142.44.233.224
# IP Intelligence Briefing: 142.44.233.224
Classification: Moderate Risk (Score: 40/100)
Date: Intelligence compiled from current IPDebrief data
---
## Executive Summary
IP 142.44.233.224 is a cloud-based hosting infrastructure address owned by OVH (ASN 16276), operating under organization "Dmytro, Ahrefs Pte Ltd" within the 142.44.233.0/24 subnet. The address presents moderate risk due to subnet-level abuse characteristics, with 198 of 256 sibling IPs flagged as threat-related. The IP resolves to Ahrefs-hosted proxy infrastructure but exhibits no active services, indicating firewall-protected infrastructure.
---
## Technical Profile
Ownership:
- ASN: 16276 (OVH)
- Org: Dmytro, Ahrefs Pte Ltd
- Netname: OVH-CUST-281059682
- CIDR: 142.44.233.0/24
Geolocation:
- Reported: CA, QC, Beauharnois
- Geo Validation: ANOMALY DETECTED โ RTT measurements (31-35ms) inconsistent with reported distance (5,598km), suggesting geolocation data may be inaccurate
- Accuracy radius: 3,000km
Network Role:
- Infrastructure Type: CloudCompute
- Status: Hosting/Infrastructure (firewalled, no open services)
- No CDN, proxy, VPN, or mobile carrier characteristics
---
## Threat Indicators
- Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Campaigns: None identified
- Threat Feeds: No matches
- Control Plane: Listed on 1 of 8 DNSBLs
Critical Finding: The subnet 142.44.233.0/24 is classified as high_abuse with an abuse density of 0.7734 (212 active siblings, 198 threat siblings). This indicates systemic abuse patterns within the subnet.
---
## Historical Observations
Signal Count: 26 observations recorded
Risk Trend: Stable moderate risk
Key historical signals include:
- Network classification as hosting infrastructure (June 2022)
- Subnet-level abuse density confirmation (June 2022)
- Geolocation data inconsistencies persist across observations
- No evidence of persistent malicious activity (threatPersistenceDays: 0)
---
## Relationship Graph
Total Relationships: 65 entities
Primary Associations:
- Same Network: OVH-CUST-281059682 (repeated multiple times)
- No direct associations to malicious hostnames, organizations, or certificates beyond subnet affiliation
Implication: The IP's relationships are primarily network-level rather than indicating direct ties to specific malicious infrastructure or command-and-control entities.
---
## Neighborhood Analysis (142.44.233.0/24)
Subnet Classification: high_abuse
Abuse Density: 0.7734 (77.34%)
Sample Neighbor Risk Scores:
- 142.44.233.0โ4: Risk 40-50
- 96 of 100 sampled neighbors: Medium risk
- 4 of 100 sampled neighbors: Low risk
Context: This IP operates within a heavily abused subnet, suggesting shared infrastructure that may be leveraged for abuse by multiple actors.
---
## Recommended Actions
Firewall Blocking Recommended:
The IP presents moderate risk with subnet-level abuse context. Consider blocking in perimeter security.
Blocking Rules:
- iptables: `iptables -A INPUT -s 142.44.233.224 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 142.44.233.224 drop`
- nginx: `deny 142.44.233.224;`
- pfSense: `142.44.233.224/32`
- Cloudflare WAF: Block rule with expression `ip.src eq 142.44.233.224`
- AWS WAF: `Addresses: ["142.44.233.224/32"]`
---
## Analyst Notes
1. Subnet Context: The 142.44.233.0/24 subnet shows significant abuse density. Blocking the /24 entirely may be warranted depending on operational tolerance.
2. Ahrefs Association: The DNS records (proxy-ca003-san224.ahrefs.net) indicate this IP is part of Ahrefs infrastructure. Legitimate traffic may exist; evaluate against known Ahrefs patterns before blocking.
3. No Active Services: The firewall-protected status (no open ports) reduces immediate exploitation risk but does not eliminate abuse potential.
4. Geolocation Warning: The reported geolocation shows validation failures. Do not rely on this data for geo-blocking decisions.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059682 |
| CIDR Block | 142.44.233.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca003-san224.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca003-san224.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:43 UTC |
| Last Seen | 2026-06-26 23:20:02 UTC |
| Profile Built | 2026-06-27 19:33:44 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 31 |
Full dossier details are available via our API.