142.44.225.99
# IP Intelligence Briefing: 142.44.225.99/32
## Executive Summary
IP 142.44.225.99 is a moderate-risk (40) cloud-hosting address operated by OVH SAS under customer account OVH-CUST-281059696. The IP resolves to ahrefs.net infrastructure with geolocation inconsistencies and is hosted in a high-abuse density subnet. No active threat indicators were observed, but the subnet shows elevated abuse activity.
## Profile Overview
| Attribute | Value |
|---|---|
| **Risk Score** | 40 (Moderate Risk) |
| **ASN** | 16276 (OVH SAS) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **CIDR Block** | 142.44.225.0/24 |
| **Infrastructure Type** | CloudCompute |
| **Service Status** | Firewalled / No Services |
| **DNS Hostname** | proxy-ca017-san99.ahrefs.net |
| **Hosted Domain** | ahrefs.net |
| **Cloud Provider** | OVH |
## Geolocation Analysis
Multiple geolocation sources reported conflicting data:
- Country: Canada (CA)
- City: Singapore
- Geolocation Violation: RTT measurement (27ms) inconsistent with claimed distance (5,598km). Minimum possible RTT for this distance would be 112ms, indicating significant data integrity issues.
## Threat Indicators
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 total lists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Threat Indicators: None detected
## Network Context & Neighborhood Analysis
The IP resides in subnet 142.44.225.0/24 with the following characteristics:
- Abuse Density: 0.6953 (High Abuse Classification)
- Inherited Risk: 27
- Total Subnet IPs: 256
- Active Siblings: 223
- Threat Siblings: 178
Risk distribution in neighboring IPs shows predominantly low-risk activity (74 low, 26 medium, 0 high), suggesting the subnet hosts legitimate services alongside abusive actors.
## Observed Relationships
The IP is associated with network entity OVH-CUST-281059696. The relationship graph contains 45 entries, primarily indicating same-network associations. No unique organizational or certificate-based relationships were identified beyond the network-level connection.
## Signal History (Recent 21 Observations)
- 2026-06-20 16:12:47: DNS resolution to ahrefs.net (confidence: 0.80)
- 2026-06-20 16:05:46: Country detection: CA (confidence: 0.18)
- 2026-06-20 16:05:26: Subnet abuse density observed: 0.6953 (confidence: 0.75)
- 2026-06-20 16:05:00: ASN detection: AS16276 ovh sas, country CA, has threats (confidence: 0.75)
- 2026-06-20 16:03:55: Operator score: Minimal (0.2174) (confidence: 0.60)
No evidence of persistent malicious behavior or campaign correlation.
## Recommended Security Actions
Based on the risk profile, the following blocking rules are recommended:
```bash
# iptables
iptables -A INPUT -s 142.44.225.99 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.225.99 drop
# nginx
deny 142.44.225.99;
# pfSense
142.44.225.99/32
# Cloudflare WAF
action: block, expression: ip.src eq 142.44.225.99
# AWS WAF
Addresses: 142.44.225.99/32
Description: IPDebrief risk 40
```
## Assessment
The IP address represents a cloud-hosted infrastructure component with moderate risk scoring. While no direct malicious activity was observed, the subnet's high abuse density (0.6953) and 178 threat siblings suggest elevated risk of association with malicious actors. The geolocation inconsistencies warrant monitoring.
Recommendation: Implement blocking rules at perimeter defenses. Monitor for changes in service patterns or emergence of threat indicators. The IP's association with ahrefs.net infrastructure indicates potential legitimate use alongside potentially abusive neighbors in the same subnet.
---
*Intelligence generated from IPDebrief analysis. Recommendations should be validated against local security context before implementation.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059696 |
| CIDR Block | 142.44.225.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca017-san99.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca017-san99.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:11:24 UTC |
| Last Seen | 2026-06-28 18:11:48 UTC |
| Profile Built | 2026-06-29 06:15:53 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.