142.44.228.246
# IP Intelligence Briefing: 142.44.228.246
Classification: Moderate Risk / Cloud Infrastructure / High-Abuse Subnet
Date of Analysis: 2026-06-15
---
## Executive Summary
IP address 142.44.228.246 is a cloud-compute infrastructure endpoint hosted within OVH's customer network (OVH-CUST-281059695). The IP resolves to the ahrefs.net domain but presents no active services. While the specific endpoint carries a moderate risk score of 40, it resides within a subnet exhibiting high abuse density (0.6055), with 155 of 193 active siblings flagged as threats. The network association with Ahrefs Pte Ltd provides contextual legitimacy, yet the operational environment warrants defensive monitoring.
---
## Ownership and Infrastructure Profile
| Attribute | Value |
|---|---|
| **ASN** | 16276 |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **Network Name** | OVH-CUST-281059695 |
| **CIDR Block** | 142.44.228.0/24 |
| **RIR** | ARIN |
| **Infrastructure Type** | Cloud Compute |
| **ISP/Provider** | OVH |
| **Registration Authority** | RIPE NCC |
The IP is classified as cloud hosting infrastructure. No proxy, VPN, Tor, or CDN indicators were detected. The control plane data indicates BGP routing through AS57866 and AS16276 with stable routing characteristics (isRouteStable: true).
---
## Geolocation Assessment
| Parameter | Value | Confidence |
|---|---|---|
| **Country** | Canada (CA) | High |
| **Region** | Quebec | High |
| **City** | Singapore | Low (3000km radius) |
| **Geo Source Count** | 1 | Low |
| **Geo Plausibility** | False | N/A |
Geolocation consensus indicates Canada as the primary location, though a single source reported Singapore with 3000km accuracy radius, rendering the data unreliable. This discrepancy is common for cloud hosting environments using anycast or CDN-like routing.
---
## DNS and Hostname Resolution
| Parameter | Value |
|---|---|
| **PTR Hostname** | proxy-ca016-san246.ahrefs.net |
| **Domain** | ahrefs.net |
| **Forward Resolution** | proxy-ca016-san246.ahrefs.net |
| **Forward Confirmed** | False |
| **Email Auth (SPF/DMARC)** | Not configured |
| **TXT Record Count** | 0 |
The IP resolves to an ahrefs.net PTR record indicating it is part of the Ahrefs infrastructure. However, forward resolution failed to confirm the PTR record, and no SPF or DMARC records are configured for the domain. This misalignment between reverse and forward DNS resolution is a common indicator of dynamically allocated cloud IPs.
---
## Network Classification and Reputation
| Metric | Value |
|---|---|
| **Risk Score** | 40 (Moderate) |
| **Abuse Confidence Score** | N/A |
| **Blacklist Count** | 0 |
| **DNSBL Listed** | 1 of 8 lists |
| **Known Attacker** | False |
| **Tor Exit Node** | False |
| **Spam Source** | False |
| **Operator Score** | 0.4348 (Basic) |
The IP carries a moderate risk score of 40 with no blacklists. One DNSBL listing was observed across eight total lists. The operator score of 0.4348 is classified as "Basic," indicating limited threat intelligence correlation.
---
## Neighborhood Analysis: 142.44.228.0/24
| Metric | Value |
|---|---|
| **Subnet Classification** | High Abuse |
| **Abuse Density** | 0.6055 |
| **Total Siblings** | 256 |
| **Active Siblings** | 193 |
| **Threat Siblings** | 155 |
| **Inherited Risk** | 24 |
The subnet exhibits elevated abuse activity. Of 100 sampled neighbors:
- High Risk: 0
- Medium Risk: 81
- Low Risk: 19
Of 193 active siblings, 155 (80.3%) are classified as threats. This high abuse density suggests the network is commonly used for bulk hosting or potentially misconfigured infrastructure.
---
## Service and Port Scan Results
| Metric | Value |
|---|---|
| **Open Ports** | None |
| **HTTP Title** | N/A |
| **TLS Certificate** | None |
| **Server Banner** | None |
| **Service Purpose** | Firewalled / No Services |
No open ports, services, or web applications were detected on this specific IP address. The endpoint appears to be a passive infrastructure host with services either not running or filtered.
---
## Threat Indicators
| Indicator | Status |
|---|---|
| **Known Campaigns** | None |
| **Cert Matches** | 0 |
| **Banner Matches** | 0 |
| **Correlated IPs** | 0 |
| **Is Persistently Malicious** | False |
| **Threat Persistence Days** | 0 |
| **Threat Observation Count** | 1 |
No active threat campaigns or persistent malicious behavior was identified. A single threat observation was recorded, indicating limited historical threat activity.
---
## Historical Signal Analysis
25 observations were recorded as of 2026-06-15. Key historical signals include:
- Subnet Abuse Density: Consistent 0.6055 across observations
- DNS Signals: CAA records confirmed with valid issuers
- Geolocation: Consistent Canada (CA) reporting with low-confidence location data
- Operator Score: Stable at 0.4348 across observations
- Classification: Persistent "high_abuse" designation for the subnet
The IP's risk profile has remained stable over the observation period with no significant escalation or declassification events.
---
## Related Entities
39 relationships were identified, primarily:
- Same Network: Multiple relationships to OVH-CUST-281059695
- No hostname, certificate, or organization relationships beyond the network classification
---
## Recommended Actions
Based on the moderate risk profile and high-abuse subnet classification, the following defensive measures are recommended:
1. Monitor, Do Not Block: The IP does not exhibit
1. Monitor, Do Not Block: The IP does not exhibit active malicious behavior. However, the high-abuse subnet context warrants ongoing monitoring for connection attempts or outbound traffic anomalies.
2. Verify Legitimate Business Use: Confirm whether Ahrefs Pte Ltd has authorized legitimate use of this IP address for their infrastructure. The PTR record suggests association with the organization, but the subnet-level abuse density should be validated.
3. Review Network Traffic Patterns: If traffic is observed from this IP, analyze packet content for anomalies. The lack of open ports suggests this is a backend or passive host rather than a user-facing endpoint.
4. Correlate with Threat Intelligence Feeds: Cross-reference against internal threat intelligence databases for any historical correlation with known malicious campaigns or attacker infrastructure.
5. Monitor Subnet-Level Indicators: Given 80% of active siblings are flagged as threats, monitor the broader 142.44.228.0/24 subnet for coordinated activity patterns or campaign indicators.
6. Document for Baseline: Establish this IP as a known cloud-hosting endpoint with moderate risk characteristics for future incident triage and threat correlation workflows.
---
## Conclusion
IP 142.44.228.246 represents a cloud-compute infrastructure endpoint with moderate risk characteristics. While the specific IP shows no active malicious indicators, the high-abuse neighborhood context requires defensive vigilance. The IP's association with Ahrefs Pte Ltd suggests legitimate business use, but the subnet's abuse density warrants monitoring and correlation with organizational threat intelligence. No immediate blocking or escalation actions are required, but continued observation of traffic patterns and subnet-level activity is recommended.
Status: Monitor / Low Priority
Confidence Level: Medium (0.75 based on subnet abuse signals)
Next Review: 30 days or upon threat indicator escalation
---
*Report generated by IPDebrief Intelligence Platform. Data sourced from real-time observation and historical threat intelligence feeds.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san246.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san246.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 30% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 25% | 12 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-16 08:56:00 UTC |
| Last Seen | 2026-06-28 03:15:44 UTC |
| Profile Built | 2026-06-29 03:21:45 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.