167.114.139.53
IP Intelligence Briefing: 167.114.139.53
Date: 2026-06-13
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Owner: Ahrefs Pte Ltd (OVH-CUST-281059679)
- Geolocation: Montreal, Canada (GeoPlausible: False)
- Network Role: Cloud Compute (OVH infrastructure)
- Threat Indicators: No malicious activity detected (no indicators, spam, or campaigns).
---
**2. Observations & Trends**
- Geo Validation Violation: RTT (27ms) inconsistent with 5,597km distance (minimum possible RTT: 112ms). Suggests potential proxy, CDN, or misconfigured routing.
- Subnet Abuse Density: 62.55% (High Abuse). 157/251 siblings flagged as risky.
- Historical Stability: No persistent malicious activity; 1 observation in 30 days.
---
**3. Network Relationships**
- Subnet: 167.114.139.0/24 (OVH)
- Neighbors: 100 IPs in subnet (76 medium-risk, 24 low-risk).
- Key Links:
- DNS: `proxy-ca000-san53.ahrefs.net` (Ahrefs-owned).
- BGP: `167.114.128.0/18` (OVH network).
---
**4. Threat Context**
- No Direct Threats: No malware, phishing, or malicious campaigns linked.
- Subnet Risk: High abuse density in subnet (62.55%). Monitor for lateral movement or shared vulnerabilities.
- Geo Anomalies: RTT discrepancy may indicate spoofing or proxy usage.
---
**5. Recommended Actions**
1. Monitor Subnet: Investigate high-risk neighbors for potential compromise.
2. Verify Geolocation: Confirm if the IP is using a proxy or CDN to mask true location.
3. Network Segmentation: Isolate cloud compute instances to limit lateral movement.
4. DNS Monitoring: Track DNS queries to `ahrefs.net` for unusual activity.
---
Conclusion: While 167.114.139.53 is associated with a legitimate cloud provider, its subnet exhibits high abuse density and geo validation anomalies. Prioritize monitoring for indirect threats and ensure network segmentation to mitigate risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca000-san53.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san53.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 30% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:51 UTC |
| Last Seen | 2026-06-27 01:30:40 UTC |
| Profile Built | 2026-06-28 00:40:02 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 29 |
Full dossier details are available via our API.