142.44.228.159
# IP Intelligence Briefing: 142.44.228.159
Date: 2026-06-20
Classification: Moderate Risk - Cloud Hosting Infrastructure
---
## Executive Summary
IP address 142.44.228.159 is a cloud compute resource hosted on OVH infrastructure (ASN 16276, CIDR 142.44.228.0/24). The IP presents moderate risk (score: 40) with a high-abuse-density neighborhood (0.6562). No active threat indicators or open services detected; however, the subnet contains 168 threat siblings out of 205 active endpoints.
---
## Ownership & Infrastructure
Owner: Dmytro, Ahrefs Pte Ltd
Network: OVH-CUST-281059695 (OVH)
Infrastructure Type: Cloud Compute / Hosting
Classification: Firewalled / No Services Detected
The IP resolves to PTR hostname `proxy-ca016-san159.ahrefs.net` with domain `ahrefs.net`. No open ports or active services were detected during analysis.
---
## Geolocation Analysis
Reported Location: Canada (QC) / Singapore
Geolocation Consensus: False (3000km accuracy radius)
Validation Status: GeoPlausible = FALSE
Significant geolocation discrepancy detected. Claimed coordinates place the IP in Canada (45.5075, -73.5887), but observed RTT measurements indicate a minimum possible RTT of 112ms for the claimed distance. Actual observed RTT: 27-39ms, suggesting the IP is geographically proximate to the probing location despite the reported geolocation.
---
## Threat Indicators
Risk Score: 40 (Moderate)
Blacklist Count: 0
DNSBL Listed: 1 of 8 lists
Threat Feeds: None
Known Campaigns: None
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Control Plane: Route stability = FALSE, Operator Score = 0.2174 (Minimal), RPKI State = Not validated
---
## Neighborhood Analysis
Subnet: 142.44.228.159/24
Abuse Density: 0.6562 (High)
Classification: HIGH_ABUSE
Total Siblings: 256
Active Siblings: 205
Threat Siblings: 168
Inherited Risk Score: 26
Risk distribution across subnet: 0 high-risk, 79 medium-risk, 21 low-risk. The subnet demonstrates elevated abuse patterns with 82% of active siblings classified as medium-to-high risk.
---
## Historical Observations
Total Observations: 21
Recent trend analysis shows risk score escalation from 25 (Low Risk) on 2026-06-09 to 40 (Moderate Risk) currently. Geographic validation failures persist across observation periods, with RTT anomalies consistently detected.
---
## Recommended Actions
SOC Analyst Guidance:
1. Monitoring: Implement enhanced logging for outbound traffic patterns to this IP. The high-abuse-density subnet warrants continued observation.
2. Network Segmentation: Review firewall rules for this IP. No active services detected, but the subnet abuse profile suggests potential for compromised hosts.
3. Geolocation Anomaly: Investigate the discrepancy between reported geolocation and observed RTT patterns. May indicate misconfigured DNS or hosting infrastructure.
4. DNSBL Monitoring: 1 DNSBL listing detected; monitor for additional blacklisting events.
5. Subnet-Level Awareness: The 142.44.228.0/24 subnet shows 168 threat siblings. Consider implementing broader subnet-level monitoring rules.
---
Data Sources: IPDebrief Intelligence Platform
Confidence Level: Moderate (60% geolocation confidence, 30% RTT validation)
Last Updated: 2026-06-20 16:03:03 UTC
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san159.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san159.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 09:11:25 UTC |
| Last Seen | 2026-06-28 18:11:39 UTC |
| Profile Built | 2026-06-29 06:15:53 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.