37.59.204.158
# IP Intelligence Briefing: 37.59.204.158/32
Classification: Moderate Risk (40/100)
Report Date: June 18, 2026
Analyst: IPDebrief Intelligence Platform
---
## Executive Summary
IP 37.59.204.158 is a cloud-hosted infrastructure address registered to Ahrefs Pte Ltd Dmytro (ASN 16276) under OVH's infrastructure in France. While the IP itself shows no direct threat indicators, the /24 neighborhood exhibits elevated abuse density (0.7188), with 23 of 32 sibling IPs flagged as threat sources. The address is classified as "Firewalled / No Services" with no open ports detected.
---
## Infrastructure Profile
Ownership & Network:
- ASN: 16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd Dmytro
- Registration: RIR RIPE (France)
- Infrastructure Type: CloudCompute
- Connection Type: Hosting
Geolocation:
- Country: France (FR)
- Coordinates: 48.8582°N, 2.3387°E (Paris region)
- RTT Validation: 95-102ms average from probe location; 500.4km distance from claimed location
- Geo Plausibility: Validated
DNS Configuration:
- PTR Hostname: proxy-fr007-san158.ahrefs.net
- Forward Resolution: ahrefs.net
- Email Authentication: SPF/DMARC not configured
- CAA Records: Present (1 issuer)
- DNSSEC: Valid
Services:
- Open Ports: None detected
- TLS Certificate: None
- HTTP Banner: None
- Status: Firewalled / No Services
---
## Threat Indicators
Direct Threat Status:
- Abuse Confidence Score: Not calculated
- Blacklist Status: 0 blacklist matches
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None
Control Plane:
- Operator Score: 0.2174 (Minimal)
- DNSBL Listed: 1 of 8 total lists
- Route Stability: Unstable (isRouteStable: false)
- Route Changes (30d): 0
---
## Neighborhood Analysis
Subnet: 37.59.204.0/24
- Total Siblings: 32
- Active Siblings: 12
- Threat Siblings: 23
- Abuse Density: 0.7188 (High)
- Classification: high_abuse
- Inherited Risk Score: 28
Neighbor Risk Distribution:
- 31 neighbors analyzed
- Risk scores range from 40-50
- Authority scores uniformly 50
- All neighbors classified as medium risk
Assessment: The /24 subnet exhibits consistent medium-to-low risk across neighbors but maintains high overall abuse density. The target IP inherits risk from the subnet but remains below threshold for persistent malicious classification.
---
## Historical Observations
Observation Count: 22 signals
Latest Activity: June 18, 2026
Key Signals:
- Subnet Abuse Classification: High abuse density (0.7188) consistently observed
- Geolocation Validation: Consistent France-based geolocation with valid RTT measurements
- DNS Resolution: Consistent forward resolution to ahrefs.net
- Routing Stability: Unstable routing status noted
Temporal Analysis:
- Ownership changes: 0
- Threat persistence days: 0
- Is persistently malicious: No
- Threat observation count: 1
---
## Relationship Graph
Total Relationships: 46
Primary Relationship Type: Same Network
Target Network: OVH_282114232 (multiple instances)
The IP maintains relationships primarily with its own network infrastructure within the OVH_282114232 network segment.
---
## Recommended Actions
Immediate:
- No immediate blocking required based on current threat profile
- Monitor for service exposure changes (currently firewalled)
Proactive Measures:
- Block inbound traffic from /24 subnet if policy requires (23 threat siblings)
- Monitor DNS resolution changes (currently no open services)
- Review firewall rules for subnet-level controls
Long-term:
- Continue monitoring subnet abuse density trends
- Track ownership changes for the /24 block
- Maintain geo-validation baselines for RTT anomalies
---
Conclusion: IP 37.59.204.158 represents a cloud infrastructure address associated with Ahrefs operations. While the IP itself shows no direct threat indicators, its subnet environment maintains elevated abuse density. Current posture suggests defensive monitoring rather than blocking. SOC teams should focus on subnet-level controls and monitor for service exposure changes.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | proxy-fr007-san158.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-fr007-san158.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:18 UTC |
| Last Seen | 2026-06-27 05:08:38 UTC |
| Profile Built | 2026-06-27 23:14:38 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 25 |
Full dossier details are available via our API.