# IP INTELLIGENCE BRIEFING
Target IP: 142.44.220.12/32
Classification: Moderate Risk
Report Date: 2026-06-20
---
## EXECUTIVE SUMMARY
IP address 142.44.220.12 is a cloud infrastructure endpoint associated with OVH hosting services. The address resolves to an Ahrefs corporate hostname and demonstrates moderate risk characteristics with a risk score of 40. The IP operates within a high-abuse density subnet (142.44.220.0/24) but shows no persistent malicious indicators. Recommended handling: Monitor with standard cloud infrastructure threat policies.
---
## INFRASTRUCTURE PROFILE
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Network Block: 142.44.220.0/24
- Infrastructure Type: Cloud Compute / Hosting
- Geolocation: Canada (CA), Region: QC, City: Singapore (data inconsistency noted)
- DNS Resolution: proxy-ca006-san12.ahrefs.net
- Service Status: Firewalled / No Services Detected
---
## RISK ASSESSMENT
| Metric | Value | Assessment |
|---|---|---|
| Overall Risk Score | 40 | Moderate Risk |
| Abuse Confidence Score | N/A | N/A |
| Provider Score | 0 | N/A |
| Authority Score | 0 | N/A |
| DNSBL Listings | 1 of 8 | Low Impact |
| Operator Score | 0.2174 | Minimal |
| Is Known Attacker | No | Clean |
| Is Tor Exit | No | Clean |
| Is Spam Source | No | Clean |
---
## THREAT INDICATORS
- Known Campaigns: None detected
- Threat Feeds: No indicators in active feeds
- Blacklist Status: 0 blacklist entries
- Campaign Likelihood: None
- Cert Matches: 0
- Correlated IPs: 0
---
## SUBNET CONTEXT
Subnet: 142.44.220.0/24
Classification: High Abuse Density
Abuse Density Score: 0.6602
Subnet Statistics:
- Total Siblings: 256
- Active Siblings: 175
- Threat Siblings: 169
- Inherited Risk: 26
Neighbor Risk Distribution (100 sampled):
- High Risk: 0 (0%)
- Medium Risk: 55 (55%)
- Low Risk: 45 (45%)
---
## OBSERVATION HISTORY
Total Observations: 19
Threat Persistence Days: 0
Ownership Changes: 0
Persistently Malicious: No
Recent observations (2026-06-20) indicate:
- High abuse classification maintained
- No new threat indicators
- Stable ownership profile
- Consistent geolocation data
---
## NETWORK RELATIONSHIPS
Total Relationships: 35
Primary Relationship Type: Same Network (OVH-CUST-281059685)
Relationship Targets: Multiple OVH customer network identifiers
The IP is embedded within a larger OVH customer infrastructure network, with 35 recorded relationships to same-network entities.
---
## ACTIONS & RECOMMENDATIONS
Recommended Firewall Rules
```bash
# Standard cloud infrastructure monitoring
iptables -A INPUT -s 142.44.220.12 -j LOG --log-prefix "AHREFS_IP:"
# Block if suspicious activity detected
iptables -A INPUT -s 142.44.220.12 -j DROP
```
Cloud Provider Policies
- Cloudflare WAF: Monitor but allow (Moderate Risk, no direct threats)
- AWS WAF: Standard protection (No specific threat indicators)
- Nginx: Rate limiting recommended for subnet 142.44.220.0/24
SOC Handling
1. Traffic Classification: Allow with logging for forensic purposes
2. Threat Hunting: Monitor for anomalous outbound patterns
3. Subnet Context: Be aware of elevated abuse density in originating /24
4. False Positive Risk: Moderate โ legitimate Ahrefs infrastructure with shared network risk
---
## CONCLUSION
IP 142.44.220.12 represents a legitimate cloud infrastructure endpoint associated with Ahrefs. While the subnet exhibits elevated abuse characteristics (0.6602 density, 169 threat siblings), the target IP itself shows no persistent malicious behavior. Standard cloud infrastructure monitoring policies are appropriate. No immediate blocking action recommended unless specific malicious activity is observed.
Clearance Level: SOC Analyst โ Monitor
Priority: Medium
Action Required: Standard monitoring, no immediate blocking
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san12.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san12.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-16 14:57:51 UTC |
| Last Seen | 2026-06-28 03:32:36 UTC |
| Profile Built | 2026-06-28 21:38:39 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.