IPDebrief

142.44.220.35

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 142.44.220.35/32

Date: 2026-06-26

Classification: Moderate Risk

Prepared For: SOC Team

## Executive Summary

IP address 142.44.220.35 is a moderate-risk (score: 40) OVH-hosted address associated with ahrefs.net infrastructure. The IP resides within a high-abuse density subnet (142.44.220.0/24) showing significant abuse correlation. While the IP itself shows no direct threat indicators, neighborhood context and geolocation anomalies warrant monitoring.

---

## Infrastructure Profile

Ownership & Classification:

Geolocation:

DNS Resolution:

---

## Threat Indicators

Current Status:

Service Status:

---

## Neighborhood Analysis

Subnet Context (142.44.220.0/24):

Risk Distribution:

The subnet shows significant abuse correlation, with 63% of active IPs flagged as threats. This elevated neighborhood risk suggests potential infrastructure sharing or compromised hosting environment.

---

## Historical Observations

Observation Count: 26 signals recorded

Recent Activity:

Temporal Analysis: The IP shows no persistent malicious behavior, with ownership remaining stable across observation periods.

---

## Relationship Graph

Total Relationships: 70

Primary Associations:

The IP exists primarily within the OVH customer network with no detected external relationships.

---

## Recommended Actions

Firewall Blocking Rules:

SystemRule
iptables`iptables -A INPUT -s 142.44.220.35 -j DROP`
nftables`nft add rule inet filter input ip saddr 142.44.220.35 drop`
nginx`deny 142.44.220.35;`
pfSense`142.44.220.35/32`
Cloudflare WAFBlock IP with risk score 40
AWS WAFAdd 142.44.220.35/32 to block list

Risk Assessment:

---

## Intelligence Narrative

The target IP 142.44.220.35 presents moderate risk within a high-abuse hosting environment. The address belongs to OVH's customer infrastructure block 142.44.220.0/24, which demonstrates elevated abuse density (63.28%) with 162 of 256 sibling IPs flagged as threats. This neighborhood context suggests potential shared infrastructure misuse or compromised co-located services.

Geolocation anomalies indicate the IP may be misconfigured or spoofed, showing a Canada-registered ASN with Singapore-associated DNS records and RTT measurements inconsistent with physical distance. The DNS hostname (proxy-ca006-san35.ahrefs.net) associates the IP with the ahrefs.net domain, though no active web services or email authentication records were detected.

No direct threat indicators were observedβ€”no open ports, no blacklist entries, no known campaigns, and no persistent malicious activity. However, the high-abuse subnet environment and geolocation discrepancies warrant monitoring. The IP should be blocked at perimeter controls, with continued observation of the broader subnet for emerging threat patterns.

---

End of Briefing

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡¨πŸ‡¦ Canada
RegionQC
CitySingapore
Timezoneβ€”
Latitude45.51
Longitude-73.59

🏒 Ownership & Registration

OrganizationDmytro, Ahrefs Pte Ltd
ASNAS16276
Network NameOVH-CUST-281059685
CIDR Block142.44.220.0/24
RIRARIN
CountrySingapore
Abuse Contactβ€”

🌐 DNS Intelligence

PTRproxy-ca006-san35.ahrefs.net
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesproxy-ca006-san35.ahrefs.net

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAAPresent

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierTier 3 β€” Basic operator with some routing infrastructure
Hosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
31%
24
routing
32%
23
services
18%
22
ownership
29%
33
reputation
28%
13
geolocation
35%
23
Overall29%1218
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) β€” 1 contradiction(s)
AttributionLow (35%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
⚠ Claimed geolocation contradicts RTT physics measurement

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-07 23:03:42 UTC
Last Seen2026-06-26 22:49:22 UTC
Profile Built2026-06-27 19:02:32 UTC
Data FreshnessLive
Signal Types24
Total Observations31
πŸ” 24 signal types Β· 31 observations collected
This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.