142.44.220.137
# IP Intelligence Briefing: 142.44.220.137
## Executive Summary
IP address 142.44.220.137 is classified as Moderate Risk (Risk Score: 40) and operates within an OVH-hosted cloud compute infrastructure. The IP belongs to the Ahrefs Pte Ltd organization (ASN 16276) and resolves to the ahrefs.net domain. No active services are detected, but the subnet exhibits high abuse characteristics with significant threat correlation.
## Ownership and Network Classification
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH SAS)
- Network Block: 142.44.220.0/24
- Infrastructure Type: Cloud Compute (Hosted)
- Geolocation: Canada (CA) / Singapore (discrepant data)
- Network Role: Firewalled / No Services Detected
## DNS and Resolution Analysis
- PTR Hostname: proxy-ca006-san137.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: 1 confirmed hostname
- Email Authentication: SPF and DMARC records absent
- DNSBL Status: Listed on 1 of 8 threat feeds
## Threat Intelligence Assessment
- Threat Indicators: None identified
- Known Campaigns: None correlated
- Attack Classifications: Not Tor exit, not known attacker, not spam source
- Abuse Confidence Score: Not calculated
- Blacklist Count: 0
## Neighborhood Analysis (142.44.220.0/24)
- Subnet Classification: High Abuse
- Abuse Density: 0.6797 (67.97% of IPs flagged)
- Total Siblings: 256
- Active Siblings: 179
- Threat Siblings: 174 (68% of active IPs)
- Risk Distribution: 0 High, 47 Medium, 53 Low
- Inherited Risk Score: 27
## Observation History
- Total Observations: 18 signals recorded
- Recent Activity: Network scanning detected (06-20-2026)
- Temporal Behavior: Non-persistently malicious (0 threat persistence days)
- Ownership Stability: No ownership changes detected
## Relationship Graph
- Total Relationships: 42
- Primary Associations: Multiple Same Network relationships to OVH-CUST-281059685
- Correlated Entities: Network-level clustering indicates infrastructure sharing
## Recommended Security Actions
Based on the moderate risk profile and subnet abuse characteristics, the following measures are recommended:
1. Monitor but Do Not Block: The IP lacks active services and specific threat indicators. Implement monitoring rather than immediate blocking.
2. Review Email Authentication: Verify SPF and DMARC record implementation for ahrefs.net domain if receiving email.
3. Monitor Subnet Activity: The high abuse density (67.97%) warrants monitoring of traffic patterns from the 142.44.220.0/24 subnet.
4. DNSBL Verification: Confirm current DNSBL listing status, as 1 of 8 lists currently flag the IP.
5. Port Scan Verification: Confirm the "no services" classification through active port scanning if traffic is observed from this IP.
## Threat Narrative
The IP 142.44.220.137 presents a moderate risk profile within a high-abuse OVH cloud computing subnet. While the IP itself shows no active services or direct threat indicators, the surrounding network environment exhibits significant abuse correlation with 174 out of 256 sibling IPs flagged as threats. The DNS resolution to ahrefs.net suggests legitimate business use, but the absence of email authentication records and DNSBL presence warrant continued monitoring. Infrastructure classification as firewalled with no open ports reduces immediate exploitability risk, but the subnet-level abuse density indicates potential for collateral malicious activity.
---
*Intelligence generated from IPDebrief analysis. Data current as of analysis timestamp.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san137.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san137.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:56:11 UTC |
| Last Seen | 2026-06-28 13:24:36 UTC |
| Profile Built | 2026-06-29 07:28:46 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.