54.39.203.4
INTELLIGENCE BRIEFING: 54.39.203.4
EXECUTIVE SUMMARY
IP 54.39.203.4 is a moderate-risk (score: 40) cloud hosting infrastructure IP operated by OVH SAS (ASN 16276) on behalf of Ahrefs Pte Ltd. Located in Beauharnois, QC, Canada, the IP shows no direct threat indicators but operates within a high-abuse density subnet (54.39.203.0/24) with 137 threat-siblings. No immediate blocking required; monitor for anomalous traffic patterns.
OWNERSHIP & INFRASTRUCTURE
- Provider: OVH SAS
- ASN: 16276 (OVH-CUST-281059687)
- Organization: Dmytro, Ahrefs Pte Ltd
- Infrastructure Type: CloudCompute (Hosting provider)
- Status: Firewalled / No Services detected
GEOLOCATION ANALYSIS
- Reported Location: Beauharnois, Quebec, Canada (CA)
- RTT Anomaly: Geo-validation flagged with 5628.6km distance but 31ms RTT, indicating possible geolocation inconsistency or spoofing
- Geolocation Sources: 2 (consensus: true, plausible: false)
- Timezone: Not reported
THREAT ASSESSMENT
- Risk Score: 40 (Moderate)
- Direct Threats: None detected
- Blacklist Status: Not on major blacklists (count: 0)
- Known Campaigns: None
- Tor/Proxy/VPN: Negative across all vectors
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.2174 (Minimal risk operator classification)
NETWORK ROLE & SERVICES
- Open Ports: None detected
- DNS Records: PTR resolves to proxy-ca008-san4.ahrefs.net
- Email Authentication: No SPF or DMARC records configured
- TLS Certificates: None
- HTTP Services: None active
NEIGHBORHOOD ANALYSIS (54.39.203.0/24)
- Subnet Classification: High Abuse
- Abuse Density: 0.5373
- Active Siblings: 177 out of 255 total IPs
- Threat Siblings: 137 confirmed malicious IPs in subnet
- Risk Distribution: 100 medium-risk neighbors, 0 high/low-risk
- Recommendation: Consider subnet-level monitoring due to high abuse density
OBSERVATION HISTORY (21 Observations)
- Threat Persistence: 0 days (no persistent malicious behavior)
- Ownership Changes: 0
- Recent Signals: Consistent cloud hosting profile with no escalation in threat indicators
- Stability: Low (stability score: null)
RELATIONSHIP GRAPH
- Primary Association: OVH-CUST-281059687 network (35 relationship entries)
- Related Entities: Multiple network-level associations to same infrastructure
- Cross-References: No external organization or certificate relationships identified
SOC ACTIONABLE INTELLIGENCE
DEFENSIVE POSTURE:
1. No Immediate Action Required: IP shows no active threat indicators or malicious behavior
2. Monitor Subnet Activity: Due to high abuse density (0.5373), monitor 54.39.203.0/24 for correlated anomalies
3. Traffic Filtering: Consider logging outbound traffic patterns from this IP if receiving inbound connections
4. Email Authentication: Note missing SPF/DMARC records for potential phishing risk assessment
INDICATORS FOR MONITORING:
- Geolocation Discrepancy: Investigate any traffic claiming origin from this IP if routing data contradicts CA location
- Subnet Correlations: Watch for traffic from other IPs in 54.39.203.0/24 subnet
- Ahrefs Brand: Legitimate use case; monitor for brand impersonation or misuse
CONCLUSION
IP 54.39.203.4 represents legitimate cloud hosting infrastructure with moderate risk classification driven by subnet-level abuse density rather than direct malicious activity. No blocking recommended; maintain awareness of associated subnet threat profile and monitor for any behavioral changes or anomalous traffic patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059687 |
| CIDR Block | 54.39.203.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca008-san4.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca008-san4.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:33 UTC |
| Last Seen | 2026-06-28 18:01:34 UTC |
| Profile Built | 2026-06-29 06:05:37 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.