# IP INTELLIGENCE BRIEFING: 142.44.220.13
Date: 2026-06-17
Classification: Threat Intelligence
Analyst: IPDebrief SOC
---
## EXECUTIVE SUMMARY
IP 142.44.220.13 is a cloud infrastructure endpoint assigned to OVH (ASN 16276) under Ahrefs Pte Ltd ownership. The asset carries a moderate risk score of 40 with significant geolocation data inconsistencies. The IP is hosted on firewalled infrastructure with no active services, resolving to Ahrefs proxy hostnames. The /24 neighborhood exhibits high abuse density (0.6562) with 168 of 256 sibling IPs classified as threats.
---
## TECHNICAL PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 142.44.220.13/32 |
| **Risk Score** | 40 (Moderate Risk) |
| **Provider** | OVH (ASN 16276) |
| **Organization** | Ahrefs Pte Ltd |
| **CIDR Block** | 142.44.220.0/24 |
| **Infrastructure Type** | Cloud Compute |
| **Status** | Firewalled / No Services |
---
## GEOLOCATION ANALYSIS
Critical Finding: Geographic data exhibits physical impossibility violations:
- Reported Location: Singapore (QC), Canada
- Claimed Distance: 5,597.9 km from probe origin
- Observed RTT: 27.0ms
- Minimum Possible RTT: 112.0ms for stated distance
- Status: GEO_PLAUSIBLE = FALSE
This discrepancy indicates unreliable or spoofed geolocation data. The IP is likely hosted in a location inconsistent with reported Singapore/Canada coordinates.
---
## NETWORK CLASSIFICATION
| Classification | Status |
|---|---|
| Cloud Infrastructure | YES |
| CDN | NO |
| VPN | NO |
| Proxy | NO |
| Tor Exit | NO |
| Hosting Provider | YES |
| Residential | NO |
| Mobile | NO |
DNS Resolution: proxy-ca006-san13.ahrefs.net (Ahrefs domain)
Forward Resolution: 1 record confirmed
---
## THREAT ASSESSMENT
Current Risk Indicators
- Abuse Confidence: None reported
- Blacklist Count: 0
- Known Campaigns: None
- Threat Feeds: Empty
Neighborhood Risk Profile (142.44.220.0/24)
- Abuse Density: 0.6562 (High)
- Total Siblings: 256
- Active Siblings: 170
- Threat Siblings: 168
- Classification: HIGH_ABUSE
- Inherited Risk: 26
Historical Observations
- Total Observations: 22 signals
- Recent Activity: Multiple observations on 2026-06-17 showing geolocation inconsistencies
- Control Plane Score: 0.2174 (Minimal)
- Ownership Changes: 0 (Stable)
- Threat Persistence: 0 days
- DNSBL Listings: 1 of 8 total lists
---
## RELATED ENTITIES
Network Relationships:
- OVH-CUST-281059685 (multiple occurrences)
- 45 total relationships detected
- Primary association: Same Network (OVH customer subnet)
Control Plane:
- BGP Prefix: 142.44.128.0/17
- Route Stability: INCONSISTENT (isRouteStable = false)
- Route Changes (30d): 0
- RPKI State: Not reported
---
## RECOMMENDED ACTIONS
Immediate Mitigation Required:
```bash
# iptables
iptables -A INPUT -s 142.44.220.13 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.220.13 drop
# NGINX
deny 142.44.220.13;
# pfSense
142.44.220.13/32
# Cloudflare WAF
Expression: ip.src eq 142.44.220.13
Action: Block
# AWS WAF
Addresses: 142.44.220.13/32
Description: IPDebrief risk 40
```
Risk-Based Recommendation:
The combination of moderate risk score (40), geolocation impossibility violations, and high-abuse neighborhood context warrants defensive blocking. While the IP resolves to a legitimate Ahrefs proxy hostname, the physical location inconsistency and elevated neighborhood threat metrics indicate potential abuse vector usage.
---
## INTELLIGENCE CONCLUSION
IP 142.44.220.13 presents a moderate threat profile with compromised geolocation data and operates within a high-abuse neighborhood. The infrastructure is properly firewalled with no open services, suggesting legitimate use but with potential for abuse. SOC teams should implement blocking rules and monitor for any activity patterns indicative of malicious use. The Ahrefs proxy hostname association requires context-aware evaluation against known Ahrefs infrastructure baselines.
---
End of Briefing
Generated by IPDebrief Threat Intelligence
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san13.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san13.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:42 UTC |
| Last Seen | 2026-06-26 22:40:10 UTC |
| Profile Built | 2026-06-27 18:54:32 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 29 |
Full dossier details are available via our API.