142.44.228.75
## IP Intelligence Briefing: 142.44.228.75/32
Classification: LOW RISK WITH CONTEXTUAL CONCERNS
Analysis Date: Current
IP Address: 142.44.228.75
---
Executive Summary
IP 142.44.228.75 presents as a legitimate cloud infrastructure endpoint with a Low Risk score (35). However, it resides within a high-abuse density subnet (142.44.228.0/24), which contains 148 identified threat siblings among 254 total IPs. The IP is associated with Ahrefs through DNS records but hosted on OVH infrastructure.
---
Ownership and Infrastructure
- Organization: Dmytro, Ahrefs Pte Ltd
- ASN: 16276 (OVH)
- Network: OVH-CUST-281059695
- Infrastructure Type: CloudCompute / Hosting
- Registration: RIR ARIN, RIPE registry delegated
The IP resolves to hostname `proxy-ca016-san75.ahrefs.net`, indicating association with Ahrefs.net infrastructure. Control plane analysis confirms valid RPKI validation and stable BGP routing.
---
Geolocation Assessment
- Country: Canada (CA)
- Region: Quebec (QC)
- City: Singapore (notable discrepancy detected)
- Geographic Consensus: Mixed sources (CA country code vs Singapore city)
- Accuracy Radius: 3000km
The geographic inconsistency warrants monitoring but does not indicate active compromise.
---
Threat Indicators
- Risk Score: 35 (Low Risk)
- Abuse Confidence Score: Not applicable
- Blacklist Status: 0 blacklists (DNSBL: 2/8 lists)
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Campaigns: None detected
- Known Threat Feeds: Empty
Current threat indicators are absent. The IP is not flagged as actively malicious.
---
Neighborhood Context
The /24 subnet (142.44.228.0/24) exhibits elevated abuse characteristics:
- Abuse Density: 0.5827 (High Abuse classification)
- Threat Siblings: 148 of 254 IPs flagged as threats
- Active Siblings: 176 IPs currently observed
- Inherited Risk: 23 (derived from subnet context)
Neighboring IPs show risk distribution: 81 medium risk, 19 low risk, 0 high risk.
---
Services and DNS
- Open Ports: None detected
- TLS Certificate: None
- HTTP Banner: None
- Service Purpose: Firewalled / No Services
- Forward Resolution: proxy-ca016-san75.ahrefs.net
- DNS Records: CAA present, IRR match, DNSSEC valid
No active services detected on the endpoint, indicating firewall protection or inactive state.
---
Historical Observation
28 observations tracked over the monitoring period. Recent signals include:
- Professional operator routing score (0.9)
- Consistent DNS resolution to ahrefs.net
- Stable ownership and geolocation signals
- No persistent malicious activity detected
---
Recommended Actions
Immediate:
- No blocking required; risk score supports continued connectivity
- Monitor for service activation
Long-term:
- Implement egress filtering if outbound traffic is observed
- Monitor subnet context for correlated abuse campaigns
- Review DNSBL listings (2/8 lists) for policy considerations
Firewall Rules:
- Allow inbound if legitimate Ahrefs services expected
- Monitor for port scan activity
- Consider subnet-level monitoring given high-abuse classification
---
Analyst Notes: This IP represents legitimate Ahrefs infrastructure operating in a shared OVH hosting environment. The low individual risk score combined with the high-abuse subnet context suggests infrastructure sharing rather than active compromise. Continue monitoring for service activation or behavioral anomalies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san75.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san75.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 32% | 4 | 5 |
| services | 12% | 2 | 2 |
| ownership | 26% | 3 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 25% | 14 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | High (80%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:08:27 UTC |
| Last Seen | 2026-06-28 17:00:14 UTC |
| Profile Built | 2026-06-29 05:05:16 UTC |
| Data Freshness | Live |
| Signal Types | 28 |
| Total Observations | 32 |
Full dossier details are available via our API.