142.44.228.223

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 142.44.228.223

Classification: Moderate Risk

Date: 2026-06-19

Prepared For: SOC Operations Team

---

## EXECUTIVE SUMMARY

IP address 142.44.228.223 is hosted on OVH Cloud infrastructure (ASN 16276) within the 142.44.228.0/24 subnet. The IP resolves to ahosts domain (ahrefs.net) and is classified as high_abuse with moderate overall risk. Notable geolocation inconsistencies between country code (CA) and city (Singapore) warrant investigation.

---

## INFRASTRUCTURE PROFILE

Attribute	Value
IP Address	142.44.228.223/32
Risk Score	40/100 (Moderate Risk)
ASN	16276 (OVH)
Organization	Dmytro, Ahrefs Pte Ltd
Network	OVH-CUST-281059695
Infrastructure Type	CloudCompute / Hosting
DNS Record	proxy-ca016-san223.ahrefs.net
Open Ports	None detected

---

## THREAT INDICATORS

Active Threat Signals

DNSBL Listings: 1 of 8 lists (max severity: high)
Abuse Confidence: Present but not quantified
Known Attacker: Not flagged
Tor Exit Node: No
Spam Source: No

Red Flags

1. Geolocation Inconsistency: Country code shows CA (Canada) while city reports Singapore

2. High-Abuse Subnet: 142.44.228.0/24 classified as high_abuse

3. Subnet Statistics: 256 total siblings, 210 active, 171 threat-siblings

---

## NEIGHBORHOOD ANALYSIS

Metric	Value
Subnet	142.44.228.0/24
Abuse Density	0.668 (High)
Risk Classification	high_abuse
Inherited Risk	26/100
Active Siblings	210 of 256
Threat Siblings	171

Risk distribution across subnet: 0 high-risk, 60 medium-risk, 40 low-risk neighbors.

---

## OBSERVATION HISTORY

Recent activity shows consistent high-abuse classification with abuse density at 0.668 (2026-06-19 22:20 UTC). DNS and CAA records present (ahrefs.net domain). Operator score rated "Minimal" at 0.2174. Single threat observation recorded.

---

## RELATIONSHIP MAPPING

59 relationships identified, primarily Same Network associations to OVH-CUST-281059695. No correlated campaign activity detected.

---

## RECOMMENDATIONS

1. Block at Egress/Ingress: Consider blocking 142.44.228.0/24 subnet due to high-abuse classification

2. Monitor: Track for DNSBL listing changes and emerging threat indicators

3. Investigate: Geolocation discrepancy between CA and Singapore warrants manual verification

4. Allowlist Evaluation: Legitimate use case possible (ahrefs.net proxy) — assess against business requirements

---

Status: Monitor / Evaluate for Block

Confidence: Moderate

Next Review: 30 days or upon threat indicator escalation

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Singapore
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059695
CIDR Block	142.44.228.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca016-san223.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca016-san223.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	13%	1	1
services	24%	2	3
ownership	15%	2	2
reputation	28%	1	3
geolocation	25%	2	2
Overall	23%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-14 07:13:09 UTC
Last Seen	2026-06-28 00:18:58 UTC
Profile Built	2026-06-28 18:23:06 UTC
Data Freshness	Live
Signal Types	20
Total Observations	25

🔍 20 signal types · 25 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

142.44.228.223📋 Copy