142.44.220.14
# IP Intelligence Briefing: 142.44.220.14
Classification: Moderate Risk / Cloud Infrastructure
Date Generated: Current
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP 142.44.220.14 is a moderate-risk address (risk score 40) hosted on OVH cloud infrastructure. The IP resolves to proxy-ca006-san14.ahrefs.net and is listed on 1 of 8 DNS blacklists. While no active threat campaigns were detected, the IP belongs to a high-abuse subnet (142.44.220.0/24) with 174 of 256 sibling IPs flagged as threats. Geographic validation shows significant inconsistencies, with RTT measurements indicating ~5,598 km distance despite geolocation reporting Canada.
---
## Technical Profile
Network Classification:
- ASN: AS16276 (OVH SAS)
- Organization: Ahrefs Pte Ltd (Netblock: OVH-CUST-281059685)
- Infrastructure Type: CloudCompute / Hosting
- CIDR Block: 142.44.220.0/24
Geolocation:
- Reported Location: Canada (QC) / Singapore (inconsistent)
- Validation Status: GEOLOCATION VIOLATION DETECTED
- RTT Analysis: 27ms measured vs. 112ms minimum possible for reported distance (5,598 km)
DNS Resolution:
- PTR Hostname: proxy-ca006-san14.ahrefs.net
- Domain: ahrefs.net
- Email Auth: SPF and DMARC not configured
- Forward Resolution: 1 hostname confirmed
Services:
- Open Ports: None detected
- TLS Certificate: None
- HTTP Title: None
- Status: Firewalled / No Services
---
## Threat Indicators
Current Risk Assessment:
- Overall Risk Score: 40 (Moderate)
- Abuse Confidence: Not calculated
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 1/8
Control Plane:
- Operator Score: 0.2174 (Minimal)
- DNSSEC: Valid
- Route Stability: Unstable
- Threat Observation Count: 1
---
## Neighborhood Analysis
Subnet Profile (142.44.220.0/24):
- Abuse Density: 0.6797 (High)
- Classification: high_abuse
- Active Siblings: 194 of 256
- Threat Siblings: 174
Risk Distribution:
- High: 0
- Medium: 43
- Low: 57
The subnet demonstrates significant abuse activity, with nearly 68% of active IPs flagged as threats. This contextual evidence supports elevated caution for the target IP.
---
## Historical Observations
Total Observations: 22 signals recorded
Recent Signal Timeline (2026-06-20):
- Provider identification: OVH (confidence 0.85)
- Subnet abuse classification: high_abuse (confidence 0.75)
- Geolocation signals: Inconsistent country reporting (CA)
- Operator score: 0.2174 (confidence 0.60)
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Persistently Malicious: No
---
## Related Entities
Relationships Count: 46
Primary Relationships:
- Network: OVH-CUST-281059685 (41 instances)
- Additional relationships: Pending full graph analysis
---
## Recommended Actions
Based on risk score 40 and subnet abuse context, the following firewall rules are recommended:
Network Filtering:
```bash
# iptables
iptables -A INPUT -s 142.44.220.14 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.220.14 drop
```
Web Server Protection:
```nginx
# nginx
deny 142.44.220.14;
```
WAF Rules:
- Cloudflare WAF: Block 142.44.220.14 (risk score 40)
- AWS WAF: Add address 142.44.220.14/32
---
## Intelligence Narrative
IP 142.44.220.14 is a cloud-hosted proxy endpoint associated with Ahrefs infrastructure, operating within an OVH-managed /24 subnet exhibiting high abuse density. The IP demonstrates moderate risk characteristics with no confirmed active threat campaigns. However, the subnet's elevated threat signature (68% abuse density) and the IP's DNS blacklist presence warrant defensive monitoring. Geographic validation failures suggest potential misconfiguration or spoofing activity.
SOC Action Required:
1. Implement blocking at perimeter firewalls
2. Monitor for connection attempts from related subnets
3. Correlate with any observed malicious activity
4. Review logs for associated malicious user agents or payloads
Confidence Level: Moderate - Subnet context supports elevated risk despite individual IP lacking definitive threat indicators.
---
*Report generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san14.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san14.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:08 UTC |
| Last Seen | 2026-06-28 14:58:59 UTC |
| Profile Built | 2026-06-29 03:03:41 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.