IPDebrief

142.44.228.58

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 142.44.228.58

Classification: MODERATE RISK

Report Date: 2026-06-21

Intel Analyst: IPDebrief Automated Analysis

---

## Executive Summary

IP address 142.44.228.58 is a cloud infrastructure resource hosted within OVH's Canadian datacenter network, classified as MODERATE RISK with an overall risk score of 40/100. The IP resolves to the ahrefs.net domain and operates within a subnet exhibiting elevated abuse density (0.7266). No active threat indicators or known campaign associations were detected.

---

## Technical Profile

IP Address: 142.44.228.58

Risk Score: 40 (Moderate Risk)

ASN: 16276 (OVH SAS)

Organization: Dmytro, Ahrefs Pte Ltd

CIDR Block: 142.44.228.0/24

Infrastructure Type: CloudCompute / Hosting

Geolocation: Canada (QC) / Singapore*

DNS Resolution: proxy-ca016-san58.ahrefs.net

*Geolocation discrepancy noted: Regional data indicates Quebec, Canada, but city field reports Singapore. Geo validation flagged as implausible (geoPlausible: false).

Network Services: No open ports detected. Service banner analysis returned no active web services. TLS certificates, HTTP titles, and server fingerprints were not observed.

---

## Threat Assessment

Current Threat Posture: LOW TO MODERATE

IndicatorStatus
Known AttackerNegative
Tor Exit NodeNegative
Spam SourceNegative
Blacklist Count0
DNSBL Listed1/8 lists
Known CampaignsNone
Pulsedive RiskData unavailable

Abuse Confidence: Data insufficient for scoring (null). No actionable threat indicators present in current observation window.

---

## Neighborhood Analysis

The subnet 142.44.228.0/24 demonstrates HIGH ABUSE CLASSIFICATION with concerning density metrics:

Risk Distribution (Sample of 100 neighbors):

*Note: Discrepancy between threat sibling count and neighbor risk distribution requires monitoring.*

---

## Temporal Intelligence

Observation History: 19 total observations recorded

Key Historical Signals:

1. Subnet abuse density classification: high_abuse (0.7266)

2. DNS resolution to ahrefs.net with CAA records present

3. Cloud infrastructure classification confirmed (OVH)

4. Operator score: Minimal (0.2174)

---

## Infrastructure Relationships

Relationship Graph: 32 total relationships identified

---

## Recommended Security Actions

Based on risk profile analysis, the following firewall rules are recommended:

Immediate Mitigation:

```bash

# iptables

iptables -A INPUT -s 142.44.228.58 -j DROP

# nftables

nft add rule inet filter input ip saddr 142.44.228.58 drop

# pfSense

142.44.228.58/32

```

Cloud/WAF Configuration:

SOC Analyst Note: These recommendations are probabilistic. Consider blocking the entire /24 subnet (142.44.228.0/24) if business traffic from this customer is not expected, given the 73% threat sibling ratio within the network.

---

## Intelligence Assessment

The IP address 142.44.228.58 presents moderate risk primarily due to its membership in an abusive subnet environment. While the IP itself shows no direct malicious indicators, the high abuse density of its neighborhood (0.7266) and the presence of 186 threat siblings within the /24 suggest this infrastructure may be co-located with or adjacent to malicious actors.

Key Risk Factors:

1. High abuse density subnet classification

2. Elevated threat sibling ratio (

7. Routing instability (route changes detected over 30-day window)

8. DNSSEC validation present but CAA records require verification

9. Reverse DNS resolves to proxy hostname suggesting proxy or caching infrastructure

Intelligence Assessment

The IP address 142.44.228.58 presents moderate risk primarily due to its membership in an abusive subnet environment. While the IP itself shows no direct malicious indicators, the high abuse density of its neighborhood (0.7266) and the presence of 186 threat siblings within the /24 suggest this infrastructure may be co-located with or adjacent to malicious actors.

The connection to ahrefs.net indicates legitimate business purpose, but the hosting infrastructure characteristics (OVH cloud compute, proxy designation) combined with subnet-level abuse metrics warrant defensive consideration. No evidence of active exploitation, command-and-control communication, or targeted reconnaissance was observed in the temporal intelligence window.

Operational Guidance:

1. Block Status: Recommend block at perimeter if traffic patterns are unknown or if business justification exists for blocking the /24 subnet

2. Traffic Monitoring: If traffic is permitted, monitor for outbound connections to high-risk destinations and unusual port activity

3. Subnet Review: Evaluate blocking 142.44.228.0/24 if threat sibling ratio (73%) exceeds organizational risk tolerance

4. Reassessment: Re-evaluate risk posture quarterly given the unstable routing configuration

Final Risk Rating: MODERATE RISK (Score: 40/100)

Threat Level: LOW TO MODERATE

Recommended Action: BLOCK or MONITOR based on business requirements

---

*Intel generated by IPDebriefβ„’ Automated Analysis System*

*All data sourced from real-time threat intelligence feeds and network observation logs*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡¨πŸ‡¦ Canada
RegionQC
CitySingapore
Timezoneβ€”
Latitude45.51
Longitude-73.59

🏒 Ownership & Registration

OrganizationDmytro, Ahrefs Pte Ltd
ASNAS16276
Network NameOVH-CUST-281059695
CIDR Block142.44.228.0/24
RIRARIN
CountrySingapore
Abuse Contactβ€”

🌐 DNS Intelligence

PTRproxy-ca016-san58.ahrefs.net
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesproxy-ca016-san58.ahrefs.net

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAAPresent

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
27%
24
routing
13%
11
services
19%
22
ownership
19%
22
reputation
22%
13
geolocation
19%
22
Overall20%1014
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-06-01 05:37:59 UTC
Last Seen2026-06-29 09:17:10 UTC
Profile Built2026-06-29 09:24:21 UTC
Data FreshnessLive
Signal Types20
Total Observations21
πŸ” 20 signal types Β· 21 observations collected
This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.