142.44.225.212
# IP INTELLIGENCE BRIEFING
Target IP: 142.44.225.212/32
Classification: Moderate Risk (Score: 40)
Date: Current Assessment
Status: Active Monitoring Recommended
## EXECUTIVE SUMMARY
IP 142.44.225.212 is a cloud-hosted address within the OVH infrastructure (ASN 16276, Customer 281059696). The IP resolves to the ahrefs.net domain and exhibits moderate risk characteristics with no active threat indicators. The subnet shows elevated abuse density (0.7344), warranting defensive monitoring and consideration for blocklist placement.
## OWNERSHIP AND INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network** | OVH-CUST-281059696 |
| **CIDR Block** | 142.44.225.0/24 |
| **Infrastructure Type** | Cloud Compute |
| **Hosting Status** | Active |
The IP is hosted on OVH cloud infrastructure and is associated with the ahrefs.net domain, a legitimate web analytics service provider.
## GELOCATION ANALYSIS
| Field | Value |
|---|---|
| **Country** | Canada (CA) |
| **Region** | Quebec |
| **Coordinates** | 56.13°N, -106.35°W |
| **Accuracy Radius** | 3,000 km |
| **Geo Consensus** | Verified |
| **DNS Resolution** | proxy-ca017-san212.ahrefs.net |
Note: Geolocation data shows inconsistencies with coordinates suggesting North American placement while the country code indicates Canada. The accuracy radius is significant (3,000 km).
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **Blacklist Count** | 0 |
| **Known Attacker** | False |
| **Spam Source** | False |
| **Tor Exit Node** | False |
| **Open Ports** | None detected |
| **Campaign Matches** | None |
No active threat indicators were identified. The IP does not appear on known threat feeds.
## SUBNET ANALYSIS (142.44.225.0/24)
| Metric | Value |
|---|---|
| **Total Siblings** | 256 |
| **Active Siblings** | 223 |
| **Threat Siblings** | 188 |
| **Abuse Density** | 0.7344 (High) |
| **Classification** | High Abuse |
| **Inherited Risk** | 29 |
Assessment: The /24 subnet demonstrates high abuse density with 73.44% of peers flagged for abuse. This contextualizes the IP's moderate risk score within a high-risk environment.
## NETWORK CLASSIFICATION
| Attribute | Value |
|---|---|
| **Provider** | OVH |
| **Connection Type** | Cloud |
| **Service Purpose** | Firewalled / No Services |
| **Cdn** | No |
| **Proxy** | No |
| **Residential** | No |
| **Mobile** | No |
| **Tor** | No |
| **Bogon** | No |
The IP operates with no open services and appears to be firewalled, consistent with web infrastructure hosting.
## OBSERVATION HISTORY
Recent signal history indicates 19 observations over the assessment period. Key temporal signals include:
- 2026-06-20T23:48:41: Geolocation signal (Canada, confidence 0.35)
- 2026-06-20T23:47:37: Subnet abuse density classification (High Abuse, confidence 0.75)
- 2026-06-20T23:45:09: Routing operator score (Minimal, 0.2174)
- 2026-06-20T23:44:33: DNS resolution confirmed (ahrefs.net, confidence 0.80)
The IP has been persistently observed without significant behavioral changes.
## RECOMMENDED ACTIONS
Based on risk assessment and subnet context, the following defensive measures are recommended:
Firewall Rules
- iptables: `iptables -A INPUT -s 142.44.225.212 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 142.44.225.212 drop`
- nginx: `deny 142.44.225.212;`
WAF/Cloud Protection
- Cloudflare WAF: Block with expression `ip.src eq 142.44.225.212`
- AWS WAF: Add to blocklist with CIDR `142.44.225.212/32`
Monitoring Recommendations
- Monitor for outbound connections to/from this IP
- Track subnet-level abuse trends in 142.44.225.0/24
- Review DNS resolution patterns for ahrefs.net domain
- Consider adding to organizational blocklist due to high-abuse subnet context
## CONCLUSION
IP 142.44.225.212 presents a moderate risk profile (score 40) within a high-abuse subnet environment. While no active threat indicators are present, the elevated subnet abuse density (0.7344) and presence of 188 threat siblings within the /24 network justify defensive blocking. The IP's association with ahrefs.net suggests legitimate hosting, but the surrounding network environment warrants caution. SOC teams should implement the recommended firewall rules and monitor for any changes in threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059696 |
| CIDR Block | 142.44.225.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca017-san212.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca017-san212.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 5 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 18:47:04 UTC |
| Last Seen | 2026-06-29 01:54:18 UTC |
| Profile Built | 2026-06-29 02:02:09 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.