142.44.228.139

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

IP Address: 142.44.228.139/32

Date: 2026-06-29

Classification: MODERATE RISK

## EXECUTIVE SUMMARY

The target IP 142.44.228.139 is a cloud-based infrastructure host operated by OVH Canada within the 142.44.228.0/24 subnet. The IP resolves to a DNS hostname associated with Ahrefs (proxy-ca016-san139.ahrefs.net) but presents a moderate risk profile (Score: 40) with notable geolocation inconsistencies. The subnet exhibits high abuse density (0.66), with 169 of 205 active sibling IPs flagged as threats.

## INFRASTRUCTURE PROFILE

Organization: Dmytro, Ahrefs Pte Ltd
ASN: 16276 (OVH)
Network Block: 142.44.228.0/24
Infrastructure Type: CloudCompute / Hosting
Service Status: Firewalled / No Services Detected
Geolocation Claimed: Canada, QC, Beauharnois (45.5075°N, -73.5887°W)

## RISK ASSESSMENT

Overall Risk Score: 40/100 (Moderate Risk)

Metric	Value	Assessment
Provider Score	0	Minimal provider risk
Authority Score	0	Low authority
DNSBL Listed	1/8 lists	Partially blacklisted
Abusive Siblings	169/205	82.4% threat rate in subnet
RTT Validation	FAILED	Geolocation implausible

## CRITICAL OBSERVATIONS

Geolocation Anomaly

Geolocation validation failed with significant RTT violation:

Claimed distance: 5,598 km from probe origin
Minimum possible RTT: 112ms
Observed RTT: 29ms
Implication: IP likely misreported or located in different region; distance discrepancy exceeds 5,500 km

Subnet Threat Context

The /24 subnet (142.44.228.0/24) shows elevated abuse patterns:

Abuse Density: 0.66 (High)
Threat Classification: high_abuse
169 threat siblings detected out of 205 active IPs
Risk inheritance score: 26

DNS Infrastructure

Forwarded hostname: proxy-ca016-san139.ahrefs.net
Domain: ahrefs.net
No forward confirmation (0.0.0.0)
DNSSEC: Valid
CAA Records: Present

## THREAT INDICATORS

Tor Exit Node: No
Known Attacker: No
Spam Source: No
Campaign Correlation: None detected
Blacklist Count: 0 (primary lists)

## RECOMMENDED ACTIONS

Firewall Rules (Immediate)

```bash

# iptables

iptables -A INPUT -s 142.44.228.139 -j DROP

# nftables

nft add rule inet filter input ip saddr 142.44.228.139 drop

# nginx

deny 142.44.228.139;

```

WAF Configuration

Cloudflare WAF: Block IP with expression `ip.src eq 142.44.228.139`
AWS WAF: Add address 142.44.228.139/32 to rule set

## OBSERVATION HISTORY

Twenty signal observations recorded between June 16-29, 2026:

June 29: DNS resolution for ahrefs.net (confidence: 0.80)
June 21: Operator score 0.2174 (Minimal), network classification confirmed
June 16: Geolocation probe with RTT validation failure

## ANALYST NOTES

1. Despite resolving to Ahrefs domain, the geolocation discrepancy (5,500+ km RTT violation) suggests potential spoofing or misconfiguration

2. High subnet abuse density warrants monitoring of related IPs in 142.44.228.0/24

3. No active services detected; IP appears to be a backend/proxy endpoint

4. Risk score of 40 indicates moderate concern—block if receiving unwanted traffic from this IP

---

*Intel generated from IPDebrief analysis. Combine with additional threat signals before taking action.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Beauharnois
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059695
CIDR Block	142.44.228.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca016-san139.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca016-san139.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	35%	2	3
routing	8%	1	1
services	8%	1	1
ownership	19%	2	2
reputation	28%	1	3
geolocation	27%	2	3
Overall	21%	9	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-26 06:50:06 UTC
Last Seen	2026-06-29 02:41:02 UTC
Profile Built	2026-06-29 02:43:09 UTC
Data Freshness	Live
Signal Types	19
Total Observations	19

🔍 19 signal types · 19 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

142.44.228.139📋 Copy