142.44.233.162
# IP INTELLIGENCE BRIEFING
Target: 142.44.233.162/32
Classification: Moderate Risk / Hosting Infrastructure
Report Generated: Current
---
## EXECUTIVE SUMMARY
IP 142.44.233.162 is a cloud-hosted infrastructure address assigned to OVH (ASN 16276) under customer allocation OVH-CUST-281059682. The IP is associated with the ahrefs.net domain and resolves to proxy-ca003-san162.ahrefs.net. Risk assessment indicates moderate risk (score: 50) with no active threat indicators. The subnet exhibits elevated abuse density, warranting defensive awareness but not immediate blocking without additional context.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | 16276 (OVH) |
| CIDR Block | 142.44.233.0/24 |
| Infrastructure Type | CloudCompute / Hosting |
| Service Purpose | Firewalled / No Services |
| Is Cloud | Yes |
| Is CDN | No |
| Is Proxy/VPN/Tor | No |
Key Observation: No open ports detected. The IP is actively firewalled, indicating defensive hardening by the operator.
---
## GEOSPATIAL ANALYSIS
| Attribute | Value |
|---|---|
| Country | Canada (CA) |
| Region | Quebec (QC) |
| City | Beaucharnois |
| Claimed Coordinates | 45.5075°N, -73.5887°W |
| Geo Confidence | Low (geo_plausible: false) |
Anomaly Detected: Significant geolocation discrepancy. Probed RTT (30-37ms) is inconsistent with claimed distance of 5,597.9km from probe origin. Minimum possible RTT for that distance is 112ms. This suggests the claimed geolocation is unreliable or the IP may be misattributed.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| Known Attacker | No |
| Spam Source | No |
| Tor Exit Node | No |
| Blacklist Count | 0 |
| Pulsedive Risk | None |
| Known Campaigns | None |
| DNSBL Listed | 2 of 8 lists |
| Operator Score | 0.087 (Minimal) |
Assessment: No active threat indicators present. The two DNSBL listings are historical or low-severity entries requiring review.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 142.44.233.162/24
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 212 |
| Threat Siblings | 147 |
| Abuse Density | 0.5742 (High) |
| Inherited Risk | 22 |
| Risk Distribution | 0 High, 96 Medium, 4 Low |
Observation: The /24 subnet demonstrates elevated abuse density with 147 threat-sibling IPs out of 256 total addresses. This indicates the hosting facility is commonly associated with abusive activity, though the target IP itself shows no malicious signals.
---
## OBSERVATION HISTORY
- Total Observations: 26
- Recent Activity: Signals observed through June 2026
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
- Campaign Correlation: None detected
Temporal Analysis: The IP has maintained consistent ownership and infrastructure classification with no observed shifts toward malicious activity. Recent signals indicate stable, low-risk operational behavior.
---
## NETWORK RELATIONSHIPS
- Relationship Count: 102
- Primary Association: OVH-CUST-281059682 (network)
- Type: Hosting infrastructure customer allocation
- BGP Prefix: 142.44.128.0/17
The IP is part of a large, consolidated customer allocation with consistent network classification.
---
## RECOMMENDED ACTIONS
| Platform | Action |
|---|---|
| iptables | `iptables -A INPUT -s 142.44.233.162 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 142.44.233.162 drop` |
| nginx | `deny 142.44.233.162;` |
| pfSense | Block 142.44.233.162/32 |
| Cloudflare WAF | Block with expression: `ip.src eq 142.44.233.162` |
| AWS WAF | Block address: 142.44.233.162/32 |
Recommendation Level: Moderate
Rationale: While the IP shows no active threat indicators, the subnet's high abuse density (0.5742) and presence on 2 DNSBL lists warrant defensive blocking. The firewall-hardened state suggests the IP may be used for non-interactive purposes or as part of compromised infrastructure.
---
## ANALYST NOTES
1. Subnet Context: The 142.44.233.0/24 subnet is classified as "high_abuse" with 57.42% abuse density. Monitor other IPs in the block for correlation.
2. Ahrefs Association: Domain resolution to ahrefs.net indicates potential legitimate SEO tooling usage, though this cannot be verified without additional context.
3. Geolocation Caution: Do not rely on the claimed Beaucharnois, QC location due to RTT validation failure.
4. Operational Status: No open services detected. This may indicate legitimate server hardening or abuse mitigation.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059682 |
| CIDR Block | 142.44.233.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca003-san162.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca003-san162.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 17% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 17:17:37 UTC |
| Last Seen | 2026-06-27 13:31:55 UTC |
| Profile Built | 2026-06-28 07:36:15 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 31 |
Full dossier details are available via our API.