142.44.220.192
## IP Intelligence Briefing: 142.44.220.192/32
Classification: Moderate Risk Cloud Infrastructure
Date: June 2026
Analyst: IPDebrief Intelligence Team
---
Executive Summary
IP address 142.44.220.192 is a cloud infrastructure endpoint operated by Dmytro, Ahrefs Pte Ltd via OVH hosting provider (ASN 16276). The IP demonstrates moderate risk characteristics (Risk Score: 40) with concerning subnet-level abuse patterns. Geolocation validation reveals significant inconsistencies requiring investigation. No active threat indicators were observed, but the high-abuse subnet classification warrants enhanced monitoring.
---
Network Attribution
- Organization: Dmytro, Ahrefs Pte Ltd
- Provider: OVH (ASN 16276)
- CIDR Block: 142.44.220.0/24
- Infrastructure Type: Cloud Compute / Hosting
- Network Classification: Cloud, Hosting-enabled
---
Geolocation Analysis
Critical Finding: Geolocation data shows implausible inconsistencies requiring validation.
- Claimed Location: Singapore (QC region)
- Reported Country Code: CA (Canada)
- Distance Violation: RTT measurements indicate 5,597.9km distance with 27ms latency, violating minimum physics (112ms minimum possible RTT for this distance)
- Validation Status: GEO_VALIDATION_FAILED
- Probe Count: 5 probes across 27 historical observations
This discrepancy suggests either misconfigured reporting or potential spoofing activity.
---
Subnet Risk Profile
The /24 subnet (142.44.220.0/24) demonstrates elevated abuse characteristics:
- Abuse Density: 69.53% (High Abuse Classification)
- Active Siblings: 175 of 256 IPs operational
- Threat Siblings: 178 IPs flagged
- Inherited Risk Score: 27
- Neighbor Risk Distribution: 99 medium-risk, 1 low-risk, 0 high-risk
The subnet's high abuse density correlates with the target IP's moderate risk score (40), indicating potential network-level compromise patterns.
---
Threat Indicators
- Blacklist Status: Listed on 1 of 8 DNSBL lists
- Known Campaigns: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Threat Indicators: None observed
- Campaign Likelihood: None
---
Service Exposure
- Open Ports: None detected
- DNS PTR: proxy-ca006-san192.ahrefs.net
- Forward Resolution: Confirmed to ahrefs.net
- Service Status: Firewall / No Services accessible
- SSL/TLS: No certificates observed
---
Historical Activity
Observation Count: 27 signals recorded
- Recent Activity: June 17-18, 2026
- Routing Signals: Consistent OVH cloud hosting classification
- Ownership Stability: No ownership changes detected
- Threat Persistence: Single observation, not persistently malicious
---
Recommended Actions
Immediate:
1. Monitor traffic patterns from 142.44.220.192
2. Validate geolocation claims through alternative sources
3. Review DNSBL listing for specific blacklist details
Firewall Recommendations:
```bash
# iptables
iptables -A INPUT -s 142.44.220.192 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.220.192 drop
```
Note: Blocking recommendations are probabilistic. Given the moderate risk score (40) and lack of active threat indicators, consider allowing traffic while maintaining enhanced logging and monitoring.
---
Intelligence Assessment
This IP represents a moderate-risk cloud infrastructure endpoint in an elevated-risk subnet. The geolocation validation failure and high subnet abuse density suggest this may be part of a compromised hosting environment. The absence of direct threat indicators and lack of open services reduces immediate threat likelihood. Recommend maintaining enhanced monitoring without immediate blocking unless additional threat intelligence confirms malicious activity from this subnet.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059685 |
| CIDR Block | 142.44.220.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca006-san192.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca006-san192.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 27% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:42 UTC |
| Last Seen | 2026-06-26 22:44:41 UTC |
| Profile Built | 2026-06-27 18:59:01 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 28 |
Full dossier details are available via our API.