142.44.228.88
# IP INTELLIGENCE BRIEFING: 142.44.228.88/32
Date: June 14, 2026
Classification: MODERATE RISK
Relevant Data Sources: IPDebrief
---
## EXECUTIVE SUMMARY
IP 142.44.228.88 is a firewalled hosting infrastructure address associated with OVH SAS (ASN 16276) and registered to Ahrefs Pte Ltd. The IP resolves to proxy-ca016-san88.ahrefs.net and operates within a high-abuse-density subnet (142.44.228.0/24). Despite no current active threat indicators, the subnet's abuse density of 0.6055 with 155 threat siblings out of 188 active IPs warrants defensive monitoring.
---
## OWNERSHIP AND INFRASTRUCTURE
- ASN: 16276 (OVH SAS)
- Network: OVH-CUST-281059695
- Organization: Dmytro, Ahrefs Pte Ltd
- RIR: ARIN
- Infrastructure Type: Cloud hosting (OVH)
- Service Purpose: Firewalled / No Services Detected
The IP is configured with no open ports and no active HTTP/TLS services. DNS PTR record resolves to proxy-ca016-san88.ahrefs.net, consistent with Ahrefs SEO tooling infrastructure.
---
## GEOLOCATION ANALYSIS
- Claimed Location: Canada (QC)
- Inferred Location: Singapore (5598 km distance)
- Geolocation Confidence: Inconsistent (geoPlausible: false)
- RTT Violation: 27ms average RTT violates minimum possible 112ms for claimed 5598km distance
Significant geolocation data conflicts detected. The RTT violation suggests either false location claims or measurement anomalies. Additional validation recommended.
---
## THREAT INDICATORS
- Risk Score: 40 (Moderate)
- Abuse Confidence: Not elevated
- Blacklist Status: 0 blacklists
- Known Campaigns: None
- Tor Exit/Proxy: No
- Current Threat Feeds: Empty
No active threat indicators detected. However, the IP benefits from inherited risk scoring within its subnet context.
---
## SUBNET CONTEXT (142.44.228.0/24)
- Classification: HIGH ABUSE
- Abuse Density: 0.6055
- Total Siblings: 256
- Active Siblings: 188
- Threat Siblings: 155
- Inherited Risk: 24
The subnet exhibits elevated abuse density with 155 threat IPs among 188 active siblings. Risk distribution: 0 high-risk, 81 medium-risk, 19 low-risk neighbors. This context suggests the subnet hosts a mix of legitimate and potentially compromised infrastructure.
---
## OBSERVATION HISTORY
22 observations recorded through June 14, 2026:
- DNS Signals: Consistent resolution to ahrefs.net with CAA records present
- Geolocation Signals: Mixed data sources showing Canada and Singapore locations
- RTT Measurements: Persistent violations indicating geolocation discrepancies
- ASN Signals: OVH SAS identification from Alienvault-OTX
The IP demonstrates temporal stability with no ownership changes and no persistent malicious behavior observed.
---
## RECOMMENDED ACTIONS
For SOC Analysts:
1. Monitor Contextually: Treat this IP within the context of its high-abuse subnet. Correlate with other traffic from 142.44.228.0/24.
2. Allow with Logging: Permissive rules acceptable if logging enabled. No immediate blocking required.
3. Monitor for Service Changes: The IP is currently firewalled with no services. Any service launches warrant investigation.
4. Geolocation Validation: The RTT violations suggest spoofed location data. Verify actual traffic origin independently.
5. Subnet-Level Analysis: Consider broader subnet analysis given 155 threat siblings in the same /24.
Recommended Firewall Rules:
```
# Allow with logging (if defensive monitoring enabled)
iptables -A INPUT -s 142.44.228.88/32 -j LOG --log-prefix "OVH-142.44.228.88: "
iptables -A INPUT -s 142.44.228.88/32 -j ACCEPT
# Block subnet-wide if risk escalation required
# iptables -A INPUT -s 142.44.228.0/24 -j DROP
```
---
## INTELLIGENCE NOTE
While 142.44.228.88 shows no current malicious activity, the subnet's high abuse density and significant number of threat siblings suggest this infrastructure may host or be associated with malicious actors. The geolocation inconsistencies warrant independent verification before allowing inbound connections. SOC teams should maintain awareness of subnet-level risk when evaluating traffic from this IP range.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san88.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san88.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 16:13:58 UTC |
| Last Seen | 2026-06-27 17:45:12 UTC |
| Profile Built | 2026-06-28 11:50:44 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.