142.44.225.115
# IP Intelligence Briefing: 142.44.225.115/32
## Executive Summary
Risk Assessment: MODERATE | Risk Score: 40/100
The IP address 142.44.225.115 is hosted on OVH cloud infrastructure and presents a moderate risk profile. The IP is associated with the ahrefs.net domain and resides within a /24 subnet exhibiting high abuse density (60.16%). While no active threat indicators were detected, the IP was listed on 8 DNS blacklists, warranting defensive monitoring and consideration for blocking.
## Technical Profile & Infrastructure
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Netname** | OVH-CUST-281059696 |
| **Classification** | CloudCompute / Hosting |
| **Provider** | OVH |
| **Network Range** | 142.44.225.0/24 |
| **Geolocation** | Canada (CA) / Singapore coordinates |
| **DNS PTR** | proxy-ca017-san115.ahrefs.net |
| **Hosted Domain** | ahrefs.net |
Network Role: The IP is classified as cloud infrastructure with hosting capabilities. No open ports or active services were detected; the endpoint appears firewalled or inactive.
## Threat Indicators & Observations
- DNS Blacklist Status: Listed on 8 DNS blacklists with 1 confirmed listing
- Threat Feeds: No active threat indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Correlation: No known campaigns or certificate matches
The DNS blacklist presence represents the primary threat signal, though severity classification data was not populated in the profile.
## Neighborhood Context
The IP resides within a /24 subnet with concerning abuse characteristics:
| Metric | Value |
|---|---|
| **Abuse Density** | 60.16% |
| **Classification** | High Abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 206 |
| **Threat Siblings** | 154 (60.2% of active) |
Neighboring IPs in the 142.44.225.0/24 subnet show a risk distribution of 98 medium-risk IPs and 2 low-risk IPs, with no high-risk classifications. The subnet's high abuse density suggests systematic or organized use patterns.
## Historical Signals
Analysis of 21 historical observations indicates:
- Recent Activity: Observations recorded on 2026-06-14 and 2026-06-19
- Operator Score: 0.2174 (Minimal threat operator classification)
- Threat Persistence: No persistent malicious behavior detected
- Ownership Stability: No ownership changes observed
The subnet-level abuse density observation (signal type 13) confirms the high-abuse classification has been consistent across observation windows.
## Recommended Actions
Immediate Recommendation: Block at perimeter level due to DNS blacklist presence and high-abuse subnet context.
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 142.44.225.115 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.225.115 drop
# nginx
deny 142.44.225.115;
# pfSense
142.44.225.115/32
# Cloudflare WAF
Block 142.44.225.115 โ IPDebrief risk score 40
# AWS WAF
Addresses: 142.44.225.115/32
Description: IPDebrief risk 40
```
Monitoring Recommendations:
- Monitor for emerging services on this IP following initial block
- Track DNS resolution changes for proxy-ca017-san115.ahrefs.net
- Review related IPs in 142.44.225.0/24 subnet for potential lateral threat correlation
- Re-evaluate if outbound traffic patterns suggest this IP is being used as an intermediary
## Intelligence Note
The geographic inconsistency (country field indicates Canada while coordinate data suggests Singapore) may indicate data source fragmentation or misconfiguration. The IP's association with ahrefs.net suggests potential use for legitimate SEO/traffic analysis services, though the blacklist presence warrants continued vigilance. The high abuse density of the parent subnet indicates this IP should be treated with elevated scrutiny.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059696 |
| CIDR Block | 142.44.225.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca017-san115.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca017-san115.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 08:57:40 UTC |
| Last Seen | 2026-06-27 19:03:29 UTC |
| Profile Built | 2026-06-28 13:09:21 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 27 |
Full dossier details are available via our API.