142.44.220.118
# INTELLIGENCE BRIEFING: 142.44.220.118/32
Classification: Moderate Risk (Score: 40/100)
Date: 2026-06-26
Status: Active Threat Intelligence Signal
---
## EXECUTIVE SUMMARY
IP address 142.44.220.118 is hosted on OVH cloud infrastructure and resolves to Ahrefs.net domain endpoints. While the individual IP shows moderate risk, it operates within a high-abuse density subnet (142.44.220.0/24) containing 166 threat-identified siblings. No direct malicious indicators or known campaigns are associated with this IP.
---
## OWNERSHIP AND INFRASTRUCTURE
| Field | Value |
|---|---|
| **Organization** | OVH (ASN: 16276) |
| **Netblock** | 142.44.220.0/24 |
| **Infrastructure Type** | Cloud Computing / Hosting |
| **Registrant** | Dmytro, Ahrefs Pte Ltd |
| **RIR** | ARIN |
The IP belongs to the OVH-CUST-281059685 customer block, indicating shared cloud hosting infrastructure. The subnet contains 256 total sibling IPs with 175 currently active and 166 exhibiting threat indicators.
---
## GEOGRAPHICAL CLASSIFICATION
- Country: Canada (CA) / Singapore (discrepancy noted)
- Region: Quebec / Singapore
- Geolocation Confidence: Plausible (single source)
- DNS Resolutions: proxy-ca006-san118.ahrefs.net
- Reverse DNS: Confirmed via PTR record
---
## THREAT INTELLIGENCE
Current Risk Profile
- Overall Risk Score: 40 (Moderate)
- Abuse Confidence: Not quantified
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- Campaign Correlation: None detected
Neighborhood Context
- Subnet Abuse Density: 0.6484 (High)
- Inherited Risk Score: 25
- Threat Siblings: 166 out of 256 IPs
- Classification: High Abuse
---
## OBSERVATION HISTORY
Total Observations: 21 signals tracked
Key historical signals:
- 2026-06-26: Cloud infrastructure classification confirmed (OVH provider, hosting enabled)
- 2026-06-19: Subnet abuse density assessment (high_abuse classification)
- 2026-06-19: Network role assessment (cloud compute)
Temporal Analysis:
- Ownership changes: 0
- Threat observation count: 1
- Persistently malicious: No
- Route stability: False (route changes observed in 30-day window)
---
## NETWORK SERVICES
- Open Ports: None detected
- TLS Certificate: Not applicable (no services)
- HTTP Banner: None
- Service Classification: Firewalled / No Services
---
## RELATIONSHIP GRAPH
Total Relationships: 54 links identified
Primary relationship clusters:
- Same network blocks (OVH-CUST-281059685)
- Associated network infrastructure
- No external hostname or certificate relationships beyond Ahrefs.net domain
---
## RECOMMENDED ACTIONS
Firewall Rules (Immediate)
```bash
# iptables
iptables -A INPUT -s 142.44.220.118 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.220.118 drop
# Cloudflare WAF
ip.src eq 142.44.220.118 โ BLOCK
# AWS WAF
Addresses: 142.44.220.118/32 โ ACTION: BLOCK
```
Strategic Recommendations
1. Block individual IP: Risk score 40 warrants blocking at perimeter
2. Monitor subnet 142.44.220.0/24: High abuse density (64.8%) suggests broader risk
3. No escalation needed: No active campaigns or known attacker status
4. Review associated IPs: Consider blocking additional high-risk siblings if traffic patterns warrant
---
## ANALYST NOTES
The IP demonstrates characteristics typical of cloud-hosted infrastructure with moderate risk scoring. While no direct malicious activity has been observed, the subnet-level abuse density (166 threat siblings) suggests elevated risk in this address space. The Ahrefs.net domain resolution indicates legitimate SEO/marketing use case, but the shared hosting environment cannot be assumed clean.
Action Priority: MEDIUM
Block Recommendation: YES (based on risk score 40)
Escalation Required: No
---
*Report generated: 2026-06-26*
*Data Source: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san118.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san118.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:10:00 UTC |
| Last Seen | 2026-06-27 19:51:52 UTC |
| Profile Built | 2026-06-28 13:56:54 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 26 |
Full dossier details are available via our API.