142.44.228.9

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 142.44.228.9

## Executive Summary

IP 142.44.228.9 presents a moderate-risk profile (Risk Score: 40/100) associated with OVH cloud infrastructure. The address belongs to the ahrefs.net network and operates as a firewalled cloud compute endpoint. While the IP itself shows no active threat indicators, the /24 subnet demonstrates high-abuse characteristics with 157 threat siblings among 194 active addresses.

## Infrastructure Profile

Ownership & Network: ASN 16276, organization Dmytro Ahrefs Pte Ltd. CIDR block 142.44.228.0/24 registered under OVH-CUST-281059695.

Geolocation: Reports indicate Canadian country code (CA) with Singapore city designation, suggesting potential geolocation discrepancies in routing data. 3,000km accuracy radius reported.

Infrastructure Type: Cloud compute infrastructure hosted on OVH platform. No CDN, proxy, VPN, or Tor exit node indicators.

DNS Resolution: PTR hostname proxy-ca016-san9.ahrefs.net. Forward resolution confirmed with single hostname mapping. No SPF or DMARC email authentication records detected.

Services: No open ports detected; endpoint classified as firewalled with no active services.

## Risk Assessment

Risk Score: 40/100 (Moderate Risk)

Threat Indicators:

1 DNSBL listing among 8 total blacklist checks
No Tor exit node, known attacker, or spam source indicators
No active threat campaigns or associated malware signatures
Provider score and authority scores at 0

Network Role: Cloud compute infrastructure with firewalled/no services designation. Operator score: 0.4783 (Basic level).

## Neighborhood Context

Subnet: 142.44.228.0/24

Abuse Density: 0.6133 (high_abuse classification)

Neighborhood Statistics:

Total siblings: 256
Active siblings: 194
Threat siblings: 157
Inherited risk: 24

Risk Distribution in /24: 0 high-risk, 81 medium-risk, 19 low-risk addresses. Sample of 100 neighboring IPs shows consistent risk scores between 40-50.

## Temporal Analysis

Observation History: 22 historical observations collected. Recent activity (June 2026) shows consistent cloud infrastructure classification. No ownership changes detected. Threat persistence days: 0. Not classified as persistently malicious.

## Relationship Graph

Multiple relationships to OVH-CUST-281059695 network
DNS associations to proxy-ca016-san9.ahrefs.net (11 relationship entries)

## Recommended Actions

Monitoring & Mitigation:

1. Apply moderate-risk filtering policies for 142.44.228.0/24 subnet due to high neighborhood abuse density (0.6133)

2. Monitor for lateral movement from related IPs within the /24 block (157 threat siblings identified)

3. Consider blocking or rate-limiting traffic from this subnet if enterprise environment shows exposure

4. No immediate takedown required; threat indicators not currently active at endpoint level

Firewall Rules: Implement allow-listing only if legitimate ahrefs.net business use is confirmed. Default recommendation: Monitor and log all traffic, apply rate limiting.

Priority: Low-Medium. Address requires monitoring due to neighborhood context despite clean individual profile.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Singapore
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059695
CIDR Block	142.44.228.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca016-san9.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca016-san9.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	45%	2	3
routing	20%	2	3
services	15%	2	2
ownership	22%	3	3
reputation	22%	1	2
geolocation	25%	2	2
Overall	25%	12	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-20 05:43:34 UTC
Last Seen	2026-06-28 10:47:05 UTC
Profile Built	2026-06-29 04:53:20 UTC
Data Freshness	Live
Signal Types	23
Total Observations	27

🔍 23 signal types · 27 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

142.44.228.9📋 Copy