167.114.139.6
## IP Intelligence Briefing: 167.114.139.6
Classification: Moderate Risk | Risk Score: 40 | Status: Active Cloud Infrastructure
Infrastructure Profile
The IP address 167.114.139.6 is hosted on OVH infrastructure (ASN 16276) within the Montreal, QC datacenter. The asset operates under the OVH-CUST-281059679 customer network block and is registered to Ahrefs Pte Ltd. The IP resolves to proxy-ca000-san6.ahrefs.net, indicating it is part of Ahrefs' proxy/CDN infrastructure. The service role is classified as "Firewalled / No Services" with no open ports detected.
Threat Assessment
Current threat indicators show no direct malicious activity:
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Count: 0
- Abuse Confidence Score: Not available
- Campaign Likelihood: None
The IP is listed on 1 of 8 DNSBL lists, suggesting some reputation concerns but no confirmed malicious campaigns. Operator scoring rates the IP as "Minimal" risk.
Neighborhood Analysis
The /24 subnet (167.114.139.0/24) demonstrates elevated abuse density at 50.78%, classified as "high_abuse." The subnet contains 256 total IPs with 224 active and 130 identified as threat siblings. Risk distribution across the subnet shows 90 medium-risk and 10 low-risk neighbors, with no high-risk neighbors currently observed. This suggests the subnet is heavily utilized for legitimate but reputation-sensitive operations.
Historical Observations
Analysis of 22 signal observations reveals consistent infrastructure behavior. Recent observations from 2026-06-26 show stable geolocation data pointing to Canada (CA) with confidence levels ranging from 0.35 to 0.75. Ownership signals indicate persistent assignment to the OVH customer block with no recent ownership changes. The inherited risk score from the subnet is 20, suggesting the IP benefits from the network's overall reputation.
Operational Status
The IP exhibits stable routing behavior with RPKI validation active and CAA records present. BGP prefix 167.114.128.0/18 remains stable with zero route changes in the past 30 days. DNSSEC is valid, and the IP maintains forward resolution to the Ahrefs proxy hostname.
Recommended Actions
Based on the moderate risk profile and cloud-hosted nature:
1. Monitor: Track for any changes in threat indicators or blacklist status
2. Allow: Permissive firewall rules are appropriate; no blocking recommended
3. Context: Recognize as legitimate Ahrefs proxy infrastructure; false positives likely if traffic appears anomalous
4. Subnet Awareness: Be aware of elevated abuse density in the /24 subnet when evaluating related traffic
Intelligence Summary
167.114.139.6 is a legitimate Ahrefs proxy endpoint hosted on OVH infrastructure in Montreal. While the subnet shows high abuse density (50.78%), this IP itself demonstrates no active threat indicators. The IP should be treated as infrastructure rather than a threat source, with monitoring focused on behavioral anomalies rather than reputation-based blocking.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca000-san6.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san6.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 16:14:04 UTC |
| Last Seen | 2026-06-27 17:51:54 UTC |
| Profile Built | 2026-06-28 11:56:27 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 26 |
Full dossier details are available via our API.