142.44.220.232
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 142.44.220.232/32
Date: 2026-06-15
Classification: MODERATE RISK
---
## EXECUTIVE SUMMARY
IP 142.44.220.232 is a cloud hosting endpoint operated by OVH SAS (ASN 16276) located in Beauharnois, Quebec, Canada. The address resolves to the ahrefs.net domain infrastructure (proxy-ca006-san232.ahrefs.net). Risk assessment indicates moderate risk (score: 40) with elevated neighborhood abuse density. The IP is currently firewalled with no active services exposed.
---
## RISK PROFILE
| Metric | Value |
|---|---|
| **Overall Risk Score** | 40 / 100 |
| **Reputation** | Moderate Risk |
| **Provider** | OVH (ASN 16276) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Block** | 142.44.220.0/24 |
| **Geolocation** | Canada, Quebec, Beauharnois |
| **Network Type** | CloudCompute / Hosting |
Threat Indicators
- Blacklist Count: 0
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Active Threat Feeds: None
- Known Campaigns: None
---
## NEIGHBORHOOD ANALYSIS
The /24 subnet (142.44.220.0/24) exhibits significant abuse activity:
| Metric | Value |
|---|---|
| **Abuse Density** | 0.6719 (HIGH) |
| **Classification** | high_abuse |
| **Active Siblings** | 173 / 256 |
| **Threat Siblings** | 172 |
| **Inherited Risk** | 26 / 100 |
The subnet demonstrates elevated peer abuse rates. Of 100 sampled neighbors, 99 returned medium risk scores (40-50), with only 1 low-risk address. This pattern suggests the subnet is hosting multiple cloud endpoints with varying security postures.
---
## OBSERVATION HISTORY
Recent signal activity (2026-06-15) indicates:
1. Hosting Confirmation: IP confirmed as cloud hosting infrastructure (is_hosting: true)
2. Proxy/VPN Activity: One signal flagged proxy_type: VPN with confidence 0.85
3. Geolocation Consensus: Multiple sources confirm Canada/Quebec location
4. Control Plane: Operator score 0.2174 (Minimal); DNSSEC valid; RPKI state pending
Temporal analysis shows no persistent malicious activity (threatPersistenceDays: 0, isPersistentlyMalicious: false).
---
## DNS INFRASTRUCTURE
| Field | Value |
|---|---|
| **PTR Hostname** | proxy-ca006-san232.ahrefs.net |
| **Forward Resolution** | proxy-ca006-san232.ahrefs.net |
| **Forward Confirmed** | False |
| **DNSSEC Valid** | True |
| **CAA Records** | Present |
| **Email Auth (SPF/DMARC)** | Not configured |
---
## NETWORK SERVICES
Status: Firewalled / No Services Detected
- Open Ports: None
- TLS Certificate: None
- HTTP Title: None
- Server Banner: None
---
## RELATIONSHIP MAPPING
The IP maintains 40 relationship connections, predominantly within the same network block (OVH-CUST-281059685). No external organization or certificate relationships detected.
---
## RECOMMENDED ACTIONS
Firewall Rules (Immediate)
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 142.44.220.232 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 142.44.220.232 drop` |
| **nginx** | `deny 142.44.220.232;` |
| **pfSense** | `142.44.220.232/32` |
WAF Configuration
Cloudflare WAF:
```json
{
"description": "Block 142.44.220.232 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 142.44.220.232"
}
}
```
AWS WAF:
```json
{
"Addresses": ["142.44.220.232/32"],
"Description": "IPDebrief risk 40"
}
```
---
## ANALYST NOTES
1. Context: This IP belongs to Ahrefs infrastructure (SEO analytics provider). Legitimate traffic should be expected for web scraping and proxy services.
2. Abuse Context: The subnet's high abuse density (0.6719) suggests compromised peers may exist alongside legitimate endpoints.
3. Monitoring: Consider monitoring for traffic patterns inconsistent with web proxy/scraper activity.
4. Decision Matrix: Given the moderate risk score and hosting context, blocking is recommended but should be evaluated against business requirements for legitimate ahrefs.net traffic.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san232.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san232.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-15 20:46:46 UTC |
| Last Seen | 2026-06-28 02:42:27 UTC |
| Profile Built | 2026-06-28 20:48:06 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.