167.114.139.64
# IP INTELLIGENCE BRIEFING: 167.114.139.64/32
Date: 2026-06-26
Classification: Moderate Risk โ Cloud Infrastructure with High-Abuse Subnet Association
---
## EXECUTIVE SUMMARY
IP address 167.114.139.64 is an OVH cloud compute instance (AS16276) resolving to the ahrefs.net domain infrastructure. The IP carries a risk score of 40 (Moderate Risk) and resides within a high-abuse density subnet (167.114.139.0/24) containing 130 identified threat siblings out of 224 active peers. While the IP shows no direct threat indicators, the neighborhood abuse profile warrants defensive monitoring.
---
## OWNERSHIP & GEOSLOCATION
| Attribute | Value |
|---|---|
| ASN | 16276 (OVH) |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Network Block | 167.114.139.0/24 |
| RIR | ARIN |
| Location | Montreal, Quebec, Canada |
| Infrastructure Type | CloudCompute |
| Service Purpose | Firewalled / No Services |
---
## THREAT INDICATORS
Direct Signals: None identified
- No active blacklists (0/0)
- Not Tor exit node
- Not known attacker
- Not spam source
Control Plane:
- DNSBL Listed: 1 of 8 total lists
- DNSSEC Valid: Yes
- Route Stability: Stable (0 route changes in 30 days)
- Operator Score: 0.2174 (Minimal)
---
## NEIGHBORHOOD ANALYSIS
Subnet Profile: 167.114.139.0/24
- Abuse Density: 0.5078 (High)
- Classification: high_abuse
- Threat Siblings: 130
- Active Siblings: 224
- Inherited Risk: 20
Sample Neighbor Risk Distribution:
- Risk Score 40, Authority Score 50 (predominant across peers)
- 100 neighbors analyzed
This IP is embedded within a known high-abuse infrastructure block, requiring contextual threat assessment.
---
## DNS & RESOLUTION PROFILE
| Field | Value |
|---|---|
| PTR Hostname | proxy-ca000-san64.ahrefs.net |
| Domain | ahrefs.net |
| Forward Confirmed | No |
| CAA Records | Validated |
| Email Auth | SPF: No, DMARC: No |
Note: DNS resolution to ahrefs.net suggests legitimate proxy infrastructure, but the lack of forward confirmation and email authentication records presents a potential misconfiguration or abuse vector.
---
## OBSERVATION HISTORY
Total Observations: 21
Recent Signal Types:
1. Abuse Density (2026-06-26 14:54:06 UTC)
- Classification: high_abuse
- Abuse Density: 0.5078
- Confidence: 0.75
2. DNS/CAA Records (2026-06-26 14:50:49 UTC)
- Domain: ahrefs.net
- CAA Records: Present
- Confidence: 0.80
3. Geolocation (2026-06-26 14:50:36 UTC)
- Country: CA
- Confidence: 0.35
- Accuracy: 3000 km
4. Operator Score (2026-06-26 14:48:11 UTC)
- Label: Minimal
- Raw Score: 0.1
- Confidence: 0.30
No persistent malicious behavior observed. Signal persistence days: 0.
---
## SECURITY RECOMMENDATIONS
Risk Assessment: Monitor/Block Based on Organizational Policy
Action Confidence: Moderate (Risk Score 40 with high-abuse subnet context)
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 167.114.139.64 -j DROP
# nftables
nft add rule inet filter input ip saddr 167.114.139.64 drop
# Cloudflare WAF
{
"description": "Block 167.114.139.64 โ IPDebrief risk score 40",
"action": "block",
"filter": {"expression": "ip.src eq 167.114.139.64"}
}
# AWS WAF
{
"Addresses": ["167.114.139.64/32"],
"Description": "IPDebrief risk 40"
}
```
Note: These recommendations are probabilistic and should be combined with other signals before taking action.
---
## ANALYST NOTES
1. Contextual Risk: The IP resolves to legitimate ahrefs.net infrastructure but operates within a high-abuse density OVH subnet. This suggests potential credential sharing or resource contention.
2. Service Status: No open ports or services detected (firewalled). This reduces exploitation surface but may indicate legitimate proxy or residential forwarding service.
3. Recommendation: Implement monitoring or blocking depending on organizational threat posture. If blocking, consider subnet-level rules (167.114.139.0/24) given the 130 threat sibling count, but evaluate business impact first.
---
Report Generated: IPDebrief Intelligence Platform
Data Sources: 21 observation records, neighborhood analysis, DNS verification
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059679 |
| CIDR Block | 167.114.139.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca000-san64.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca000-san64.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 12% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 03:42:56 UTC |
| Last Seen | 2026-06-27 20:53:55 UTC |
| Profile Built | 2026-06-28 20:59:27 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 28 |
Full dossier details are available via our API.