# IP Intelligence Briefing: 142.44.228.99/32
Classification: Cloud Hosting Infrastructure (OVH) | Risk Level: LOW (Score: 35) | Status: Monitor
---
## Executive Summary
IP 142.44.228.99 is a cloud-compute hosting IP assigned to OVH (ASN: 16276) for Ahrefs Pte Ltd. The IP operates within a high-abuse density subnet (142.44.228.0/24) with significant contextual risk. While the IP itself shows no active threat indicators, the neighborhood environment warrants awareness due to elevated abuse concentration.
---
## Network Profile
| Attribute | Value |
|---|---|
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **ASN** | 16276 (OVH) |
| **CIDR Block** | 142.44.228.0/24 |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Risk Score** | 35 (Low Risk) |
| **Open Ports/Services** | None detected |
| **Forward Resolution** | proxy-ca016-san99.ahrefs.net |
---
## Critical Anomalies
Geolocation Inconsistencies
The IP exhibits significant geolocation validation failures:
- Claimed Location: Canada (CA)
- Actual Coordinates: Singapore (5598 km distance)
- RTT Violation: Observed 26ms vs. minimum possible 112ms for claimed distance
- Violation Type: RTT below minimum possible for claimed geographic distance
- Conclusion: Geolocation data is unreliable; IP location is spoofed
DNSBL Presence
- Total DNSBL Lists Checked: 8
- Listed Count: 1
- Implication: Single blacklist entry detected; requires verification
---
## Neighborhood Risk Assessment
Subnet: 142.44.228.0/24
- Abuse Density: 0.7422 (High)
- Classification: HIGH_ABUSE
- Active Siblings: 227 / 256
- Threat Siblings: 190 (73% of active siblings)
- Risk Distribution: 0 High, 26 Medium, 74 Low
Assessment: The subnet demonstrates concentrated abuse activity with 190 threat-sibling IPs. This contextual risk elevates monitoring requirements despite the target IP's low individual risk score.
---
## Observation History
Total Observations: 29 signals tracked
- Recent Classification: Changed from "mixed" to "high_abuse"
- Abuse Density Trend: Varied from 0.4023 to 0.7422
- Threat Persistence: 1 threat observation; not persistently malicious
- Ownership Changes: 0 (stable assignment)
---
## Relationship Graph
- Relationship Count: 50
- Primary Target: OVH-CUST-281059695 (Same Network)
- External Entities: None detected (no linked organizations, hostnames, or certificates beyond network)
---
## Recommended Actions
| Priority | Action | Rationale |
|---|---|---|
| **HIGH** | Add to monitoring watchlist | High-abuse subnet context requires proactive surveillance |
| **MEDIUM** | Verify DNSBL entries | Single blacklist listing requires validation against threat feeds |
| **LOW** | Block if outbound connections detected | Hosted domain (ahrefs.net) with no inbound services; block only if outbound activity observed |
| **LOW** | No firewall rules required | No open ports or active services detected |
---
## Intelligence Conclusion
IP 142.44.228.99 is not currently acting as an active threat vector. However, the high-abuse subnet environment (73% of active siblings are threats) and geolocation spoofing indicators suggest this infrastructure may be used for hosting legitimate services that could be leveraged for malicious purposes by third parties. SOC teams should monitor for outbound connections from this subnet and correlate with known Ahrefs service patterns. The geolocation inconsistency indicates potential abuse of cloud hosting for attribution evasion.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059695 |
| CIDR Block | 142.44.228.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca016-san99.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca016-san99.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 30% | 3 | 4 |
| services | 12% | 2 | 2 |
| ownership | 30% | 3 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 13 | 19 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 00:31:09 UTC |
| Last Seen | 2026-06-28 23:11:01 UTC |
| Profile Built | 2026-06-29 05:13:12 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 30 |
Full dossier details are available via our API.