142.44.228.133
# IP INTELLIGENCE BRIEFING
Target IP: 142.44.228.133/32
Classification: MODERATE RISK โ ELEVATED NEIGHBORHOOD THREAT
Date: Current reporting cycle
Risk Score: 40/100
## EXECUTIVE SUMMARY
The IP address 142.44.228.133 is hosted on OVH cloud infrastructure (ASN 16276) with moderate overall risk. The IP resolves to ahrefs.net DNS infrastructure, suggesting legitimate association with Ahrefs Pte Ltd. However, the /24 subnet exhibits high abuse density (60.16%), with 154 identified threat siblings and 81 medium-risk neighbors. While the target IP shows no direct malicious indicators, the neighborhood context warrants defensive monitoring and consideration for blocking.
## OWNERSHIP AND INFRASTRUCTURE
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059695
- Infrastructure Type: CloudCompute (OVH provider)
- Registration: ARIN RIR
- DNS Resolution: proxy-ca016-san133.ahrefs.net (forward confirmed)
- Services: None detected (firewalled/no services)
## GEOGRAPHIC CONTEXT
- Reported Location: Singapore (CA)
- Region: QC
- Geolocation Confidence: Low โ RTT validation indicates 5,598km distance with 23ms latency, violating minimum physical constraints (112ms minimum)
- Assessment: Geolocation data unreliable; RTT suggests IP may be routed through distant infrastructure
## THREAT INDICATORS
- Risk Score: 40/100 (Moderate)
- Abuse Confidence: Not reported
- Blacklist Status: Listed on 1 of 8 DNSBLs
- Known Campaigns: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Control Plane: Route stability issues detected; operator score 0.2174 (Minimal)
## NEIGHBORHOOD ANALYSIS (142.44.228.0/24)
- Subnet Classification: HIGH ABUSE
- Abuse Density: 60.16%
- Active Siblings: 185 of 256 total IPs
- Threat Siblings: 154 IPs
- Risk Distribution: 0 high-risk, 81 medium-risk, 19 low-risk
- Assessment: Subnet hosts significant malicious activity; elevated neighborhood risk warrants defensive posture
## OBSERVATION HISTORY
- Total Observations: 26 signals recorded
- Recent Activity: Multiple observations on 2026-06-19 covering DNS, routing, services, ownership, reputation, and geolocation
- Threat Persistence: 0 days (not persistently malicious)
- Trend: No significant escalation detected in recent observation window
## RECOMMENDED SECURITY ACTIONS
Immediate (Firewall/IPS Rules)
```bash
# iptables
iptables -A INPUT -s 142.44.228.133 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.228.133 drop
# nginx
deny 142.44.228.133;
# pfSense
142.44.228.133/32
# Cloudflare WAF
Expression: ip.src eq 142.44.228.133; Action: block
# AWS WAF
Addresses: 142.44.228.133/32
```
Subnet-Level Consideration
Given the 60% abuse density and 154 threat siblings in the /24 subnet, consider implementing subnet-level filtering:
```bash
# Consider blocking entire /24 if acceptable risk tolerance
iptables -A INPUT -s 142.44.228.0/24 -j DROP
```
## INTELLIGENCE ASSESSMENT
This IP represents moderate risk with legitimate infrastructure association (Ahrefs) but elevated neighborhood threat. The subnet's high abuse density suggests shared hosting infrastructure commonly exploited for malicious activity. Recommend defensive blocking while monitoring for any service activity or reputation changes. No immediate evidence of direct compromise, but neighborhood context justifies restrictive posture.
---
Source: IPDebrief Intelligence Platform
Confidence: Moderate โ Based on neighborhood density and subnet context
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san133.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san133.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 12% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:11:30 UTC |
| Last Seen | 2026-06-27 16:51:07 UTC |
| Profile Built | 2026-06-28 16:55:58 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 29 |
Full dossier details are available via our API.