142.44.225.187
# IP Intelligence Briefing: 142.44.225.187/32
Classification: Moderate Risk (Score: 40)
Date: 2026-06-26
Reporting Tool: IPDebrief
---
## Executive Summary
IP 142.44.225.187 is a cloud compute infrastructure address hosted on OVH infrastructure (ASN 16276) under organization Dmytro, Ahrefs Pte Ltd. The IP resolves to proxy-ca017-san187.ahrefs.net but presents no open services. While the IP itself shows moderate risk characteristics, it operates within a high-abuse density subnet (0.6719) with 172 threat-sibling IPs in the /24 block.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Block** | 142.44.225.0/24 |
| **Infrastructure Type** | Cloud Compute |
| **Location Claimed** | Beauharnois, QC, Canada |
| **DNS Resolution** | proxy-ca017-san187.ahrefs.net (ahrefs.net) |
| **Service Status** | Firewalled / No Services |
---
## Risk Assessment
Current Risk Profile
- Risk Score: 40/100 (Moderate Risk)
- Blacklist Status: Listed on 1 DNSBL out of 8 total lists
- DNSBL Severity: High severity listing present
- Abuse Confidence: Not quantified
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
Neighborhood Analysis
The /24 subnet (142.44.225.0/24) exhibits elevated abuse characteristics:
- Abuse Density: 0.6719 (High)
- Total Subnet IPs: 256
- Active Siblings: 224
- Threat Siblings: 172
- Inherited Risk: 26
- Risk Distribution: 76 medium, 24 low, 0 high
---
## Geolocation Validation
Status: INVALID
The IP's claimed geolocation (Beauharnois, QC, Canada) is geographically implausible:
- Claimed Distance: 5,597.9 km from probe origin
- Minimum Possible RTT: 112.0 ms
- Observed RTT: 26.0 ms
- Violation: RTT 26.0ms < minimum possible 112.0ms
This indicates the IP is likely routing through a proxy or CDN edge rather than originating from the claimed location.
---
## Observed Threat Indicators
DNS Blacklist Activity
- Total Lists: 8
- Listed: 1
- Maximum Severity: High
- Last Observed: 2026-06-26 19:03:51 UTC
Historical Signals (27 total observations)
- Most Recent: 2026-06-26
- DNS/Operator signal: Minimal operator score (0.087)
- DNSBL listing detected with high severity
- RTT violation signal (geolocation implausibility)
- Subnet Abuse Signal: 2026-06-22
- Subnet classified as high_abuse
- Abuse density: 0.6719
---
## Recommended Actions
Based on risk profile (40), the following firewall rules are recommended for blocking this IP:
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 142.44.225.187 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 142.44.225.187 drop` |
| **nginx** | `deny 142.44.225.187;` |
| **pfSense** | `142.44.225.187/32` |
| **Cloudflare WAF** | Block with expression: `ip.src eq 142.44.225.187` |
| **AWS WAF** | Add `142.44.225.187/32` to address set |
---
## Analyst Notes
1. Context: The IP resolves to Ahrefs.net infrastructure, which may indicate legitimate use but also common abuse vector via compromised credentials or botnet infrastructure.
2. Subnet Risk: The /24 block shows significant abuse correlation (172 threat siblings). Consider evaluating traffic patterns from the entire subnet if blocking is not feasible.
3. Geolocation Discrepancy: The implausible RTT suggests the IP is not directly connected from the claimed Canadian location. Monitor for traffic originating from unexpected geographic regions.
4. No Active Services: The IP presents no open ports or services, suggesting it may be used for command-and-control, DNS tunneling, or other stealth operations.
Recommendation: Apply blocking rules to firewall perimeter. Monitor for lateral movement or C2 activity from related IPs in the subnet.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059696 |
| CIDR Block | 142.44.225.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca017-san187.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca017-san187.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:42 UTC |
| Last Seen | 2026-06-26 22:57:25 UTC |
| Profile Built | 2026-06-27 19:11:38 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 30 |
Full dossier details are available via our API.