142.44.228.62
# IP Intelligence Briefing: 142.44.228.62/32
Classification: Low Risk with High-Context Abuse Environment
Date: 2026-06-18
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP 142.44.228.62 is a cloud compute endpoint hosted by OVH with a current risk score of 30 (Low Risk). While the IP itself shows no active threat indicators, it operates within a subnet (142.44.228.0/24) exhibiting elevated abuse density (0.6914). The IP has been observed 28 times with consistent moderate operator scores (~0.65). No immediate blocking is recommended, but contextual awareness of the subnet environment is advised.
---
## Network Ownership & Infrastructure
| Attribute | Value |
|---|---|
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **ASN** | 16276 (OVH) |
| **CIDR Block** | 142.44.228.0/24 |
| **Infrastructure Type** | CloudCompute, Hosting |
| **DNS PTR** | proxy-ca016-san62.ahrefs.net |
| **Hosted Domain** | ahrefs.net |
The endpoint resolves to a hostname associated with Ahrefs, a known SEO analytics platform. DNS configuration shows forward confirmation failures, suggesting the PTR record may not be actively responding.
---
## Threat Assessment
Current Risk Score: 30/100 (Low Risk)
Threat Indicators:
- No known campaigns associated
- Zero blacklist entries
- Not classified as spam source, known attacker, or Tor exit node
- No open ports or active services detected
- TLS certificate: None
Risk Breakdown:
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
- Operator Score: 0.6522 (Moderate)
Campaign Correlation: None detected (certMatches: 0, correlatedIPs: 0)
---
## Geolocation Analysis
| Field | Value |
|---|---|
| **Reported Country** | CA (Canada) |
| **Reported City** | Singapore |
| **GeoPlausible** | False |
| **RTT Violation** | Yes |
| **Distance** | 5,597.9 km |
| **Observed RTT** | 27.0 ms |
| **Minimum Possible RTT** | 112.0 ms |
Note: Significant geolocation inconsistency detected. The reported RTT of 27ms for a 5,597km distance is physically implausible, indicating unreliable geolocation data. Risk assessment should not be based on location alone.
---
## Subnet Context (142.44.228.0/24)
Abuse Density: 0.6914 (High Abuse)
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 207 |
| Threat Siblings | 177 |
| Inherited Risk | 27 |
| Classification | high_abuse |
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 82
- Low Risk: 18
The subnet demonstrates elevated abuse activity with 69% abuse density. While this specific IP shows no active threats, the neighborhood context suggests the broader infrastructure may host malicious actors.
---
## Observation History
Total Observations: 28
Recent Activity:
- 2026-06-18 21:09:43 โ Operator score 0.75, confidence 0.85
- 2026-06-17 11:52:10 โ Subnet abuse density signal, confidence 0.75
- 2026-06-17 11:47:38 โ Operator score 0.75, confidence 0.85
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: False
- Threat Observation Count: 1
The IP shows stable ownership with no persistent malicious behavior. Recent signals consistently reflect moderate operator scores (~0.65-0.75).
---
## Recommended Actions
Current Risk Score: 30
Actionable Recommendations: None (risk level below threshold for automated blocking)
Manual Review Considerations:
1. Monitor subnet 142.44.228.0/24 for correlated activity
2. Validate geolocation inconsistencies before relying on location-based rules
3. Review if traffic patterns from this IP align with legitimate SEO analytics tool usage
4. Consider blocking at subnet level only if abuse density escalates
---
## Conclusion
IP 142.44.228.62 presents as a low-risk endpoint with no active threat indicators. The DNS hostname association with Ahrefs.net suggests legitimate use cases. However, the subnet environment shows elevated abuse density requiring contextual awareness. No immediate defensive action is warranted, but maintain visibility on subnet-level activity.
Status: MONITOR (No action required)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san62.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san62.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 2 โ Moderate operator sophistication with routing hygiene |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 22% | 3 | 4 |
| services | 12% | 2 | 2 |
| ownership | 22% | 3 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 24% | 13 | 19 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:43 UTC |
| Last Seen | 2026-06-26 23:13:00 UTC |
| Profile Built | 2026-06-27 19:27:52 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 34 |
Full dossier details are available via our API.