54.39.203.149
IP Intelligence Briefing: 54.39.203.149
Date: 2026-06-14
---
**1. Profile Summary**
- Risk Score: 25 (Low Risk)
- Ownership:
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Subnet: 54.39.203.0/24
- Geolocation:
- Claimed: Quebec, Canada (Beauharnois)
- Geo-Plausibility: False (RTT 26ms discrepancy for 5,629km distance)
- Network Role:
- Infrastructure: CloudCompute (OVH)
- Hosting: Yes (likely a virtual machine)
- Services: No open ports; no TLS certificates or HTTP banners detected
---
**2. Threat Indicators**
- No Abuse: No indicators of spam, malware, or known attacker activity.
- DNS:
- PTR hostname: `proxy-ca008-san149.ahrefs.net` (linked to Ahrefs).
- No email authentication (SPF/DKIM) detected.
- Threat Feeds: No malicious entries in public threat databases.
---
**3. Observation History**
- Recent Activity (Last 30 Days):
- Consistent Low Risk: No spikes in threat signals.
- Geolocation Anomalies: Persistent RTT discrepancies (26ms vs. expected 112ms for distance).
- Network Stability: Subnet (`54.39.203.0/24`) shows mixed abuse density (49.8% risk).
---
**4. Network Relationships**
- Subnet: `54.39.203.0/24` (OVH)
- Neighbors:
- Abuse Density: 84 medium-risk IPs, 16 low-risk IPs in subnet.
- High-Risk Siblings: 124 IPs flagged as threats.
- Organizational Link: Linked to Ahrefs Pte Ltd (SEO services).
---
**5. Recommendations**
- Monitor Subnet: The subnet has a high abuse density; investigate neighboring IPs for potential lateral movement.
- Verify Geolocation: The IPβs claimed location in Quebec is inconsistent with observed RTT. Confirm if this is a spoof or legitimate data center.
- Network Segmentation: Consider isolating cloud-hosted workloads to prevent potential lateral attacks.
- DNS Monitoring: Track DNS queries to `ahrefs.net` for suspicious activity.
---
Conclusion:
The IP is a low-risk cloud instance hosted by OVH under Ahrefs. While no direct threats are detected, the subnetβs elevated abuse density warrants closer monitoring. Validate geolocation anomalies and ensure network segmentation to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059687 |
| CIDR Block | 54.39.203.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca008-san149.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca008-san149.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:28 UTC |
| Last Seen | 2026-06-27 08:19:40 UTC |
| Profile Built | 2026-06-28 02:26:03 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.