142.44.220.29
# IP Intelligence Briefing: 142.44.220.29/32
## Executive Summary
Intellectual briefing generated for IP address 142.44.220.29/32 reveals a moderate-risk (40) endpoint hosted within OVH cloud infrastructure. The IP resolves to hostnames associated with ahrefs.net and exhibits geolocation validation anomalies. The surrounding /24 subnet demonstrates elevated abuse density (0.6797), indicating contextual risk. No active threat indicators were directly observed, but the environment warrants monitoring.
## Network Profile
- Organization: Dmytro, Ahrefs Pte Ltd (ASN 16276)
- Network: OVH-CUST-281059685
- Infrastructure Type: CloudCompute (OVH hosting provider)
- Classification: Cloud, Hosting
- Risk Score: 40 (Moderate Risk)
## Geolocation & Validation
- Reported Location: Singapore (QC, CA)
- Geolocation Validation: FAILED โ RTT violation detected. Claimed distance of 5,597.9km inconsistent with measured RTT of 26ms (minimum possible 112ms for that distance). This suggests inaccurate geolocation data or proxy usage.
- Geo Sources: 1 source with consensus; plausible=false
## DNS & Services
- PTR Hostname: proxy-ca006-san29.ahrefs.net
- Forward Resolution: proxy-ca006-san29.ahrefs.net
- DNSBL Status: Listed on 1 of 8 blacklists
- Open Ports: None detected
- Service Banner: No services detected (firewalled/no services)
- TLS/HTTP: No certificates, HTTP titles, or server banners observed
## Threat Indicators
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Abuse Confidence Score: Not available
- Threat Feeds: No matches
- Known Campaigns: None
## Neighborhood Analysis (142.44.220.0/24)
- Abuse Density: 0.6797 (High Abuse Classification)
- Threat Siblings: 174 out of 256 total IPs
- Active Siblings: 179
- Inherited Risk: 27
- Risk Distribution: 46 Medium, 54 Low, 0 High
## Observation History
- Total Observations: 17
- Recent Activity: Multiple signals observed on 2026-06-20
- Signal Types: Network classification, abuse density, operator routing assessment, comprehensive profile scoring
- Persistence: No persistent malicious behavior detected
## Related Entities
- Network Relationships: 43 relationships identified, predominantly same-network connections to OVH-CUST-281059685
- Campaign Correlations: None detected
## Recommended Security Actions
Firewall rules have been generated for multiple platforms:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 142.44.220.29 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 142.44.220.29 drop` |
| nginx | `deny 142.44.220.29;` |
| pfSense | `142.44.220.29/32` |
| Cloudflare WAF | Block IP with expression `ip.src eq 142.44.220.29` |
| AWS WAF | Block address `142.44.220.29/32` |
## Threat Assessment
This IP presents moderate risk due to:
1. Hosting Environment: OVH cloud infrastructure with high-abuse-density neighborhood
2. Geolocation Inconsistencies: RTT/distance mismatch suggests potential proxy or misconfiguration
3. DNSBL Presence: Listed on one blacklist (of 8 checked)
However, no direct threat indicators were observed. The IP shows no open services and resolves to what appears to be a legitimate ahrefs.net infrastructure endpoint. The elevated neighborhood risk suggests contextual monitoring is warranted even if the specific IP is not directly malicious.
## Intelligence Conclusion
142.44.220.29/32 is a moderate-risk IP within a high-abuse-density cloud hosting subnet. While no direct threats were detected, the environment warrants monitoring. Recommended action is to block or monitor traffic from this IP, particularly given the neighborhood abuse density and geolocation validation failures.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san29.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san29.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:56:12 UTC |
| Last Seen | 2026-06-28 13:26:19 UTC |
| Profile Built | 2026-06-29 07:31:05 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.