142.44.233.128
# IP INTELLIGENCE BRIEFING
Target: 142.44.233.128/32
Date: 2026-06-20
Classification: MODERATE RISK
Risk Score: 40/100
---
## EXECUTIVE SUMMARY
IP 142.44.233.128 is a cloud hosting endpoint associated with OVH (ASN 16276) infrastructure, provisioned for Ahrefs Pte Ltd. The IP resolves to hostname proxy-ca003-san128.ahrefs.net and is part of a high-abuse-density subnet (142.44.233.0/24) with 186 threat-identified siblings. Despite legitimate DNS associations with Ahrefs, the subnet's abuse profile warrants defensive monitoring.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Organization** | OVH-CUST-281059682 (Ahrefs Pte Ltd) |
| **ASN** | 16276 |
| **CIDR Block** | 142.44.233.0/24 |
| **Infrastructure Type** | CloudCompute |
| **Hosting Provider** | OVH |
| **Geolocation** | CA (reported), Singapore (reported) |
| **DNS Target** | proxy-ca003-san128.ahrefs.net |
| **Status** | Firewalled / No Services Detected |
---
## THREAT ASSESSMENT
Risk Level: Moderate (40/100)
Abuse Confidence: Not quantified
Blacklist Status: 0 direct blacklists, 1 DNSBL listing (of 8 total)
Key Findings:
- No known attacker indicators
- Not a Tor exit node
- Not identified as spam source
- No active threat campaigns detected
- DNSSEC valid; CAA records present
Network Context: The parent subnet (142.44.233.0/24) exhibits high abuse density (0.7266) with 198 active siblings, 186 classified as threats. This contextual risk elevates the IP's threat posture despite clean individual indicators.
---
## OBSERVATION HISTORY
Total Observations: 17 signals
Threat Persistence: 0 days
Ownership Changes: 0
Recent activity confirms consistent cloud infrastructure classification across all observations. No evolution toward malicious behavior detected. The subnet abuse classification has remained stable since 2026-06-15.
---
## RELATED ENTITIES
Network Associations:
- OVH-CUST-281059682 (primary customer block)
DNS Associations:
- proxy-ca003-san128.ahrefs.net (19 related hostname records)
Control Plane:
- BGP Prefix: 142.44.128.0/17
- Route Stability: False
- RPKI State: Not assessed
---
## RECOMMENDED ACTIONS
Based on risk score 40, defensive blocking is recommended for network perimeters:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 142.44.233.128 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.233.128 drop
# pfSense
142.44.233.128/32
# Cloudflare WAF
Block 142.44.233.128 โ IPDebrief risk score 40
```
Note: These rules are probabilistic. Correlate with internal threat signals before deployment. The subnet's high abuse density suggests broader blocking may be warranted if traffic patterns indicate malicious activity.
---
## ANALYST NOTES
This IP represents legitimate Ahrefs infrastructure operating within a high-risk subnet. The discrepancy between geolocation data (Canada vs Singapore) may indicate CDN or proxy routing anomalies. Monitor for outbound connection patterns that deviate from expected Ahrefs service behavior. Given the subnet's abuse density, consider implementing egress filtering for the entire /24 block.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059682 |
| CIDR Block | 142.44.233.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca003-san128.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca003-san128.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 31% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 06:41:06 UTC |
| Last Seen | 2026-06-29 01:11:01 UTC |
| Profile Built | 2026-06-29 07:14:43 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 19 |
Full dossier details are available via our API.