37.59.204.156
IP Intelligence Dossier
Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing: IP Address 37.59.204.156/32
1. Risk Assessment
- Risk Score: Moderate (40/100) with no direct malicious indicators.
- Provider: Owned by OVH (AS16276), a French hosting/cloud provider.
- Network Role: Classified as a hosting infrastructure node (OVH_282114232), with no CDN, VPN, or Tor activity.
- Threat Context: No known malware campaigns, spam, or abuse-linked domains associated with this IP.
2. Geolocation & Ownership
- Location: France (FR), with no city/region data.
- Organization: Ahrefs Pte Ltd (a legitimate SEO tool provider).
- Subnet: Part of the 37.59.204.0/24 subnet, which has a high abuse density (0.7188) and inherited risk score of 28.
3. Network & Subnet Analysis
- Neighbor Risk: 31 IPs in the subnet, with 23 flagged as "threat siblings" (risk scores 40β50).
- Abuse Classification: Subnet labeled "high_abuse," suggesting potential for malicious activity.
- Shared Infrastructure: Multiple IPs in the subnet share OVHβs network, indicating potential lateral movement or shared hosting risks.
4. Historical Observations (Last 30 Days)
- Stability: IP has been consistently observed as a hosting node since June 2026.
- Changes: No significant shifts in risk or network role detected.
- DNS: Resolves to `proxy-fr007-san156.ahrefs.net` (Ahrefsβ infrastructure), with no DNS-related threats.
5. Recommended Actions
- Monitor Traffic: Watch for unusual outbound connections or data exfiltration patterns due to the subnetβs high abuse density.
- Subnet-Level Checks: Investigate neighboring IPs (e.g., 37.59.204.128β159) for potential lateral movement or shared hosting compromises.
- Verify Hosting Activity: Confirm Ahrefsβ use of this IP and ensure no unauthorized services are running.
Conclusion: While the IP itself appears benign, its association with a high-abuse subnet and hosting infrastructure warrants closer monitoring. SOC teams should prioritize subnet-level analysis and correlate with broader network behavior to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-fr007-san156.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr007-san156.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
No certificate
Issued by β
N/A
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 9 | 14 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:18 UTC |
| Last Seen | 2026-06-27 05:08:18 UTC |
| Profile Built | 2026-06-27 23:14:38 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 25 |
π 19 signal types Β· 25 observations collected
This report is generated from 19+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.