IP Intelligence Briefing: 167.114.139.54
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership:
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Subnet: 167.114.139.0/24
- Geolocation:
- Country: Canada (QC, Montreal)
- Geo Plausibility: False (RTT anomalies suggest geolocation inconsistency)
- Network Role:
- Hosting provider (OVH)
- Subnet classified as high_abuse (abuse density: 0.7422)
- No open ports, no TLS certificates, no HTTP services
---
**2. Threat Indicators**
- No direct malicious indicators (no blacklists, spam, or campaigns).
- Subnet Risk: 29 inherited risk points from high-abuse sibling IPs (190/256 IPs in subnet flagged).
- DNS: Resolves to `proxy-ca000-san54.ahrefs.net` (linked to Ahrefs).
---
**3. Observation History**
- Recent Activity (2026-06-14):
- DNS resolution for `ahrefs.net` (CAA records validated).
- Subnet abuse density increased to 0.7422 (from 0.6403 in June 2026).
- Network classified as "high_abuse" with 190 threat siblings.
---
**4. Relationships**
- Linked Entities:
- Subnet: `167.114.139.0/24` (OVH-CUST-281059679)
- Organization: Ahrefs Pte Ltd (OVH customer)
- No direct ties to known malicious campaigns or domains.
---
**5. Neighborhood Analysis**
- Subnet Overview:
- Total IPs: 256 (167.114.139.0/24)
- Active IPs: 207
- Threat IPs: 190 (74.22% abuse density)
- Risk Context:
- High-risk subnet with significant inherited risk.
- Siblings show mixed activity, but no direct malicious signals.
---
**6. Recommendations**
1. Monitor Subnet Traffic:
- Focus on 167.114.139.0/24 for unusual outbound connections or data exfiltration patterns.
2. Validate Geolocation:
- Investigate RTT anomalies (26ms vs. expected 112ms for 5,597km) to confirm IP legitimacy.
3. Check Ahrefs Infrastructure:
- Confirm if Ahrefs is using OVH infrastructure for legitimate services or potential abuse.
4. Implement Network Segmentation:
- Isolate high-risk subnets to limit lateral movement if compromised.
---
Conclusion:
167.114.139.54 is part of a high-abuse subnet managed by OVH, associated with Ahrefs. While no direct malicious activity is observed, the subnetβs risk profile warrants closer scrutiny. SOC teams should prioritize monitoring this subnet for anomalous behavior and validate geolocation inconsistencies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca000-san54.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san54.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 21:54:10 UTC |
| Last Seen | 2026-06-27 22:01:58 UTC |
| Profile Built | 2026-06-28 16:07:29 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.