167.114.139.205
## IP INTELLIGENCE BRIEFING: 167.114.139.205/32
Classification: Moderate Risk โ Hosted Cloud Infrastructure
Date: 2026-06-27
Provider: OVH (ASN 16276)
---
**EXECUTIVE SUMMARY**
IP address 167.114.139.205 is a cloud-hosted infrastructure endpoint associated with OVH hosting services in Montreal, Canada. The IP resolves to the Ahrefs.net domain (proxy-ca000-san205.ahrefs.net) and carries a moderate risk score of 40. No active threat indicators or blacklist entries were detected. The IP resides within a subnet exhibiting elevated abuse density (0.5078), with 130 of 256 total siblings flagged as threat sources.
---
**OWNERSHIP & INFRASTRUCTURE**
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 167.114.139.0/24 (OVH-CUST-281059679)
- ASN: 16276
- Infrastructure Type: Cloud Computing (OVH)
- Connection Type: Firewalled/No Services Open
- Registration: ARIN
The IP is registered under an OVH hosting account with ownership attributed to Ahrefs Pte Ltd. The address has shown stable ownership with no recent changes.
---
**GEOLOCATION ANALYSIS**
- Consensus Location: Montreal, Quebec, Canada (CA)
- Coordinates: 56.13°N, -106.35°W
- RTT Analysis: 26-28ms average vs. minimum possible 112ms for reported distance (5,597km)
- Validation Status: GEOVALIDATION VICTION โ RTT measurements inconsistent with claimed location
- Accuracy: 3,000km radius (low confidence)
*Note: Geo validation discrepancy suggests potential misattribution or multi-hop routing.*
---
**DNS & NETWORK SERVICES**
- PTR Hostname: proxy-ca000-san205.ahrefs.net
- Forward Resolution: 1 hostname (ahrefs.net)
- Forward Confirmed: No
- Open Ports: None detected
- TLS Certificate: Not present
- HTTP Services: None active
- Email Auth: SPF/DMARC not configured (if applicable)
The IP is associated with Ahrefs proxy infrastructure but shows no active services or open ports during probe.
---
**THREAT INTELLIGENCE**
- Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not reported
- Blacklist Count: 0
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Historical Observations: 24 signal observations recorded. Risk profile has remained relatively stable with no escalation to malicious activity.
---
**NEIGHBORHOOD ANALYSIS**
- Subnet: 167.114.139.0/24
- Abuse Density: 0.5078 (High Abuse Classification)
- Total Siblings: 256
- Active Siblings: 222
- Threat Siblings: 130
- Risk Distribution: Medium (94), Low (6), High (0)
The subnet exhibits elevated abuse density, with nearly 51% of addresses flagged as threats. This contextualizes the IP within a higher-risk hosting environment.
---
**RECOMMENDED ACTIONS**
Given the moderate risk score and high-abuse neighborhood classification, consider the following:
| Platform | Recommended Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 167.114.139.205 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 167.114.139.205 drop` |
| **nginx** | `deny 167.114.139.205;` |
| **pfSense** | Block 167.114.139.205/32 |
| **Cloudflare WAF** | Block IP with description "IPDebrief risk score 40" |
| **AWS WAF** | Add IP 167.114.139.205/32 to blocked list |
---
**INTELLEIGENCE NOTES**
- The IP is part of Ahrefs proxy infrastructure, which may be legitimately used for web scraping and SEO tools
- No evidence of malicious activity or exploitation attempts
- Elevated neighborhood abuse density warrants monitoring but does not indicate confirmed threat
- Geo validation inconsistency should be investigated if location accuracy is critical for operations
Status: Monitor โ No immediate threat indicators detected. Apply recommended firewall rules as defensive measure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca000-san205.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san205.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 05:25:38 UTC |
| Last Seen | 2026-06-27 14:55:18 UTC |
| Profile Built | 2026-06-28 15:00:30 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 29 |
Full dossier details are available via our API.