# IP INTELLIGENCE BRIEFING
Target: 142.44.233.33/32
Classification: Moderate Risk / High Abuse Subnet
Date: Intelligence generated from IPDebrief threat intelligence platform
---
## EXECUTIVE SUMMARY
IP 142.44.233.33 is a moderate-risk address (Risk Score: 50) hosted within a high-abuse density OVH cloud infrastructure subnet. The IP resolves to the ahrefs.net domain namespace but shows no active open ports or service indicators. The surrounding /24 subnet demonstrates significant abuse activity with 74.61% abuse density and 191 of 256 total siblings flagged as threat sources.
---
## OWNERSHIP & INFRASTRUCTURE
Provider: OVH (ASN 16276)
Organization: Dmytro, Ahrefs Pte Ltd
Network Block: 142.44.233.0/24
Geolocation: Canada, Quebec, Beauharnois (3000km accuracy radius)
Infrastructure Type: Cloud Hosting (OVH-CUST-281059682)
DNS Resolution: proxy-ca003-san33.ahrefs.net
Status: No active services detected (firewalled/no open ports)
---
## THREAT INDICATORS
Overall Risk: Moderate (50/100)
Abuse Confidence Score: Not applicable
Known Campaigns: None detected
Blacklist Status: 0 explicit blacklists
DNSBL Presence: 2 of 8 threat feeds
Tor Exit/Proxy: No
Spam Source: No
Known Attacker: No
Control Plane Indicators:
- BGP Prefix: 142.44.128.0/17
- Route Stability: False
- Operator Score: Minimal (0.2174)
- DNSSEC: Valid
---
## SUBNET ANALYSIS (142.44.233.0/24)
Abuse Classification: HIGH_ABUSE
Abuse Density: 0.7461
Total Siblings: 256
Active Siblings: 207
Threat Siblings: 191
Risk Distribution:
- High Risk: 0
- Medium Risk: 96
- Low Risk: 4
The subnet exhibits elevated abuse activity consistent with cloud hosting environments, but the individual IP shows no direct threat indicators.
---
## OBSERVATION HISTORY
Total Observations: 22 signals
Recent Activity: June 2026
Key Findings:
- Consistent cloud hosting classification
- OVH provider persistence
- Abuse density signals maintained at 0.7461
- Operator score remains at Minimal (0.2174)
- No ownership changes detected
The IP demonstrates temporal stability with no evidence of persistent malicious activity or threat evolution.
---
## SECURITY RECOMMENDATIONS
Based on risk profile and subnet classification, the following defensive actions are recommended:
Immediate Action: Block at perimeter/firewall level
Firewall Rules:
- iptables: `iptables -A INPUT -s 142.44.233.33 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 142.44.233.33 drop`
- nginx: `deny 142.44.233.33;`
- pfSense: `142.44.233.33/32`
- Cloudflare WAF: Block with expression `ip.src eq 142.44.233.33`
- AWS WAF: Add `142.44.233.33/32` to blocked addresses
Contextual Notes:
- No direct threat indicators present
- Risk driven by subnet-level abuse density
- Recommendation applies to inbound traffic only
- Consider blocking broader /24 if lateral movement is observed
---
## ANALYST NOTES
This IP presents as a benign cloud host within a high-density abuse environment. The ahrefs.net DNS association suggests legitimate business use, but the subnet's abuse density warrants defensive posture. Monitor for any changes in service exposure or threat indicators. Block at minimum perimeter level; broader subnet blocking may be warranted depending on organizational threat tolerance.
Confidence Level: Medium
Intelligence Source: IPDebrief Threat Intelligence Platform
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059682 |
| CIDR Block | 142.44.233.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca003-san33.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca003-san33.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 15:11:53 UTC |
| Last Seen | 2026-06-28 05:06:41 UTC |
| Profile Built | 2026-06-28 23:11:53 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.