142.44.220.220
## INTELLIGENCE BRIEFING: 142.44.220.220/32
Classification: Moderate Risk (Score: 40) | Date: Current Analysis | Status: Actionable Intelligence
---
EXECUTIVE SUMMARY
IP address 142.44.220.220 is a cloud infrastructure endpoint hosted on OVH (ASN 16276), associated with Ahrefs Pte Ltd. The IP operates within a high-abuse subnet (142.44.220.0/24) exhibiting 62.89% abuse density. While the target IP shows no active threat indicators, its neighborhood context and geolocation inconsistencies warrant defensive posture.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059685 (142.44.220.0/24)
- Provider: OVH (CloudCompute infrastructure)
- Classification: Cloud Hosting Environment
- Service Status: Firewalled / No Active Services Detected
---
GEOGRAPHIC ANALYSIS
- Reported Location: Canada (QC), Singapore (geolocation inconsistency)
- Geolocation Validation: FAILED โ RTT measurement (27ms) contradicts stated distance (5,598km). Minimum possible RTT for this distance is 112ms, indicating potential spoofing or routing manipulation.
- Accuracy: 3,000km radius โ low confidence geolocation data
---
THREAT INDICATORS
| Indicator | Status |
|---|---|
| Is Tor Exit Node | No |
| Is Known Attacker | No |
| Is Spam Source | No |
| Blacklist Count | 0 |
| DNSBL Listed | 1 of 8 lists |
| Active Threat Feeds | None |
| Known Campaigns | None |
| Abuse Confidence Score | Not Applicable |
---
NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 142.44.220.0/24 (256 total IPs)
| Metric | Value |
|---|---|
| Abuse Density | 62.89% (High Abuse) |
| Active Siblings | 156/256 |
| Threat Siblings | 161/256 |
| Inherited Risk Score | 25 |
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 99
- Low Risk: 1
Observation: The subnet exhibits elevated abuse density with 161 threat siblings, though the target IP (142.44.220.220) currently shows no active threat signals.
---
DNS & IDENTIFICATION
- PTR Record: proxy-ca006-san220.ahrefs.net
- Domain: ahrefs.net
- Forward Resolution: Not confirmed
- Email Authentication: SPF/DMARC not detected
- HTTP Services: None detected (firewalled)
---
HISTORICAL OBSERVATIONS
Signal history indicates recent activity with multiple observations:
- June 9, 2026: Subnet abuse classification (high_abuse, 62.89% density)
- June 15, 2026: Current risk assessment (minimal operator score: 0.2174)
- Threat Persistence: No persistent malicious behavior detected
- Ownership Changes: Stable (0 changes recorded)
---
RECOMMENDED ACTIONS
Based on risk profile and neighborhood context, implement defensive controls:
```bash
# iptables
iptables -A INPUT -s 142.44.220.220 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.220.220 drop
# Cloudflare WAF
{"description":"Block 142.44.220.220 โ IPDebrief risk score 40", "action":"block", "filter":{"expression":"ip.src eq 142.44.220.220"}}
# AWS WAF
{"Addresses":["142.44.220.220/32"], "Description":"IPDebrief risk 40"}
```
Priority: MEDIUM โ Block based on neighborhood context and geolocation inconsistencies.
---
ANALYST NOTES
1. Geolocation Discrepancy: The RTT/distance mismatch suggests potential data quality issues or routing manipulation. Verify with independent sources.
2. Subnet Context: 62.89% abuse density in the /24 indicates this IP may be co-located with malicious actors. Implement subnet-level monitoring.
3. No Active Services: Target IP is currently firewalled with no open ports. Threat activity may originate from adjacent IPs.
4. Ahrefs Association: Legitimate SEO tool provider. Consider whitelisting if this IP is an internal endpoint, but maintain monitoring due to neighborhood abuse density.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san220.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san220.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:09 UTC |
| Last Seen | 2026-06-28 14:59:17 UTC |
| Profile Built | 2026-06-29 09:04:37 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.