142.44.220.20

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP INTELLIGENCE BRIEFING

Target: 142.44.220.20/32

Date: Current

Classification: Moderate Risk

---

EXECUTIVE SUMMARY

Target IP 142.44.220.20 is hosted on OVH cloud infrastructure (ASN 16276) with a risk score of 40 (Moderate Risk). While the IP itself shows no active threat indicators, it resides within a high-abuse subnet (142.44.220.0/24) containing 179 threat-suspect siblings out of 256 total addresses. The subnet's abuse density score of 0.6992 indicates elevated risk context.

OWNERSHIP & INFRASTRUCTURE

ASN: 16276 (OVH)
Organization: Dmytro, Ahrefs Pte Ltd
Network: OVH-CUST-281059685
CIDR: 142.44.220.0/24
Infrastructure Type: CloudCompute (Hosting enabled)
Service Status: Firewalled / No Services Detected

GEOLOCATION

Primary Location: Canada (CA)
Secondary Location: Singapore (inconsistent data)
Accuracy: 3000 km radius
Note: Geolocation data shows inconsistency requiring validation

THREAT INDICATORS

Blacklist Status: Listed on 1 of 8 DNSBLs
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Known Campaigns: None identified
Risk Score: 40/100 (Moderate)

NETWORK CONTEXT & NEIGHBORHOOD

Subnet Abuse Density: 0.6992 (High)
Threat Siblings: 179 out of 256 addresses
Active Siblings: 194
Route Stability: Unstable
Hop Count: 18 hops via Comcast transit

OBSERVATION HISTORY

Total Observations: 22
Recent Activity: Signals observed through June 2026
Operator Score: 0.2174 (Minimal)
Threat Persistence: 0 days
Ownership Changes: 0

RESOLVED HOSTNAMES

proxy-ca006-san20.ahrefs.net (ahrefs.net)
Forward resolution confirmed: No

---

SOC ANALYST ACTIONS

Immediate Recommendations:

1. Monitor Traffic – The IP shows no active attack signatures but requires monitoring due to high-abuse subnet context

2. DNSBL Validation – Investigate which of the 8 DNSBLs has listed this IP

3. Geolocation Validation – Confirm actual physical location due to Singapore/Canada inconsistency

Blocking Considerations:

Firewall rules generated for iptables, nftables, nginx, pfSense, Cloudflare WAF, and AWS WAF
Blocking is recommended due to moderate risk score combined with high-abuse neighborhood
Decision should factor in business context and traffic patterns

Network Correlation:

34 relationship entities identified, primarily same-network associations to OVH-CUST-281059685
No external certificate or organizational relationships detected

---

THREAT ASSESSMENT

This IP presents moderate risk primarily driven by its high-abuse neighborhood environment rather than direct threat activity. The absence of open services and threat indicators suggests the address may be dormant or legitimately used for hosting services. However, the subnet's 69.9% abuse density warrants defensive monitoring and traffic analysis for anomalous patterns.

Priority: MEDIUM

Action Required: Monitor with contextual awareness of subnet abuse patterns

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Singapore
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059685
CIDR Block	142.44.220.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca006-san20.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca006-san20.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	31%	2	4
routing	13%	1	1
services	19%	2	2
ownership	19%	2	2
reputation	31%	1	3
geolocation	35%	2	3
Overall	25%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-29 12:04:13 UTC
Last Seen	2026-06-29 06:19:04 UTC
Profile Built	2026-06-29 18:21:46 UTC
Data Freshness	Live
Signal Types	22
Total Observations	24

🔍 22 signal types · 24 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

142.44.220.20📋 Copy