142.44.225.18
# IP INTELLIGENCE BRIEFING
Target: 142.44.225.18/32
Classification: Moderate Risk (Score: 40)
Report Date: 2026-06-20
---
## EXECUTIVE SUMMARY
IP 142.44.225.18 is a cloud hosting infrastructure address owned by Ahrefs Pte Ltd and provisioned through OVH cloud services. The IP operates within a high-abuse density subnet (0.7031) and resolves to the ahrefs.net domain namespace. While no active threat indicators are present, the neighborhood context suggests elevated risk from adjacent addresses.
---
## OWNERSHIP & NETWORK ATTRIBUTES
- Owner: Dmytro, Ahrefs Pte Ltd (AHREFS)
- ASN: 16276 (OVH)
- CIDR Block: 142.44.225.0/24
- Infrastructure Type: CloudCompute / Hosting
- Connection: Firewalled / No Active Services Detected
Geolocation Discrepancy: System indicates Canada (CA), but reverse DNS points to Singapore infrastructure. RTT measurements show 5,597.9km distance with 27ms latency, violating minimum possible RTT of 112ms for that distanceβsuggesting geolocation data may be unreliable.
---
## THREAT ASSESSMENT
Current Risk Score: 40/100 (Moderate)
Direct Threat Indicators:
- Blacklist listings: 0
- Known campaigns: None identified
- Tor exit node: No
- Known attacker: No
- Spam source: No
Control Plane Signals:
- DNSBL listings: 1 of 8 total lists flagged
- RPKI state: Unavailable
- Route stability: Unstable
---
## SUBNET ENVIRONMENT ANALYSIS
Subnet: 142.44.225.0/24
Abuse Density: 0.7031 (HIGH)
Inherited Risk: 28/100
Neighbor Profile (Sample of 256 siblings):
- Active siblings: 223
- Threat siblings: 180
- High-risk neighbors: 0
- Medium-risk neighbors: 23
- Low-risk neighbors: 77
Context: The /24 subnet exhibits elevated abuse density. While no direct threats are associated with this IP, 70% of active neighbors in the same subnet are flagged as threats. This contextual risk warrants monitoring.
---
## OBSERVATION HISTORY
Total Observations: 18 signals recorded
Last Updated: 2026-06-20
Recent signals indicate consistent classification patterns:
- Network classification: Cloud/hosting infrastructure (OVH)
- DNS resolution: proxy-ca017-san18.ahrefs.net
- Subnet abuse classification: High abuse
- Blacklist status: 1 listing detected
---
## RELATIONSHIP MAPPING
Total Relationships: 39
Primary Association: OVH-CUST-281059696 (34 duplicate references)
The IP maintains a single organizational relationship cluster tied to the OVH customer network block. No external organizational or certificate relationships detected.
---
## RECOMMENDED ACTIONS
Based on risk score (40) and neighborhood context, the following actions are recommended:
| Action Type | Recommendation |
|---|---|
| **Firewall** | Block 142.44.225.18/32 |
| **iptables** | `iptables -A INPUT -s 142.44.225.18 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 142.44.225.18 drop` |
| **NGINX** | `deny 142.44.225.18;` |
| **Cloudflare WAF** | Block with expression `ip.src eq 142.44.225.18` |
| **AWS WAF** | Add IP 142.44.225.18/32 to deny list |
---
## INTELLIGENCE ANALYST NOTES
1. Subnet Risk: Consider blocking the entire /24 subnet (142.44.225.0/24) if traffic patterns justify it, given 0.7031 abuse density and 180 threat siblings.
2. Geolocation Validation: The Canada/Singapore discrepancy with RTT violations suggests automated geolocation errors. Verify physical location independently if forensic accuracy is required.
3. Reputation Context: While this specific IP shows no active malicious indicators, the hosting environment (OVH cloud) and neighborhood statistics warrant continued monitoring.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059696 |
| CIDR Block | 142.44.225.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca017-san18.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca017-san18.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 12 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 12:21:53 UTC |
| Last Seen | 2026-06-28 20:52:07 UTC |
| Profile Built | 2026-06-29 14:58:08 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.