IP INTELLIGENCE BRIEFING
Target: 142.44.220.20/32
Date: Current
Classification: Moderate Risk
---
EXECUTIVE SUMMARY
Target IP 142.44.220.20 is hosted on OVH cloud infrastructure (ASN 16276) with a risk score of 40 (Moderate Risk). While the IP itself shows no active threat indicators, it resides within a high-abuse subnet (142.44.220.0/24) containing 179 threat-suspect siblings out of 256 total addresses. The subnet's abuse density score of 0.6992 indicates elevated risk context.
OWNERSHIP & INFRASTRUCTURE
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059685
- CIDR: 142.44.220.0/24
- Infrastructure Type: CloudCompute (Hosting enabled)
- Service Status: Firewalled / No Services Detected
GEOLOCATION
- Primary Location: Canada (CA)
- Secondary Location: Singapore (inconsistent data)
- Accuracy: 3000 km radius
- Note: Geolocation data shows inconsistency requiring validation
THREAT INDICATORS
- Blacklist Status: Listed on 1 of 8 DNSBLs
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None identified
- Risk Score: 40/100 (Moderate)
NETWORK CONTEXT & NEIGHBORHOOD
- Subnet Abuse Density: 0.6992 (High)
- Threat Siblings: 179 out of 256 addresses
- Active Siblings: 194
- Route Stability: Unstable
- Hop Count: 18 hops via Comcast transit
OBSERVATION HISTORY
- Total Observations: 22
- Recent Activity: Signals observed through June 2026
- Operator Score: 0.2174 (Minimal)
- Threat Persistence: 0 days
- Ownership Changes: 0
RESOLVED HOSTNAMES
- proxy-ca006-san20.ahrefs.net (ahrefs.net)
- Forward resolution confirmed: No
---
SOC ANALYST ACTIONS
Immediate Recommendations:
1. Monitor Traffic โ The IP shows no active attack signatures but requires monitoring due to high-abuse subnet context
2. DNSBL Validation โ Investigate which of the 8 DNSBLs has listed this IP
3. Geolocation Validation โ Confirm actual physical location due to Singapore/Canada inconsistency
Blocking Considerations:
- Firewall rules generated for iptables, nftables, nginx, pfSense, Cloudflare WAF, and AWS WAF
- Blocking is recommended due to moderate risk score combined with high-abuse neighborhood
- Decision should factor in business context and traffic patterns
Network Correlation:
- 34 relationship entities identified, primarily same-network associations to OVH-CUST-281059685
- No external certificate or organizational relationships detected
---
THREAT ASSESSMENT
This IP presents moderate risk primarily driven by its high-abuse neighborhood environment rather than direct threat activity. The absence of open services and threat indicators suggests the address may be dormant or legitimately used for hosting services. However, the subnet's 69.9% abuse density warrants defensive monitoring and traffic analysis for anomalous patterns.
Priority: MEDIUM
Action Required: Monitor with contextual awareness of subnet abuse patterns
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san20.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san20.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-29 12:04:13 UTC |
| Last Seen | 2026-06-29 06:19:04 UTC |
| Profile Built | 2026-06-29 18:21:46 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.