142.44.228.132
# IP Intelligence Briefing: 142.44.228.132/32
Classification: Moderate Risk | Date: 2026-06-17
Intel Source: IPDebrief Intelligence Platform
---
## Executive Summary
IP address 142.44.228.132 presents a moderate risk profile with a composite risk score of 50. The endpoint is associated with OVH hosting infrastructure (ASN 16276, customer block OVH-CUST-281059695) and operates under the ownership of "Dmytro, Ahrefs Pte Ltd." While no direct threat indicators are present, the IP exhibits concerning neighborhood characteristics with elevated abuse density and significant threat sibling concentration within its /24 subnet.
---
## Network Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Block** | 142.44.228.0/24 |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Provider** | OVH |
| **Classification** | Cloud, Hosting (Firewalled) |
DNS Resolution: proxy-ca016-san132.ahrefs.net (ahrefs.net)
Services: No open ports detected (service purpose: Firewalled / No Services)
---
## Threat Intelligence Indicators
Direct Threat Indicators
- Blacklist Status: Listed on 2 of 8 monitored feeds
- Abuse Confidence: Not explicitly scored at IP level
- Known Campaigns: None identified
- Tor Exit Node: False
- Known Attacker: False
- Spam Source: False
Neighborhood Risk Assessment
- Subnet: 142.44.228.0/24
- Abuse Density: 0.5748 (High)
- Total Siblings: 254 (176 active)
- Threat Siblings: 146 (57% of active addresses)
- Classification: High Abuse
- Inherited Risk Score: 22
Analysis: The /24 subnet demonstrates elevated abuse density, with more than half of active neighbors flagged as threats. This suggests the subnet may be utilized for coordinated malicious activity or represents a compromised hosting block.
---
## Geolocation Discrepancies
Observed Locations:
- Canada, Quebec (CA)
- Singapore (inconsistently reported)
Assessment: Geographic inconsistency between multiple geolocation sources raises potential spoofing or misattribution concerns. The 3,000 km accuracy radius indicates limited confidence in precise location data.
---
## Historical Observations
Total Observations: 18 signals recorded
Key Temporal Signals:
- 2026-06-17: Blacklist listings detected across 8 feeds (2 active listings, maximum severity: high)
- 2026-06-15: Operator score recorded at 0.2174 (Minimal operator risk)
- 2026-06-09: DNS/CAA records observed for ahrefs.net domain
Risk Trajectory: Single threat observation event; not flagged as persistently malicious.
---
## Recommended Security Actions
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 142.44.228.132 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.228.132 drop
# NGINX
deny 142.44.228.132;
```
WAF Configuration
- Cloudflare WAF: Block with expression `ip.src eq 142.44.228.132`
- AWS WAF: Add to deny list with CIDR 142.44.228.132/32
- pfSense: Add to block list
Recommendation: Apply blocking rules pending correlation with additional threat intelligence. The moderate risk score combined with neighborhood abuse patterns warrants defensive posture.
---
## Intelligence Assessment
This IP address operates within a high-abuse-density subnet (142.44.228.0/24) where 57% of active neighbors are classified as threats. While the endpoint itself shows no direct malicious indicators and is properly registered with OVH hosting infrastructure, the elevated neighborhood risk suggests potential for misuse. The geolocation inconsistencies and blacklist presence support a cautious defensive approach.
Confidence Level: Moderate
Action Priority: Monitor/Block (pending additional context)
Recommended Action: Implement firewall blocking rules and monitor for related activity in the /24 subnet.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san132.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san132.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 20:59:11 UTC |
| Last Seen | 2026-06-28 15:05:50 UTC |
| Profile Built | 2026-06-29 03:09:24 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.