142.44.228.131
# IP INTELLIGENCE BRIEFING
IP Address: 142.44.228.131/32
Report Date: Current
Classification: Moderate Risk Infrastructure IP
---
## EXECUTIVE SUMMARY
IP 142.44.228.131 is a cloud hosting infrastructure address associated with OVH (ASN 16276) under network OVH-CUST-281059695. The IP resolves to Ahrefs infrastructure (proxy-ca016-san131.ahrefs.net) and exhibits moderate-risk characteristics. While the individual IP shows no active threat indicators, the hosting subnet demonstrates elevated abuse density, warranting network-level awareness.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Provider | OVH (CloudCompute) |
| CIDR Block | 142.44.228.0/24 |
| Network Classification | Cloud Hosting / Firewall |
| Registration Date | N/A |
Geolocation Data: Multiple sources indicate Canada (QC), though coordinates suggest geographic inconsistency. Geolocation consensus applies across 1 source.
---
## RISK ASSESSMENT
Overall Risk Score: 40/100 (Moderate)
Risk Classification: Moderate Risk
Risk Factors
- Abuse Confidence Score: Not applicable (no active abuse)
- Threat Indicators: None identified
- Blacklist Status: 0 threat feed entries; 1 DNSBL listing detected
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
---
## OBSERVATION HISTORY
Total Observations: 21 signals
Recent Activity Summary:
- 2026-06-19: Network operator score 0.2174 (Minimal), DNSSEC valid
- 2026-06-14: Subnet abuse density confirmed at 0.6055 (high_abuse classification)
- 2026-06-14: Network classification confirmed as OVH cloud hosting
Temporal Analysis: No persistent malicious threat behavior detected. IP shows stable ownership and infrastructure characteristics.
---
## NETWORK RELATIONSHIPS
Total Relationships: 46
Relationship Types: Same Network (OVH-CUST-281059695)
The IP demonstrates strong network-level associations within the OVH customer block. No external organizational or certificate relationships identified beyond the hosting provider infrastructure.
---
## SUBNET ANALYSIS (142.44.228.0/24)
Abuse Density: 0.6055 (High Abuse Classification)
Risk Distribution:
- High Risk: 0
- Medium Risk: 81
- Low Risk: 19
- Threat Siblings: 155 of 256 total IPs
Neighborhood Risk: Inherited risk score of 24 from subnet context. The subnet exhibits elevated abuse density typical of cloud hosting environments.
---
## NETWORK SERVICES
| Service | Status |
|---|---|
| Open Ports | None detected |
| HTTP/HTTPS | Not accessible |
| TLS Certificate | None |
| Reverse DNS | proxy-ca016-san131.ahrefs.net |
| Forward Resolution | 1 hostname |
| Email Authentication | No SPF/DMARC records |
---
## SECURITY RECOMMENDATIONS
Recommended Action: MONITOR (No immediate blocking required)
1. Traffic Monitoring: The IP resolves to Ahrefs proxy infrastructure. Monitor for unusual traffic patterns from this address if your organization uses Ahrefs services.
2. Subnet Awareness: The parent subnet (142.44.228.0/24) shows high abuse density. Implement network-level monitoring for this /24 block.
3. DNS Filtering: One DNSBL listing detected. Consider filtering outbound DNS queries to this IP if it appears in DNS logs.
4. Cloud Infrastructure Context: This is a standard cloud hosting IP. Legitimate Ahrefs proxy traffic should pass through with normal business traffic policies.
---
## CONCLUSION
IP 142.44.228.131 represents legitimate cloud hosting infrastructure for Ahrefs services. The moderate risk score primarily reflects the high-abuse-density hosting environment rather than individual IP malicious activity. No immediate threat indicators present. SOC teams should monitor for traffic patterns consistent with web scraping or SEO tools rather than treating this as a standalone threat.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san131.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san131.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 31% | 2 | 3 |
| Overall | 21% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 22:17:11 UTC |
| Last Seen | 2026-06-27 18:16:45 UTC |
| Profile Built | 2026-06-28 18:22:00 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 26 |
Full dossier details are available via our API.