# IP INTELLIGENCE BRIEFING: 142.44.220.164/32
Date: 2026-06-18
Classification: MODERATE RISK / HIGH ABUSE NEIGHBORHOOD
---
## EXECUTIVE SUMMARY
IP 142.44.220.164 presents as moderate risk (score: 40/100) with a footprint in OVH cloud infrastructure associated with Ahrefs Pte Ltd. While the target IP itself shows no active threat indicators, the /24 subnet exhibits high abuse density (65.62%), with 168 of 170 active sibling IPs classified as threats.
---
## INFRASTRUCTURE PROFILE
- IP Address: 142.44.220.164/32
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Netname: OVH-CUST-281059685
- Infrastructure Type: Cloud Compute / Hosting
- DNS Hostname: proxy-ca006-san164.ahrefs.net
- Registered Domain: ahrefs.net
---
## GEOLOCATION ANALYSIS
- Reported Country: Canada (CA)
- Reported Coordinates: Singapore
- Geographic Discrepancy: YES โ RTT validation indicates 5,598km distance with 27ms round-trip time, violating minimum possible RTT (112ms). This suggests geolocation data inconsistency.
---
## THREAT INDICATORS
- Abuse Confidence Score: Not calculated
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Threat Feeds: None detected
- Known Campaigns: None
Services: No open ports detected. Firewall configuration active.
---
## NEIGHBORHOOD CONTEXT (CRITICAL)
The /24 subnet 142.44.220.0/24 demonstrates concerning abuse patterns:
- Abuse Density: 65.62% (HIGH)
- Total Siblings: 256 IPs
- Active Siblings: 170
- Threat Siblings: 168
- Inherited Risk Score: 26
- Classification: high_abuse
The majority of active IPs in this subnet are flagged as threats, suggesting either compromised infrastructure or a shared hosting environment with elevated abuse risk.
---
## OBSERVATION HISTORY
- Total Observations: 22 signals
- Observation Period: Recent activity detected (2026-06-13 to 2026-06-18)
- Operator Score: 0.2174 (Minimal)
- Persistence: Single threat observation recorded
- Status: Not persistently malicious
The IP shows stable characteristics with no significant threat evolution over the observation period.
---
## RELATIONSHIPS
- Primary Association: OVH-CUST-281059685 (OVH hosting customer)
- Related Entities: Multiple same-network relationships indicating OVH infrastructure cluster
- Certificate Associations: None detected
---
## SOC ACTION RECOMMENDATIONS
IMMEDIATE ACTIONS
1. Monitor Closely: While this IP itself is clean, block or rate-limit traffic from the entire 142.44.220.0/24 subnet due to 65.62% abuse density.
2. Verify Legitimacy: Confirm if Ahrefs has authorized operations from this subnet. Legitimate traffic should be verified against known Ahrefs endpoints.
3. Inspect Logs: Review inbound/outbound connections from this IP for any anomalous behavior despite clean threat indicators.
FIREWALL RULES
```bash
# Block high-risk subnet
iptables -A INPUT -s 142.44.220.0/24 -j DROP
# OR for rate limiting
iptables -A INPUT -s 142.44.220.0/24 -m limit --limit 5/min --limit-burst 10 -j ACCEPT
iptables -A INPUT -s 142.44.220.0/24 -j DROP
```
MONITORING PARAMETERS
- Track any new open port activity
- Monitor for DNS queries to ahrefs.net subdomains
- Alert on connection attempts from any 142.44.220.x IP ranges
- Watch for increases in threat sibling classification
---
## THREAT ASSESSMENT
Current Risk: MODERATE (Score: 40/100)
Neighborhood Risk: HIGH (65.62% abuse density)
Recommendation: BLOCK SUBNET OR IMPLEMENT STRICT RATE LIMITING
While IP 142.44.220.164 itself shows no active malicious behavior, the surrounding infrastructure demonstrates significant compromise indicators. Treat all traffic from this /24 subnet as potentially hostile until legitimacy is confirmed.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san164.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san164.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:42 UTC |
| Last Seen | 2026-06-26 22:42:20 UTC |
| Profile Built | 2026-06-27 18:57:52 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.