142.44.233.33

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 142.44.233.33/32

Classification: Moderate Risk / High Abuse Subnet

Date: Intelligence generated from IPDebrief threat intelligence platform

---

## EXECUTIVE SUMMARY

IP 142.44.233.33 is a moderate-risk address (Risk Score: 50) hosted within a high-abuse density OVH cloud infrastructure subnet. The IP resolves to the ahrefs.net domain namespace but shows no active open ports or service indicators. The surrounding /24 subnet demonstrates significant abuse activity with 74.61% abuse density and 191 of 256 total siblings flagged as threat sources.

---

## OWNERSHIP & INFRASTRUCTURE

Provider: OVH (ASN 16276)

Organization: Dmytro, Ahrefs Pte Ltd

Network Block: 142.44.233.0/24

Geolocation: Canada, Quebec, Beauharnois (3000km accuracy radius)

Infrastructure Type: Cloud Hosting (OVH-CUST-281059682)

DNS Resolution: proxy-ca003-san33.ahrefs.net

Status: No active services detected (firewalled/no open ports)

---

## THREAT INDICATORS

Overall Risk: Moderate (50/100)

Abuse Confidence Score: Not applicable

Known Campaigns: None detected

Blacklist Status: 0 explicit blacklists

DNSBL Presence: 2 of 8 threat feeds

Tor Exit/Proxy: No

Spam Source: No

Known Attacker: No

Control Plane Indicators:

BGP Prefix: 142.44.128.0/17
Route Stability: False
Operator Score: Minimal (0.2174)
DNSSEC: Valid

---

## SUBNET ANALYSIS (142.44.233.0/24)

Abuse Classification: HIGH_ABUSE

Abuse Density: 0.7461

Total Siblings: 256

Active Siblings: 207

Threat Siblings: 191

Risk Distribution:

High Risk: 0
Medium Risk: 96
Low Risk: 4

The subnet exhibits elevated abuse activity consistent with cloud hosting environments, but the individual IP shows no direct threat indicators.

---

## OBSERVATION HISTORY

Total Observations: 22 signals

Recent Activity: June 2026

Key Findings:

Consistent cloud hosting classification
OVH provider persistence
Abuse density signals maintained at 0.7461
Operator score remains at Minimal (0.2174)
No ownership changes detected

The IP demonstrates temporal stability with no evidence of persistent malicious activity or threat evolution.

---

## SECURITY RECOMMENDATIONS

Based on risk profile and subnet classification, the following defensive actions are recommended:

Immediate Action: Block at perimeter/firewall level

Firewall Rules:

iptables: `iptables -A INPUT -s 142.44.233.33 -j DROP`
nftables: `nft add rule inet filter input ip saddr 142.44.233.33 drop`
nginx: `deny 142.44.233.33;`
pfSense: `142.44.233.33/32`
Cloudflare WAF: Block with expression `ip.src eq 142.44.233.33`
AWS WAF: Add `142.44.233.33/32` to blocked addresses

Contextual Notes:

No direct threat indicators present
Risk driven by subnet-level abuse density
Recommendation applies to inbound traffic only
Consider blocking broader /24 if lateral movement is observed

---

## ANALYST NOTES

This IP presents as a benign cloud host within a high-density abuse environment. The ahrefs.net DNS association suggests legitimate business use, but the subnet's abuse density warrants defensive posture. Monitor for any changes in service exposure or threat indicators. Block at minimum perimeter level; broader subnet blocking may be warranted depending on organizational threat tolerance.

Confidence Level: Medium

Intelligence Source: IPDebrief Threat Intelligence Platform

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Beauharnois
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059682
CIDR Block	142.44.233.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca003-san33.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca003-san33.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	35%	2	3
routing	13%	1	1
services	12%	2	2
ownership	15%	2	2
reputation	22%	1	2
geolocation	33%	2	3
Overall	22%	10	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-17 15:11:53 UTC
Last Seen	2026-06-28 05:06:41 UTC
Profile Built	2026-06-28 23:11:53 UTC
Data Freshness	Live
Signal Types	21
Total Observations	25

🔍 21 signal types · 25 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

142.44.233.33📋 Copy