142.44.225.171

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 142.44.225.171

## Executive Summary

IP 142.44.225.171 is a moderate-risk address (Score: 50) hosted on OVH cloud infrastructure. While the IP resolves to ahrefs.net, the subnet exhibits high abuse density with 155 threat siblings out of 206 active IPs. No active services were detected.

## Threat Profile

Risk Score: 50 (Moderate Risk)
Organization: Dmytro, Ahrefs Pte Ltd
ASN: 16276 (OVH)
Network: 142.44.225.0/24
Infrastructure Type: CloudCompute / Hosting
Blacklist Status: Listed on 2 of 8 DNSBLs
Operator Score: 0.2174 (Minimal)

## Geolocation & Network Classification

Reported Location: Singapore (CA country code indicates data source inconsistency)
Region: QC (Quebec)
DNS PTR: proxy-ca017-san171.ahrefs.net
Forward Resolution: proxy-ca017-san171.ahrefs.net
Services: No open ports detected (Firewalled / No Services)

## Neighborhood Intelligence

The /24 subnet demonstrates elevated threat activity:

Abuse Density: 0.6055 (High Abuse Classification)
Total Siblings: 256
Active Siblings: 206
Threat Siblings: 155
Risk Distribution: 0 high, 97 medium, 3 low risk neighbors
Inherited Risk Score: 24

## Observation History

Total Observations: 19
Recent Activity: 2026-06-17
Threat Persistence: Not persistently malicious
Latest Signals:

- High-severity blacklist listings (June 17, 2026)

- DNS CAA record validation confirmed

- Subnet abuse classification maintained

## Relationships

39 detected relationships
Multiple same-network associations with OVH-CUST-281059696
No known campaign correlations
No certificate matches

## Recommended Actions

Based on the threat profile and neighborhood context:

1. Monitor Closely: While no active services were detected, the high abuse density of the parent subnet warrants ongoing monitoring for outbound malicious activity.

2. Block if Outbound Traffic: If this IP appears in outbound connection logs, consider blocking based on the DNSBL listings and moderate risk profile.

3. Contextual Evaluation: The ahrefs.net resolution suggests legitimate business use, but the blacklist presence indicates potential abuse of the infrastructure. Evaluate based on traffic patterns and volume.

4. Subnet-Wide Assessment: The 60% abuse density in 142.44.225.0/24 suggests potential infrastructure compromise or shared hosting abuse. Consider broader subnet monitoring.

## Intelligence Conclusion

IP 142.44.225.171 presents moderate risk with legitimate cloud hosting infrastructure but elevated neighborhood threat indicators. The high abuse density in the parent subnet and confirmed blacklist listings suggest the IP may be used for compromised services. Treat as suspicious pending traffic analysis.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Singapore
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059696
CIDR Block	142.44.225.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca017-san171.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca017-san171.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	36%	2	4
routing	13%	1	1
services	15%	2	2
ownership	19%	2	2
reputation	31%	1	3
geolocation	33%	2	3
Overall	24%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-18 09:23:31 UTC
Last Seen	2026-06-28 06:51:30 UTC
Profile Built	2026-06-29 00:56:54 UTC
Data Freshness	Live
Signal Types	21
Total Observations	26

🔍 21 signal types · 26 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

142.44.225.171📋 Copy