142.44.228.5
# Intelligence Briefing: 142.44.228.5/32
## Executive Summary
The IP address 142.44.228.5/32 is a low-risk infrastructure endpoint hosted on OVH cloud infrastructure (ASN 16276) within the 142.44.228.0/24 subnet. While classified as "Low Risk" with a risk score of 25, the address exhibits several anomalous characteristics including geolocation inconsistencies, DNS resolution to Ahrefs proxy infrastructure, and neighborhood-level elevated threat indicators.
## Infrastructure Profile
Ownership: The IP resolves to ASN 16276 (OVH SAS) under the network prefix OVH-CUST-281059695. The associated organization is registered to "Dmytro, Ahrefs Pte Ltd."
Geolocation: The address reports a Canadian location (QC) with coordinates at latitude 45.4995, longitude -73.5848. However, geolocation validation flagged a significant discrepancy: measured RTT (28ms) is substantially lower than the minimum physically plausible RTT (112ms) for the claimed distance of 5,598km from probe location, resulting in a "geo_plausible: false" status.
DNS: The PTR record resolves to proxy-ca016-san5.ahrefs.net within the ahrefs.net domain. Forward DNS resolution confirmed, though forward-confirmed status is false.
Services: No open ports detected; the endpoint is firewalled with no active HTTP/TLS services.
## Threat Assessment
Risk Classification: Low Risk (Score: 25)
Threat Indicators:
- No known campaigns or threat feed matches
- Not identified as Tor exit node, known attacker, or spam source
- Zero blacklist entries detected
- Pulsedive risk score: null
Abuse Context: The address shows abuse confidence score as null, but the subnet exhibits notable activity patterns.
## Neighborhood Analysis
The IP resides in subnet 142.44.228.0/24 with the following characteristics:
- Total siblings: 256 IPs
- Active siblings: 228
- Threat siblings: 112
- Abuse density: 0.4375 (43.75%)
- Inherited risk: 17
Neighbor analysis of 100 sampled addresses in the /24 subnet revealed a risk distribution of 0 high-risk, 64 medium-risk, and 36 low-risk addresses. Multiple neighbor IPs (142.44.228.0 through 142.44.228.4) consistently returned risk scores of 40 with authority scores of 50, suggesting elevated neighborhood-level activity.
## Historical Signals
Observation history captured 20 signals with the following key observations:
- Recent threat detection signal (confidence 0.75) on 2026-06-26T00:10:57Z flagged with `has_threats: true` and pulse count of 1
- Abuse density signal (confidence 0.75) confirming subnet classification as "mixed" with inherited risk of 17
- Geolocation violation signals (confidence 0.30-0.75) indicating RTT/latency inconsistencies
- Operator score signal showing "Minimal" classification with raw score of 0.1
## Network Relationships
The IP maintains 54 documented relationships, primarily consisting of "Same Network" entries linking to OVH-CUST-281059695. No additional organizational, hostname, or certificate relationships were populated in the relationship graph.
## Control Plane & Routing
- BGP prefix: 142.44.128.0/17
- Origin ASN: 16276
- Route stability: False (isRouteStable: false)
- Route changes (30d): 0
- RPKI/Irr: Not validated/consistent
- DNSSEC: Valid
- DNSBL listings: 1 of 8 total lists (dnsblListedCount: 1)
## Recommended Actions
Based on the IP's low-risk profile and current threat indicators, no specific firewall or mitigation rules were generated. The address remains in a low-risk category (score 25), but SOC analysts should monitor for:
1. Geolocation anomaly correlation with legitimate traffic patterns
2. Subnet-level threat activity given the 43.75% abuse density
3. DNS activity to ahrefs.net proxy infrastructure
## Conclusion
IP 142.44.228.5 represents a low-risk OVH-hosted endpoint with anomalous geolocation reporting and DNS resolution to Ahrefs proxy infrastructure. While individual threat indicators are minimal, the subnet exhibits elevated abuse density (43.75%) with 112 threat-classified siblings. Continued monitoring of neighborhood-level activity and geolocation consistency is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san5.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san5.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 22% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 10:13:12 UTC |
| Last Seen | 2026-06-27 17:20:56 UTC |
| Profile Built | 2026-06-28 11:25:32 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 25 |
Full dossier details are available via our API.