IPDebrief

167.114.139.19

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target IP: 167.114.139.19

Report Date: 2026-06-17

Classification: Moderate Risk (Score: 40/100)

---

## EXECUTIVE SUMMARY

IP 167.114.139.19 is a cloud infrastructure address hosted on OVH SAS infrastructure in Montreal, QC. The IP is associated with Ahrefs Pte Ltd and operates within a subnet exhibiting high abuse density. No direct threat indicators were identified, but neighborhood context suggests elevated risk from shared infrastructure.

---

## OWNERSHIP & GEOLOCATION

---

## RISK ASSESSMENT

MetricValue
Overall Risk Score40/100 (Moderate)
Abuse ConfidenceNot flagged
Known AttackerNo
Spammer SourceNo
Tor Exit NodeNo
Blacklist Count0

Risk Profile: The IP shows moderate risk primarily driven by neighborhood context rather than direct malicious activity. No active threat indicators, campaigns, or known attacker signatures were detected.

---

## NEIGHBORHOOD ANALYSIS (167.114.139.0/24)

Context: The subnet demonstrates significant abuse concentration. Of 215 active sibling IPs, 197 show threat indicators. This suggests the hosting facility may be underutilized or compromised for malicious activities.

---

## OBSERVATION HISTORY

Total Observations: 21 signals recorded

Recent Activity (June 17, 2026):

Historical Trends: No persistent malicious behavior observed. Threat observation count: 1. IP not flagged as persistently malicious.

---

## NETWORK BEHAVIOR

---

## RELATIONSHIP GRAPH

50 relationships identified, primarily Same Network associations to OVH-CUST-281059679. No cross-network or organizational relationships detected beyond immediate hosting infrastructure.

---

## RECOMMENDED ACTIONS

Immediate Mitigation

The following rules are recommended for blocking based on risk profile:

iptables:

```bash

iptables -A INPUT -s 167.114.139.19 -j DROP

```

nftables:

```bash

nft add rule inet filter input ip saddr 167.114.139.19 drop

```

nginx:

```nginx

deny 167.114.139.19;

```

pfSense:

```

167.114.139.19/32

```

Cloudflare WAF:

```json

{"description":"Block 167.114.139.19 โ€” IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 167.114.139.19"}}

```

AWS WAF:

```json

{"Addresses":["167.114.139.19/32"],"Description":"IPDebrief risk 40"}

```

Strategic Considerations

1. Subnet-Level Blocking: Consider blocking the entire /24 (167.114.139.0/24) due to 0.7695 abuse density and 197 threat-confirmed siblings.

2. False Positive Risk: Low. IP shows no direct threat indicators but neighborhood context warrants caution.

3. Duration: Review after 7-14 days to monitor for behavior changes.

4. Collateral Impact: Be aware this IP resolves to ahrefs.net; legitimate traffic may be affected.

---

## INTELLIGENCE CONCLUSION

IP 167.114.139.19 presents moderate risk primarily through neighborhood association. While the IP itself shows no direct malicious activity, its placement within a high-abuse subnet suggests potential for compromised infrastructure. Recommended action: Block with awareness of potential false positives affecting Ahrefs-related services. Monitor subnet-level activity for broader threat patterns.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡จ๐Ÿ‡ฆ Canada
RegionQC
CityMontreal
Timezoneโ€”
Latitude45.51
Longitude-73.58

๐Ÿข Ownership & Registration

OrganizationDmytro, Ahrefs Pte Ltd
ASNAS16276
Network NameOVH-CUST-281059679
CIDR Block167.114.139.0/24
RIRARIN
CountrySingapore
Abuse Contactโ€”

๐ŸŒ DNS Intelligence

PTRproxy-ca000-san19.ahrefs.net
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesproxy-ca000-san19.ahrefs.net

๐Ÿ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAAPresent

โ˜๏ธ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting โ€” Infrastructure provider without advanced routing
CloudHosting

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
28%
24
routing
13%
11
services
12%
22
ownership
19%
22
reputation
30%
13
geolocation
32%
23
Overall22%1015
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) โ€” 1 contradiction(s)
AttributionLow (35%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
โš  Claimed geolocation contradicts RTT physics measurement

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-07 23:03:51 UTC
Last Seen2026-06-27 01:26:39 UTC
Profile Built2026-06-28 00:40:02 UTC
Data FreshnessLive
Signal Types21
Total Observations28
๐Ÿ” 21 signal types ยท 28 observations collected
This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.