IPDebrief

142.44.225.18

IP Intelligence Dossier
Your IP: 216.73.217.135
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 142.44.225.18/32

Classification: Moderate Risk (Score: 40)

Report Date: 2026-06-20

---

## EXECUTIVE SUMMARY

IP 142.44.225.18 is a cloud hosting infrastructure address owned by Ahrefs Pte Ltd and provisioned through OVH cloud services. The IP operates within a high-abuse density subnet (0.7031) and resolves to the ahrefs.net domain namespace. While no active threat indicators are present, the neighborhood context suggests elevated risk from adjacent addresses.

---

## OWNERSHIP & NETWORK ATTRIBUTES

Geolocation Discrepancy: System indicates Canada (CA), but reverse DNS points to Singapore infrastructure. RTT measurements show 5,597.9km distance with 27ms latency, violating minimum possible RTT of 112ms for that distanceβ€”suggesting geolocation data may be unreliable.

---

## THREAT ASSESSMENT

Current Risk Score: 40/100 (Moderate)

Direct Threat Indicators:

Control Plane Signals:

---

## SUBNET ENVIRONMENT ANALYSIS

Subnet: 142.44.225.0/24

Abuse Density: 0.7031 (HIGH)

Inherited Risk: 28/100

Neighbor Profile (Sample of 256 siblings):

Context: The /24 subnet exhibits elevated abuse density. While no direct threats are associated with this IP, 70% of active neighbors in the same subnet are flagged as threats. This contextual risk warrants monitoring.

---

## OBSERVATION HISTORY

Total Observations: 18 signals recorded

Last Updated: 2026-06-20

Recent signals indicate consistent classification patterns:

---

## RELATIONSHIP MAPPING

Total Relationships: 39

Primary Association: OVH-CUST-281059696 (34 duplicate references)

The IP maintains a single organizational relationship cluster tied to the OVH customer network block. No external organizational or certificate relationships detected.

---

## RECOMMENDED ACTIONS

Based on risk score (40) and neighborhood context, the following actions are recommended:

Action TypeRecommendation
**Firewall**Block 142.44.225.18/32
**iptables**`iptables -A INPUT -s 142.44.225.18 -j DROP`
**nftables**`nft add rule inet filter input ip saddr 142.44.225.18 drop`
**NGINX**`deny 142.44.225.18;`
**Cloudflare WAF**Block with expression `ip.src eq 142.44.225.18`
**AWS WAF**Add IP 142.44.225.18/32 to deny list

---

## INTELLIGENCE ANALYST NOTES

1. Subnet Risk: Consider blocking the entire /24 subnet (142.44.225.0/24) if traffic patterns justify it, given 0.7031 abuse density and 180 threat siblings.

2. Geolocation Validation: The Canada/Singapore discrepancy with RTT violations suggests automated geolocation errors. Verify physical location independently if forensic accuracy is required.

3. Reputation Context: While this specific IP shows no active malicious indicators, the hosting environment (OVH cloud) and neighborhood statistics warrant continued monitoring.

---

End of Briefing

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡¨πŸ‡¦ Canada
RegionQC
CitySingapore
Timezoneβ€”
Latitude45.51
Longitude-73.59

🏒 Ownership & Registration

OrganizationDmytro, Ahrefs Pte Ltd
ASNAS16276
Network NameOVH-CUST-281059696
CIDR Block142.44.225.0/24
RIRARIN
CountrySingapore
Abuse Contactβ€”

🌐 DNS Intelligence

PTRproxy-ca017-san18.ahrefs.net
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesproxy-ca017-san18.ahrefs.net

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAAPresent

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
31%
22
routing
13%
11
services
15%
22
ownership
15%
22
reputation
22%
12
geolocation
33%
23
Overall22%1012
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) β€” 1 contradiction(s)
AttributionLow (35%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
⚠ Claimed geolocation contradicts RTT physics measurement

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-23 12:21:53 UTC
Last Seen2026-06-28 20:52:07 UTC
Profile Built2026-06-29 14:58:08 UTC
Data FreshnessLive
Signal Types19
Total Observations23
πŸ” 19 signal types Β· 23 observations collected
This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.