167.114.139.177
# IP Intelligence Briefing: 167.114.139.177
## Executive Summary
IP 167.114.139.177 is a moderate-risk address (score: 40/100) hosted by OVH in Montreal, Canada. The IP resolves to the Ahrefs domain infrastructure with a proxy hostname pattern. Despite limited direct threat indicators, the subnet exhibits elevated abuse density (0.7188) with 184 out of 256 sibling IPs flagged as threats.
## Ownership and Network Classification
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059679 (167.114.139.0/24)
- Infrastructure Type: Hosting provider with cloud compute infrastructure
- Registration: ARIN registry
## Geolocation Assessment
- Reported Location: Montreal, Quebec, Canada (CA)
- Geolocation Validation: Invalid (GEOPLAUSIBLE: false)
- Anomaly: Distance of 5,597.4km from probe origin violates minimum RTT expectations (actual: 27ms, minimum possible: 112ms)
- Implication: Geolocation data may be spoofed or misreported
## DNS Analysis
- PTR Hostname: proxy-ca000-san177.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Confirmed
- DNSBL Listings: 1 of 8 total lists
- Email Authentication: No SPF or DMARC records configured
## Service and Network Role
- Open Ports: None detected (firewalled/no services)
- TLS Certificates: None
- Infrastructure Classification: Hosting provider (isHosting: true)
- Cloud Services: Not flagged as CDN, VPN, proxy, or Tor exit node
## Threat Intelligence Indicators
- Risk Score: 40 (Moderate)
- Abuse Confidence: Null (insufficient data)
- Known Campaigns: None identified
- Campaign Likelihood: Null
- Threat Feeds: No active matches
- DNSBL Status: Listed on 1 of 8 monitoring lists
## Subnet Neighborhood Analysis
- Subnet: 167.114.139.0/24
- Abuse Density: 0.7188 (High abuse classification)
- Active Siblings: 219 of 256 IPs
- Threat Siblings: 184 IPs flagged as threats
- Inherited Risk Score: 28
- Risk Distribution: 100 medium-risk neighbors, 0 high/low risk
## Historical Observations
- Total Observations: 18 signals recorded
- Recent Activity: Provider and abuse density signals observed June 2026
- Signal Confidence: Moderate to high (0.60-0.90)
- Threat Persistence: Not persistently malicious
## Relationship Graph
- Total Relationships: 48 connections
- Primary Associations: Network-level connections to OVH-CUST-281059679
- Network Affiliation: Consistent with hosting infrastructure
## Recommended Actions
- Monitoring Priority: Medium - subnet exhibits high abuse density
- Blocking Consideration: Monitor for outbound connections; subnet context suggests potential for compromised hosts
- Geolocation Verification: Implement location-based anomaly detection due to validation failures
- DNSBL Monitoring: Track blacklist status changes
## Intelligence Narrative
IP 167.114.139.177 operates within OVH's hosting infrastructure in Montreal, associated with Ahrefs domain services. The address presents moderate risk through its subnet environment rather than direct malicious indicators. The 167.114.139.0/24 subnet shows elevated abuse density with 71.88% of sibling IPs flagged as threats, suggesting potential infrastructure compromise or shared hosting abuse vectors. Geolocation data validation failures indicate possible spoofing or misconfiguration. Despite no current direct threat indicators, the high-threat neighborhood context warrants continued monitoring. The IP's firewalled status with no open ports suggests it may serve as a management or proxy endpoint for the Ahrefs infrastructure rather than an active service-facing host.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca000-san177.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san177.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 31% | 2 | 3 |
| Overall | 23% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 10:13:20 UTC |
| Last Seen | 2026-06-27 17:25:13 UTC |
| Profile Built | 2026-06-28 11:30:06 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.