IPDebrief

142.44.233.128

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 142.44.233.128/32

Date: 2026-06-20

Classification: MODERATE RISK

Risk Score: 40/100

---

## EXECUTIVE SUMMARY

IP 142.44.233.128 is a cloud hosting endpoint associated with OVH (ASN 16276) infrastructure, provisioned for Ahrefs Pte Ltd. The IP resolves to hostname proxy-ca003-san128.ahrefs.net and is part of a high-abuse-density subnet (142.44.233.0/24) with 186 threat-identified siblings. Despite legitimate DNS associations with Ahrefs, the subnet's abuse profile warrants defensive monitoring.

---

## INFRASTRUCTURE PROFILE

AttributeValue
**Organization**OVH-CUST-281059682 (Ahrefs Pte Ltd)
**ASN**16276
**CIDR Block**142.44.233.0/24
**Infrastructure Type**CloudCompute
**Hosting Provider**OVH
**Geolocation**CA (reported), Singapore (reported)
**DNS Target**proxy-ca003-san128.ahrefs.net
**Status**Firewalled / No Services Detected

---

## THREAT ASSESSMENT

Risk Level: Moderate (40/100)

Abuse Confidence: Not quantified

Blacklist Status: 0 direct blacklists, 1 DNSBL listing (of 8 total)

Key Findings:

Network Context: The parent subnet (142.44.233.0/24) exhibits high abuse density (0.7266) with 198 active siblings, 186 classified as threats. This contextual risk elevates the IP's threat posture despite clean individual indicators.

---

## OBSERVATION HISTORY

Total Observations: 17 signals

Threat Persistence: 0 days

Ownership Changes: 0

Recent activity confirms consistent cloud infrastructure classification across all observations. No evolution toward malicious behavior detected. The subnet abuse classification has remained stable since 2026-06-15.

---

## RELATED ENTITIES

Network Associations:

DNS Associations:

Control Plane:

---

## RECOMMENDED ACTIONS

Based on risk score 40, defensive blocking is recommended for network perimeters:

Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 142.44.233.128 -j DROP

# nftables

nft add rule inet filter input ip saddr 142.44.233.128 drop

# pfSense

142.44.233.128/32

# Cloudflare WAF

Block 142.44.233.128 โ€” IPDebrief risk score 40

```

Note: These rules are probabilistic. Correlate with internal threat signals before deployment. The subnet's high abuse density suggests broader blocking may be warranted if traffic patterns indicate malicious activity.

---

## ANALYST NOTES

This IP represents legitimate Ahrefs infrastructure operating within a high-risk subnet. The discrepancy between geolocation data (Canada vs Singapore) may indicate CDN or proxy routing anomalies. Monitor for outbound connection patterns that deviate from expected Ahrefs service behavior. Given the subnet's abuse density, consider implementing egress filtering for the entire /24 block.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡จ๐Ÿ‡ฆ Canada
RegionQC
CitySingapore
Timezoneโ€”
Latitude45.51
Longitude-73.59

๐Ÿข Ownership & Registration

OrganizationDmytro, Ahrefs Pte Ltd
ASNAS16276
Network NameOVH-CUST-281059682
CIDR Block142.44.233.0/24
RIRARIN
CountrySingapore
Abuse Contactโ€”

๐ŸŒ DNS Intelligence

PTRproxy-ca003-san128.ahrefs.net
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesproxy-ca003-san128.ahrefs.net

๐Ÿ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAAPresent

โ˜๏ธ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting โ€” Infrastructure provider without advanced routing
CloudHosting

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
33%
23
routing
8%
11
services
8%
11
ownership
19%
22
reputation
31%
13
geolocation
19%
22
Overall20%912
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-25 06:41:06 UTC
Last Seen2026-06-29 01:11:01 UTC
Profile Built2026-06-29 07:14:43 UTC
Data FreshnessLive
Signal Types17
Total Observations19
๐Ÿ” 17 signal types ยท 19 observations collected
This report is generated from 17+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.