# IP INTELLIGENCE BRIEFING
Target IP: 142.44.228.160/32
Classification: Moderate Risk (Score: 40)
Report Date: 2026-06-18
---
## EXECUTIVE SUMMARY
IP 142.44.228.160 is assigned to OVH SAS (ASN 16276) under network client "OVH-CUST-281059695." The IP resolves to a hostname associated with ahrefs.net and is classified as cloud infrastructure hosting. Risk assessment indicates moderate concern due to high-abuse neighborhood density (0.6875) and geolocation inconsistencies. No active malicious indicators were observed.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | OVH SAS |
| Client Name | Dmytro, Ahrefs Pte Ltd |
| CIDR Block | 142.44.228.0/24 |
| Infrastructure Type | CloudCompute |
| Hosting Provider | OVH |
| Geolocation (Conflicting) | CA/Singapore |
---
## THREAT ASSESSMENT
Risk Score: 40/100 (Moderate)
Threat Indicators:
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 lists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Campaigns: None
Network Classification:
- Is Cloud: Yes
- Is Hosting: Yes
- Is CDN: No
- Is VPN/Proxy: No
- Service Status: Firewalled / No Services Detected
---
## GEOLOCATION ANALYSIS
Critical Finding: Significant geolocation validation failure detected.
- Claimed Location: QC, Canada (via Alienvault-OTX)
- Alternative Location: Singapore
- RTT Discrepancy: 27ms observed vs. minimum possible 112ms for 5,598km distance
- This indicates geolocation data is unreliable and should not be used for attribution
---
## NEIGHBORHOOD INTELLIGENCE
Subnet: 142.44.228.0/24
- Abuse Density: 0.6875 (High)
- Total Siblings: 256
- Active Siblings: 207
- Threat Siblings: 176
- Risk Distribution: 81 medium, 19 low, 0 high risk
The subnet demonstrates elevated abuse activity with 68.75% abuse density. This IP exists within a high-abuse network segment, warranting heightened monitoring despite individual risk score.
---
## DNS & RESOLUTION
| Field | Value |
|---|---|
| PTR Hostname | proxy-ca016-san160.ahrefs.net |
| Forward Resolution | proxy-ca016-san160.ahrefs.net |
| Forward Confirmed | No |
| SPF Record | None |
| DMARC Record | None |
DNS records indicate association with ahrefs.net domain infrastructure. Forward confirmation failure may indicate misconfiguration or potential DNS tunneling activity.
---
## OBSERVATION HISTORY
Total Observations: 28 signals tracked
Key temporal patterns:
- Recent routing signal (2026-06-18 21:05:38) with operator score 0.4783
- Geolocation signal (2026-06-18 21:05:09) via Alienvault-OTX indicating CA origin
- Traceroute validation (2026-06-18 21:04:53) showing RTT violations
No persistent malicious behavior detected. Threat persistence days: 0.
---
## SECURITY RECOMMENDATIONS
Action: Monitor
Given the moderate risk score and high-abuse neighborhood context, implement the following controls:
```bash
# iptables
iptables -A INPUT -s 142.44.228.160 -j DROP
# nftables
nft add rule inet filter input ip saddr 142.44.228.160 drop
# AWS WAF
Addresses: [142.44.228.160/32]
Description: IPDebrief risk 40
```
Note: These recommendations are probabilistic. Apply additional context from organizational threat intelligence before blocking.
---
## ANALYST NOTES
1. The conflicting geolocation data (Canada vs. Singapore) requires investigation. Correlate with known datacenter locations for OVH ASN 16276.
2. DNS forward confirmation failure and lack of SPF/DMARC records may indicate misconfigured infrastructure or potential proxy usage.
3. The subnet's high abuse density (0.6875) suggests this IP should be monitored even if individual indicators are clean.
4. No active threat indicators were observed, but the moderate risk score combined with neighborhood context warrants continued surveillance.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san160.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san160.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 24% | 2 | 3 |
| ownership | 22% | 3 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 26% | 12 | 19 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:43 UTC |
| Last Seen | 2026-06-26 23:07:29 UTC |
| Profile Built | 2026-06-27 19:20:49 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 34 |
Full dossier details are available via our API.