# IP Intelligence Briefing: 142.44.233.220/32
## Executive Summary
Analyzed IP 142.44.233.220 presents moderate risk (score: 50) with operational inconsistencies and neighborhood-level abuse indicators. No active threat campaigns detected, but subnet environment requires monitoring.
## Infrastructure Profile
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: 142.44.233.0/24
- Infrastructure Type: CloudCompute (OVH hosting)
- DNS Resolution: proxy-ca003-san220.ahrefs.net (ahrefs.net domain)
- Services: No open ports detected (firewalled/no services)
- Network Role: Hosting/Cloud infrastructure
## Risk Assessment
- Overall Risk Score: 50 (Moderate Risk)
- Risk Classification: Moderate Risk
- DNSBL Status: Listed on 2 of 8 total blacklists
- Campaign Activity: None detected
## Geolocation Anomalies
- Claimed Location: Canada (CA)
- Validation Status: Invalid (geoPlausible: false)
- Distance Violation: 5,597.9km discrepancy
- RTT Anomaly: Observed 29ms vs minimum possible 112ms for claimed distance
- Conclusion: Geographic data inconsistent with routing metrics
## Neighborhood Analysis
- Subnet: 142.44.233.0/24
- Abuse Density: 0.625 (High Abuse)
- Threat Siblings: 160 of 256 IPs (62.5%)
- Inherited Risk: 25
- Risk Distribution: 0 High, 94 Medium, 6 Low
## Threat Observation History
- Total Observations: 21
- Recent Activity:
- June 17: DNSBL listings detected (2/8 lists, severity: high)
- June 15: High abuse subnet classification confirmed
- Persistence: No persistent malicious behavior detected
## Recommended Actions
Immediate Mitigation
```bash
# iptables
iptables -A INPUT -s 142.44.233.220 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.233.220 drop
# Cloudflare WAF
action: block
filter: ip.src eq 142.44.233.220
# AWS WAF
Addresses: 142.44.233.220/32
```
Monitoring Priorities
1. Monitor subnet 142.44.233.0/24 for lateral threat movement
2. Track DNSBL status changes on ahrefs.net infrastructure
3. Validate geolocation claims against network telemetry
4. Review firewall rules for ahrefs.net hostnames
## Intelligence Assessment
The IP operates on OVH cloud infrastructure with DNS delegation to ahrefs.net. While the IP itself shows no active malicious indicators, the subnet exhibits elevated abuse density. The geolocation discrepancy suggests either misconfigured infrastructure or intentional obfuscation. No immediate blocking required beyond standard network hygiene, but maintain awareness of neighborhood-level risk.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059682 |
| CIDR Block | 142.44.233.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca003-san220.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca003-san220.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 14:56:13 UTC |
| Last Seen | 2026-06-28 13:32:16 UTC |
| Profile Built | 2026-06-29 07:37:01 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.