
- 183 active IPs, 138 flagged as threats (69% threat ratio).
- Risk Distribution: 98 medium-risk IPs, 2 low-risk IPs.
- Neighbor Risk:
- Most neighbors show moderate risk, but high abuse density suggests potential lateral movement or shared infrastructure risks.
---
**5. Recommendations**
- Monitor Subnet: The high abuse density in 54.39.203.0/24 warrants closer scrutiny.
- Block/Restrict: Consider blocking the subnet if itβs part of a larger threat group or if traffic is suspicious.
- Verify Ownership: Confirm Ahrefsβ legitimate use of the subnet, as the IP is associated with a legitimate entity.
- Check for Anomalies: Monitor for unexpected DNS changes or new threats in the subnet.
Conclusion: While the IP itself is not directly malicious, its subnetβs high abuse density and inherited risk suggest potential indirect threats. Prioritize monitoring and restrict access if the subnet is involved in suspicious activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059687 |
| CIDR Block | 54.39.203.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca008-san119.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca008-san119.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 32% | 1 | 3 |
| geolocation | 26% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-24 00:33:19 UTC |
| Last Seen | 2026-06-28 23:31:10 UTC |
| Profile Built | 2026-06-29 05:32:34 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.