142.44.228.211
# IP Intelligence Briefing: 142.44.228.211
## Executive Summary
IP address 142.44.228.211 presents a MODERATE RISK profile (risk score: 40) associated with OVH cloud infrastructure. The IP is registered to Ahrefs Pte Ltd under network block 142.44.228.0/24, which exhibits elevated abuse density. No active threat indicators were detected, but the subnet-level risk environment warrants monitoring.
## Ownership and Infrastructure
- ASN: 16276 (OVH)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network Block: 142.44.228.0/24
- Infrastructure Type: CloudCompute
- Service Purpose: Firewalled / No Services
- Cloud Provider: OVH (confirmed)
- Registration RIR: ARIN
## Geolocation Data
- Country: CA (Canada)
- Region: QC (Quebec)
- City: Singapore
- Accuracy Radius: 3000km
- Note: Geographic data shows inconsistency between country and city fields.
## Network Classification
- Cloud Environment: Yes
- Hosting Service: Yes
- CDN/VPN/Proxy: No
- Tor Exit Node: No
- Bogon Address: No
- Anycast: No
## DNS Analysis
- PTR Hostname: proxy-ca016-san211.ahrefs.net
- Forward-Resolved Domain: ahrefs.net
- Forward Resolution Count: 1
- DNSSEC Valid: Yes
- Has CAA: Yes
## Threat Assessment
- Risk Score: 40 (Moderate)
- Abuse Confidence: Not applicable
- Known Attacker: No
- Spam Source: No
- Tor Exit: No
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 total lists
## Neighborhood Analysis
The /24 subnet (142.44.228.0/24) shows elevated abuse characteristics:
- Abuse Density: 0.7188 (high)
- Classification: High Abuse
- Total Siblings: 256
- Active Siblings: 227
- Threat Siblings: 184
- Inherited Risk: 28
Sample neighbor risk scores range from 25-50, with multiple IPs scoring in the medium-risk band.
## Historical Observations
20 signal observations recorded with recent activity as of 2026-06-28. Historical signals indicate:
- Operator score: 0.2174 (minimal)
- Ownership stability confirmed
- No persistent malicious behavior detected
- Threat observation count: 0
## Control Plane Status
- Route Stability: Unstable
- BGP Prefix: 142.44.128.0/17
- Origin ASN: 16276
- RPKI State: Not assessed
- IRR Consistency: Not assessed
## Recommended Actions
Based on risk profile 40, the following firewall rules are recommended:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 142.44.228.211 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 142.44.228.211 drop` |
| nginx | `deny 142.44.228.211;` |
| pfSense | `142.44.228.211/32` |
| Cloudflare WAF | Block IP (expression: `ip.src eq 142.44.228.211`) |
| AWS WAF | Add to block list (142.44.228.211/32) |
## Intelligence Assessment
The IP 142.44.228.211 is a cloud-hosted address associated with Ahrefs infrastructure, showing moderate risk primarily driven by subnet-level abuse density. While no specific threat indicators are present, the high-abuse classification of the parent /24 subnet suggests potential for opportunistic misuse. The DNSBL listing on one of eight lists indicates some reputation challenges.
Recommendation: Monitor traffic patterns from this subnet. Consider implementing rate-limiting or geo-blocking if the organization does not require connections from Canadian OVH infrastructure. The lack of open ports and firewalled service profile suggests this IP may be used for administrative or internal purposes.
---
*Report generated: 2026-06-28 | Risk Score: 40/100 | Status: Monitor*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san211.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san211.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 2 |
| geolocation | 26% | 2 | 2 |
| Overall | 21% | 10 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 12:21:55 UTC |
| Last Seen | 2026-06-28 20:55:30 UTC |
| Profile Built | 2026-06-29 02:56:47 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.