176.31.139.1
IP Intelligence Briefing: 176.31.139.1
Date: June 14, 2026
**Profile Summary**
- Risk Score: Moderate (50/100)
- Ownership: Ahrefs Pte Ltd Dmytro (OVH network, ASN 16276)
- Geolocation: Roubaix, Hauts-de-France, France (FR)
- Network Role: CloudCompute infrastructure (OVH-hosted, no public services)
- Threat Indicators: No direct malicious activity detected
**Key Observations**
1. Subnet Abuse Context:
- /24 subnet (176.31.139.0/24): High abuse density (0.75), with 31 sibling IPs.
- Neighbor Risk: 24 of 31 neighbors have medium/high risk scores (40β50).
- Inherited Risk: 30% of subnetβs risk profile may apply to this IP.
2. Network Behavior:
- Cloud Hosting: Identified as a cloud compute instance (OVH infrastructure).
- DNS: Resolves to `proxy-fr004-san1.ahrefs.net` (ahrefs.net domain).
- BGP: Stable route with AS_PATH `57866 16276` (OVH).
3. Historical Signals:
- No recent threats or malicious campaigns linked.
- Consistent geolocation and network stability over time.
**Threat Context**
- No Direct Threats: No indicators of C2, spam, or malware activity.
- Subnet Risks: High abuse density in the subnet suggests potential for collateral risk (e.g., misconfigured neighbors, shared infrastructure).
- Ownership: Ahrefs is a legitimate company, but OVHβs network includes both legitimate and risky IPs.
**Recommended Actions**
1. Monitor Subnet: Investigate high-risk neighbors in 176.31.139.0/24 for potential lateral movement or shared compromise.
2. Restrict Access: Apply firewall rules to limit traffic to trusted sources, especially given the subnetβs abuse profile.
3. Verify Configuration: Confirm the cloud instanceβs security posture (e.g., no open ports, proper access controls).
4. Watch for Anomalies: Track changes in DNS, BGP, or network behavior that could indicate reconfiguration or compromise.
Conclusion: This IP is part of a legitimate cloud infrastructure but resides in a subnet with elevated abuse risk. While no direct threats are detected, the network context warrants closer monitoring to mitigate potential collateral risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | 176.31.0.0/16 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-fr004-san1.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr004-san1.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 24% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 26% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:56 UTC |
| Last Seen | 2026-06-27 02:16:10 UTC |
| Profile Built | 2026-06-27 20:22:33 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 34 |
Full dossier details are available via our API.