142.44.225.49
# IP Intelligence Briefing: 142.44.225.49
## Executive Summary
IP 142.44.225.49 presents moderate risk (score: 40) with classification indicating cloud infrastructure hosting. The IP is associated with OVH SAS provider (ASN 16276) and resolves to ahrefs.net domain infrastructure. Current threat indicators show no active malicious campaigns, but the subnet exhibits elevated abuse density requiring monitoring.
## Infrastructure Profile
- ASN/Provider: OVH (AS16276), CloudCompute infrastructure
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 142.44.225.0/24 (OVH-CUST-281059696)
- Geolocation: Quebec, Canada (Beauharnois)
- Infrastructure Type: Cloud-hosted, firewalled with no open services detected
- DNS Resolution: proxy-ca017-san49.ahrefs.net (forward confirmed: false)
## Risk Assessment
| Metric | Value | Assessment |
|---|---|---|
| Overall Risk Score | 40 | Moderate |
| Provider Score | 0 | Neutral |
| Authority Score | 0 | Neutral |
| DNSBL Listings | 1/8 | Minimal |
| Abuse Confidence | N/A | Not scored |
| Tor Exit Node | No | Clear |
| Known Attacker | No | Clear |
| Spam Source | No | Clear |
## Neighborhood Analysis
The /24 subnet (142.44.225.0/24) shows concerning abuse patterns:
- Subnet Abuse Density: 0.6758 (high_abuse classification)
- Total Subnet Siblings: 256 IPs
- Active Siblings: 206
- Threat-Associated Siblings: 173
- Risk Distribution: 50 medium-risk, 50 low-risk neighbors
This indicates the subnet may be utilized for bulk hosting services with mixed legitimate and potentially abused endpoints.
## Historical Signals (Last 20 Observations)
Recent observations include:
- June 20, 2026: Proxy/VPN classification detected via proxycheck.io
- June 20, 2026: Subnet classified as high_abuse with inherited risk score of 27
- June 28, 2026: DNS resolution confirmed for ahrefs.net with CAA records validated
- DNSSEC: Valid
- Threat Persistence: 0 days (not persistently malicious)
## Technical Indicators
- Open Ports: None detected (firewalled)
- HTTP Services: None active
- TLS Certificates: None detected
- Email Authentication: SPF/DMARC records not present for resolved domain
- BGP Prefix: 142.44.128.0/17 (route stability: false)
## Recommended Actions
Based on risk profile, the following blocking configurations are recommended:
```bash
# iptables
iptables -A INPUT -s 142.44.225.49 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.225.49 drop
# nginx
deny 142.44.225.49;
# Cloudflare WAF
action: block
expression: ip.src eq 142.44.225.49
# AWS WAF
Addresses: ["142.44.225.49/32"]
```
## Analysis Notes
The IP resolves to legitimate ahrefs.net infrastructure but operates within a high-abuse density subnet. The absence of active threat indicators combined with proxy/VPN classification suggests this endpoint may be used for legitimate web proxy services rather than active malicious activity. However, the subnet-level abuse density warrants continued monitoring. Recommend blocking if this IP appears in threat logs, but monitor for escalation of abuse patterns within the /24 subnet.
---
*Report generated from IPDebrief intelligence data. Block recommendations are probabilistic and should be validated against additional threat intelligence sources before implementation.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059696 |
| CIDR Block | 142.44.225.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca017-san49.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca017-san49.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 20% | 10 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-16 20:59:38 UTC |
| Last Seen | 2026-06-28 03:49:38 UTC |
| Profile Built | 2026-06-28 21:54:56 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.