167.114.139.234
# IP Intelligence Briefing: 167.114.139.234
## Executive Summary
Risk Classification: Moderate Risk (Score: 40)
Infrastructure Type: Cloud Hosting (OVH)
Geolocation: Montreal, QC, Canada
Primary Assessment: Legitimate hosting infrastructure with elevated neighborhood-level risk indicators. IP resolves to Ahrefs.net domain but shows no direct threat indicators.
---
## Ownership and Network Classification
- ASN: 16276 (OVH SAS)
- Organization: Dmytro, Ahrefs Pte Ltd
- Netname: OVH-CUST-281059679
- CIDR Block: 167.114.139.0/24
- Infrastructure Type: Cloud Computing / Hosting
- RIR Registration: ARIN
---
## Geolocation Data
- Country: Canada (CA)
- Region: Quebec
- City: Montreal
- Coordinates: 56.13°N, -106.35°W
- Accuracy Radius: 3000 km
- Geo Validation: Multiple sources confirm Canadian location
---
## DNS and Service Analysis
- PTR Record: proxy-ca000-san234.ahrefs.net
- Forward Resolution: Confirmed (ahrefs.net)
- Open Ports: None detected (Service Purpose: Firewalled / No Services)
- TLS Certificate: None
- HTTP Services: None detected
- Email Auth: SPF/DMARC not configured
---
## Threat Intelligence Indicators
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Abuse Confidence Score: Not applicable
- Known Campaigns: None
---
## Control Plane and Routing
- BGP Prefix: 167.114.128.0/18
- Origin ASN: 16276
- Route Stability: False
- DNSSEC Valid: True
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.087 (Minimal)
---
## Neighborhood Analysis (167.114.139.0/24)
- Abuse Density: 0.6211 (High)
- Classification: High Abuse
- Total Siblings: 256
- Active Siblings: 222
- Threat Siblings: 159
- Inherited Risk Score: 24
Neighborhood Risk Distribution:
- High Risk: 0%
- Medium Risk: 100%
- Low Risk: 0%
---
## Historical Observations
- Total Observations: 22
- Ownership Stability: No changes recorded
- Threat Persistence: 0 days
- Recent Signals: Consistent operator score of 0.087 (Minimal)
- Geographic Consistency: Canada (CA) across all observations
---
## Relationship Graph
- Total Relationships: 68
- Primary Relationships: Same Network (OVH-CUST-281059679)
- External Links: None to organizations, hostnames, or certificates
---
## Recommended Actions
Priority: MONITOR (Due to neighborhood abuse density)
1. Traffic Analysis: Monitor for traffic patterns consistent with Ahrefs.net legitimate operations or potential abuse from the subnet
2. Geolocation Correlation: Cross-reference with known Ahrefs infrastructure to determine legitimate use
3. Subnet-Wide Assessment: Consider broader monitoring of 167.114.139.0/24 due to 62% abuse density
4. Block List Status: Verify against updated DNSBL lists (1 of 8 lists flagged)
---
## Intelligence Narrative
IP 167.114.139.234 is hosted on OVH infrastructure in Montreal, Canada, associated with Ahrefs.net domain operations. The IP itself demonstrates no direct threat indicators, with zero blacklist entries and no known malicious activity. However, the /24 subnet exhibits elevated abuse density (0.6211) with 159 of 222 active neighbors classified as threats. This suggests the hosting provider may be utilizing this subnet for multiple purposes, some potentially misconfigured or exploited. The IP's moderate risk score (40) aligns with neighborhood-level risk rather than individual malicious activity. SOC teams should monitor traffic patterns for legitimate Ahrefs operations while maintaining awareness of subnet-wide abuse potential. No immediate blocking is warranted, but enhanced logging and correlation with known Ahrefs infrastructure is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca000-san234.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san234.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:51 UTC |
| Last Seen | 2026-06-27 01:28:40 UTC |
| Profile Built | 2026-06-28 00:40:02 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 28 |
Full dossier details are available via our API.