142.44.225.146📋 Copy

# IP Intelligence Briefing: 142.44.225.146/32

Classification: Moderate Risk | Risk Score: 50 | Provider: OVH (ASN 16276)

---

## Executive Summary

IP 142.44.225.146 is a cloud compute infrastructure endpoint hosted within the OVH provider network (142.44.225.0/24). The IP resolves to aresolves to proxy-ca017-san146.ahrefs.net. While the endpoint shows no direct threat indicators, it operates within a subnet classified as high_abuse with an abuse density of 0.6875. The IP exhibits geolocation inconsistencies and is listed on 2 of 8 DNSBL feeds.

---

## Ownership and Network Context

• Organization: Dmytro, Ahrefs Pte Ltd
• Network Block: 142.44.225.0/24
• Infrastructure Type: CloudCompute (OVH hosting)
• Geolocation: Reported as Singapore (CA region), but RTT validation shows 5,629km distance with 26ms response time—significant violation of physical distance constraints (minimum possible RTT: 112.6ms)
• DNS Record: proxy-ca017-san146.ahrefs.net (ahrefs.net domain)

---

## Threat Assessment

Current Risk Indicators

• Risk Score: 50 (Moderate)
• Provider Score: 0
• Authority Score: 0
• Known Attacker: No
• Tor Exit Node: No
• Proxy/VPN: No
• Spam Source: No
• Blacklist Count: 0 (direct)
• DNSBL Listings: 2 of 8 total lists

Network-Level Risk

• Subnet Abuse Density: 0.6875 (high_abuse classification)
• Threat Siblings in /24: 176 out of 206 active IPs
• Inherited Risk: 27
• Inference: The endpoint operates in a high-abuse subnet, suggesting elevated risk of being used for malicious purposes even without direct threat attribution

---

## Historical Observations

The IP has 29 recorded observations with recent activity on 2026-06-17 and 2026-06-18. Historical signals include:

• Subnet abuse density classification (high_abuse) observed on 2026-06-17
• Multiple DNSBL listings detected on 2026-06-17
• Minimal security posture signals across CAA, DNSSEC, and FCRDNS checks

---

## Technical Profile

• Open Ports: None detected (Firewalled / No Services)
• HTTPS/TLS: No certificates detected
• Network Role: Cloud hosting provider infrastructure
• BGP Prefix: 142.44.128.0/17
• Route Stability: Stable (no route changes in 30 days)
• RPKI State: Not available
• DNSSEC: Valid

---

## Recommended Actions

Based on the moderate risk score and high-abuse subnet context, the following defensive measures are recommended:

Firewall Rules

```bash

# iptables

iptables -A INPUT -s 142.44.225.146 -j DROP

# nftables

nft add rule inet filter input ip saddr 142.44.225.146 drop

```

Application-Level Blocking

```nginx

# nginx

deny 142.44.225.146;

# Cloudflare WAF

{"description":"Block 142.44.225.146 — IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 142.44.225.146"}}

# AWS WAF

{"Addresses":["142.44.225.146/32"],"Description":"IPDebrief risk 50"}

```

Operational Guidance

• Monitor the subnet 142.44.225.0/24 for correlated activity
• The geolocation inconsistency suggests potential spoofing or misconfigured infrastructure
• No active threat campaigns detected, but the high-abuse subnet classification warrants continued monitoring
• Consider blocking the entire /24 if business requirements permit, given the 176 threat siblings

---

## Conclusion

IP 142.44.225.146 presents moderate risk primarily due to its location within a high-abuse OVH subnet. While no direct threat indicators are present, the environment shows 176 threat-sibling IPs. Recommended action is to block the IP at perimeter firewalls and WAFs, with optional subnet-level blocking if risk tolerance permits. Continued monitoring of the /24 network is advised.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.