167.114.139.19
# IP INTELLIGENCE BRIEFING
Target IP: 167.114.139.19
Report Date: 2026-06-17
Classification: Moderate Risk (Score: 40/100)
---
## EXECUTIVE SUMMARY
IP 167.114.139.19 is a cloud infrastructure address hosted on OVH SAS infrastructure in Montreal, QC. The IP is associated with Ahrefs Pte Ltd and operates within a subnet exhibiting high abuse density. No direct threat indicators were identified, but neighborhood context suggests elevated risk from shared infrastructure.
---
## OWNERSHIP & GEOLOCATION
- Organization: Dmytro, Ahrefs Pte Ltd (AS16276)
- Network Name: OVH-CUST-281059679
- Location: Montreal, Quebec, Canada
- Infrastructure Type: CloudCompute / Hosting Provider
- Registration: Arin RIR
---
## RISK ASSESSMENT
| Metric | Value |
|---|---|
| Overall Risk Score | 40/100 (Moderate) |
| Abuse Confidence | Not flagged |
| Known Attacker | No |
| Spammer Source | No |
| Tor Exit Node | No |
| Blacklist Count | 0 |
Risk Profile: The IP shows moderate risk primarily driven by neighborhood context rather than direct malicious activity. No active threat indicators, campaigns, or known attacker signatures were detected.
---
## NEIGHBORHOOD ANALYSIS (167.114.139.0/24)
- Abuse Density: 0.7695 (High Abuse Classification)
- Total Subnet Size: 256 IPs
- Active Siblings: 215
- Threat Siblings: 197 (77% of active IPs show threat indicators)
- Inherited Risk Score: 30/100
Context: The subnet demonstrates significant abuse concentration. Of 215 active sibling IPs, 197 show threat indicators. This suggests the hosting facility may be underutilized or compromised for malicious activities.
---
## OBSERVATION HISTORY
Total Observations: 21 signals recorded
Recent Activity (June 17, 2026):
- Subnet abuse classification confirmed as "high_abuse"
- DNS resolution verified for ahrefs.net
- Operator score: 0.2174 (Minimal)
- Geographic consensus: True (2 sources)
Historical Trends: No persistent malicious behavior observed. Threat observation count: 1. IP not flagged as persistently malicious.
---
## NETWORK BEHAVIOR
- Service Status: Firewalled / No Services Detected
- Open Ports: None
- HTTP Services: None
- TLS Certificates: None
- DNS PTR: proxy-ca000-san19.ahrefs.net
- BGP Prefix: 167.114.128.0/18
- Route Stability: Unstable (isRouteStable: false)
---
## RELATIONSHIP GRAPH
50 relationships identified, primarily Same Network associations to OVH-CUST-281059679. No cross-network or organizational relationships detected beyond immediate hosting infrastructure.
---
## RECOMMENDED ACTIONS
Immediate Mitigation
The following rules are recommended for blocking based on risk profile:
iptables:
```bash
iptables -A INPUT -s 167.114.139.19 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 167.114.139.19 drop
```
nginx:
```nginx
deny 167.114.139.19;
```
pfSense:
```
167.114.139.19/32
```
Cloudflare WAF:
```json
{"description":"Block 167.114.139.19 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 167.114.139.19"}}
```
AWS WAF:
```json
{"Addresses":["167.114.139.19/32"],"Description":"IPDebrief risk 40"}
```
Strategic Considerations
1. Subnet-Level Blocking: Consider blocking the entire /24 (167.114.139.0/24) due to 0.7695 abuse density and 197 threat-confirmed siblings.
2. False Positive Risk: Low. IP shows no direct threat indicators but neighborhood context warrants caution.
3. Duration: Review after 7-14 days to monitor for behavior changes.
4. Collateral Impact: Be aware this IP resolves to ahrefs.net; legitimate traffic may be affected.
---
## INTELLIGENCE CONCLUSION
IP 167.114.139.19 presents moderate risk primarily through neighborhood association. While the IP itself shows no direct malicious activity, its placement within a high-abuse subnet suggests potential for compromised infrastructure. Recommended action: Block with awareness of potential false positives affecting Ahrefs-related services. Monitor subnet-level activity for broader threat patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca000-san19.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san19.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 30% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:51 UTC |
| Last Seen | 2026-06-27 01:26:39 UTC |
| Profile Built | 2026-06-28 00:40:02 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 28 |
Full dossier details are available via our API.