142.44.228.58
# IP Intelligence Briefing: 142.44.228.58
Classification: MODERATE RISK
Report Date: 2026-06-21
Intel Analyst: IPDebrief Automated Analysis
---
## Executive Summary
IP address 142.44.228.58 is a cloud infrastructure resource hosted within OVH's Canadian datacenter network, classified as MODERATE RISK with an overall risk score of 40/100. The IP resolves to the ahrefs.net domain and operates within a subnet exhibiting elevated abuse density (0.7266). No active threat indicators or known campaign associations were detected.
---
## Technical Profile
IP Address: 142.44.228.58
Risk Score: 40 (Moderate Risk)
ASN: 16276 (OVH SAS)
Organization: Dmytro, Ahrefs Pte Ltd
CIDR Block: 142.44.228.0/24
Infrastructure Type: CloudCompute / Hosting
Geolocation: Canada (QC) / Singapore*
DNS Resolution: proxy-ca016-san58.ahrefs.net
*Geolocation discrepancy noted: Regional data indicates Quebec, Canada, but city field reports Singapore. Geo validation flagged as implausible (geoPlausible: false).
Network Services: No open ports detected. Service banner analysis returned no active web services. TLS certificates, HTTP titles, and server fingerprints were not observed.
---
## Threat Assessment
Current Threat Posture: LOW TO MODERATE
| Indicator | Status |
|---|---|
| Known Attacker | Negative |
| Tor Exit Node | Negative |
| Spam Source | Negative |
| Blacklist Count | 0 |
| DNSBL Listed | 1/8 lists |
| Known Campaigns | None |
| Pulsedive Risk | Data unavailable |
Abuse Confidence: Data insufficient for scoring (null). No actionable threat indicators present in current observation window.
---
## Neighborhood Analysis
The subnet 142.44.228.0/24 demonstrates HIGH ABUSE CLASSIFICATION with concerning density metrics:
- Abuse Density: 0.7266 (Elevated)
- Total Subnet Siblings: 256
- Active Siblings: 228 (89% utilization)
- Threat Siblings: 186 (73% of active addresses)
- Inherited Risk Score: 29
Risk Distribution (Sample of 100 neighbors):
- High Risk: 0
- Medium Risk: 17
- Low Risk: 83
*Note: Discrepancy between threat sibling count and neighbor risk distribution requires monitoring.*
---
## Temporal Intelligence
Observation History: 19 total observations recorded
- Recent Activity: Continuous monitoring as of 2026-06-21
- Threat Persistence: 0 days (no persistent malicious behavior observed)
- Ownership Stability: 0 ownership changes recorded
Key Historical Signals:
1. Subnet abuse density classification: high_abuse (0.7266)
2. DNS resolution to ahrefs.net with CAA records present
3. Cloud infrastructure classification confirmed (OVH)
4. Operator score: Minimal (0.2174)
---
## Infrastructure Relationships
Relationship Graph: 32 total relationships identified
- Primary association: OVH-CUST-281059695 (Same Network)
- Network classification: Customer subnet under OVH infrastructure
- BGP Origin: 142.44.128.0/17
- Route Stability: False (routing changes detected)
---
## Recommended Security Actions
Based on risk profile analysis, the following firewall rules are recommended:
Immediate Mitigation:
```bash
# iptables
iptables -A INPUT -s 142.44.228.58 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.228.58 drop
# pfSense
142.44.228.58/32
```
Cloud/WAF Configuration:
- Cloudflare WAF: Block IP with expression `ip.src eq 142.44.228.58`
- AWS WAF: Add address `142.44.228.58/32` to rule set
- Nginx: `deny 142.44.228.58;`
SOC Analyst Note: These recommendations are probabilistic. Consider blocking the entire /24 subnet (142.44.228.0/24) if business traffic from this customer is not expected, given the 73% threat sibling ratio within the network.
---
## Intelligence Assessment
The IP address 142.44.228.58 presents moderate risk primarily due to its membership in an abusive subnet environment. While the IP itself shows no direct malicious indicators, the high abuse density of its neighborhood (0.7266) and the presence of 186 threat siblings within the /24 suggest this infrastructure may be co-located with or adjacent to malicious actors.
Key Risk Factors:
1. High abuse density subnet classification
2. Elevated threat sibling ratio (
7. Routing instability (route changes detected over 30-day window)
8. DNSSEC validation present but CAA records require verification
9. Reverse DNS resolves to proxy hostname suggesting proxy or caching infrastructure
Intelligence Assessment
The IP address 142.44.228.58 presents moderate risk primarily due to its membership in an abusive subnet environment. While the IP itself shows no direct malicious indicators, the high abuse density of its neighborhood (0.7266) and the presence of 186 threat siblings within the /24 suggest this infrastructure may be co-located with or adjacent to malicious actors.
The connection to ahrefs.net indicates legitimate business purpose, but the hosting infrastructure characteristics (OVH cloud compute, proxy designation) combined with subnet-level abuse metrics warrant defensive consideration. No evidence of active exploitation, command-and-control communication, or targeted reconnaissance was observed in the temporal intelligence window.
Operational Guidance:
1. Block Status: Recommend block at perimeter if traffic patterns are unknown or if business justification exists for blocking the /24 subnet
2. Traffic Monitoring: If traffic is permitted, monitor for outbound connections to high-risk destinations and unusual port activity
3. Subnet Review: Evaluate blocking 142.44.228.0/24 if threat sibling ratio (73%) exceeds organizational risk tolerance
4. Reassessment: Re-evaluate risk posture quarterly given the unstable routing configuration
Final Risk Rating: MODERATE RISK (Score: 40/100)
Threat Level: LOW TO MODERATE
Recommended Action: BLOCK or MONITOR based on business requirements
---
*Intel generated by IPDebriefβ’ Automated Analysis System*
*All data sourced from real-time threat intelligence feeds and network observation logs*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR | proxy-ca016-san58.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san58.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-01 05:37:59 UTC |
| Last Seen | 2026-06-29 09:17:10 UTC |
| Profile Built | 2026-06-29 09:24:21 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.