142.44.220.9
# IP Intelligence Briefing: 142.44.220.9
Classification: Moderate Risk | Date: 2026-06-28
## Executive Summary
IP 142.44.220.9 operates within OVH cloud infrastructure under the organization Dmytro, Ahrefs Pte Ltd (ASN 16276). The address is associated with the ahrefs.net domain (proxy-ca006-san9.ahrefs.net) and maintains a moderate risk profile with a risk score of 40. The IP is firewalled with no open services detected, but resides in a subnet with elevated abuse density (0.6836) and high-abuse classification.
## Ownership and Infrastructure
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Network: OVH-CUST-281059685
- CIDR Block: 142.44.220.0/24
- RIR: ARIN
- Infrastructure Type: CloudCompute/Hosting
## Geolocation
- Country: Canada (CA)
- Region: Quebec (QC)
- City: Singapore (geolocation discrepancy noted)
- Accuracy Radius: 3,000 km
- Geo Source Count: 1
## Threat Assessment
- Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Threat Persistence Days: 0
- Is Persistently Malicious: No
## Network Role and Services
- Provider: OVH
- Connection Type: Cloud hosting
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: Not configured
- HTTP Title: Not available
## DNS Intelligence
- PTR Hostname: proxy-ca006-san9.ahrefs.net
- Forward Resolution: proxy-ca006-san9.ahrefs.net
- Forward Confirmed: No
- Domain: ahrefs.net
- CAA Records: Present
- DNSSEC: Valid
- DNSBL Listed: 1 of 8 lists
## Neighborhood Analysis
- Subnet: 142.44.220.0/24
- Abuse Density: 0.6836 (High abuse)
- Total Siblings: 256
- Active Siblings: 194
- Threat Siblings: 175
- Inherited Risk: 27
- Risk Distribution: High: 0, Medium: 35, Low: 65
## Observation History
19 total observations recorded. Key timeline:
- 2026-06-28: Subnet abuse density decreased to 0.3438, classification shifted to mixed, inherited risk reduced to 13
- 2026-06-20: Classification recorded as high_abuse with inherited risk of 27; provider confirmed as OVH; cloud and hosting flags confirmed; domain ahrefs.net with CAA records observed
- Geolocation: Inconsistencies detected with coordinates (56.13, -106.35) suggesting potential data anomalies
## Relationship Graph
43 relationships identified, all mapped to same network entity OVH-CUST-281059685, indicating the IP is part of a larger cloud infrastructure block.
## Recommended Actions
Based on the moderate risk profile and firewalled service status:
1. Allow with Monitoring: No immediate block required; the IP shows no active malicious indicators
2. Traffic Analysis: Monitor outbound connections for suspicious patterns given the high-abuse neighborhood context
3. DNSBL Verification: Confirm listing status across the 8 identified DNSBL providers
4. Geolocation Validation: Investigate city/region discrepancy for operational context
5. Subnet Correlation: Consider correlating with other 142.44.220.0/24 addresses showing medium-high risk scores
## Risk Indicators
- Primary: High-abuse neighborhood classification with 175 threat-sibling IPs in same /24
- Secondary: Geolocation data inconsistencies; DNSBL presence on 1 of 8 lists
- Mitigating: No active threat indicators; no known campaigns; firewalled service state
Analyst Notes: This IP appears to be legitimate cloud infrastructure for ahrefs.net (a legitimate SEO analytics service), but the subnet's high abuse density warrants continued monitoring. The recent decrease in abuse density suggests the IP may have been cleaned of any prior issues.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san9.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san9.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:21:52 UTC |
| Last Seen | 2026-06-28 20:49:58 UTC |
| Profile Built | 2026-06-29 08:54:03 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.