142.44.228.99

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 142.44.228.99/32

Classification: Cloud Hosting Infrastructure (OVH) | Risk Level: LOW (Score: 35) | Status: Monitor

---

## Executive Summary

IP 142.44.228.99 is a cloud-compute hosting IP assigned to OVH (ASN: 16276) for Ahrefs Pte Ltd. The IP operates within a high-abuse density subnet (142.44.228.0/24) with significant contextual risk. While the IP itself shows no active threat indicators, the neighborhood environment warrants awareness due to elevated abuse concentration.

---

## Network Profile

Attribute	Value
Organization	Dmytro, Ahrefs Pte Ltd
ASN	16276 (OVH)
CIDR Block	142.44.228.0/24
Infrastructure Type	CloudCompute / Hosting
Risk Score	35 (Low Risk)
Open Ports/Services	None detected
Forward Resolution	proxy-ca016-san99.ahrefs.net

---

## Critical Anomalies

Geolocation Inconsistencies

The IP exhibits significant geolocation validation failures:

Claimed Location: Canada (CA)
Actual Coordinates: Singapore (5598 km distance)
RTT Violation: Observed 26ms vs. minimum possible 112ms for claimed distance
Violation Type: RTT below minimum possible for claimed geographic distance
Conclusion: Geolocation data is unreliable; IP location is spoofed

DNSBL Presence

Total DNSBL Lists Checked: 8
Listed Count: 1
Implication: Single blacklist entry detected; requires verification

---

## Neighborhood Risk Assessment

Subnet: 142.44.228.0/24

Abuse Density: 0.7422 (High)
Classification: HIGH_ABUSE
Active Siblings: 227 / 256
Threat Siblings: 190 (73% of active siblings)
Risk Distribution: 0 High, 26 Medium, 74 Low

Assessment: The subnet demonstrates concentrated abuse activity with 190 threat-sibling IPs. This contextual risk elevates monitoring requirements despite the target IP's low individual risk score.

---

## Observation History

Total Observations: 29 signals tracked

Recent Classification: Changed from "mixed" to "high_abuse"
Abuse Density Trend: Varied from 0.4023 to 0.7422
Threat Persistence: 1 threat observation; not persistently malicious
Ownership Changes: 0 (stable assignment)

---

## Relationship Graph

Relationship Count: 50
Primary Target: OVH-CUST-281059695 (Same Network)
External Entities: None detected (no linked organizations, hostnames, or certificates beyond network)

---

## Recommended Actions

Priority	Action	Rationale
HIGH	Add to monitoring watchlist	High-abuse subnet context requires proactive surveillance
MEDIUM	Verify DNSBL entries	Single blacklist listing requires validation against threat feeds
LOW	Block if outbound connections detected	Hosted domain (ahrefs.net) with no inbound services; block only if outbound activity observed
LOW	No firewall rules required	No open ports or active services detected

---

## Intelligence Conclusion

IP 142.44.228.99 is not currently acting as an active threat vector. However, the high-abuse subnet environment (73% of active siblings are threats) and geolocation spoofing indicators suggest this infrastructure may be used for hosting legitimate services that could be leveraged for malicious purposes by third parties. SOC teams should monitor for outbound connections from this subnet and correlate with known Ahrefs service patterns. The geolocation inconsistency indicates potential abuse of cloud hosting for attribution evasion.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	QC
City	Singapore
Timezone	—
Latitude	45.51
Longitude	-73.59

🏢 Ownership & Registration

Organization	Dmytro, Ahrefs Pte Ltd
ASN	AS16276
Network Name	OVH-CUST-281059695
CIDR Block	142.44.228.0/24
RIR	ARIN
Country	Singapore
Abuse Contact	—

🌐 DNS Intelligence

PTR	proxy-ca016-san99.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-ca016-san99.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	30%	3	4
services	12%	2	2
ownership	30%	3	3
reputation	31%	1	3
geolocation	33%	2	3
Overall	27%	13	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-24 00:31:09 UTC
Last Seen	2026-06-28 23:11:01 UTC
Profile Built	2026-06-29 05:13:12 UTC
Data Freshness	Live
Signal Types	27
Total Observations	30

🔍 27 signal types · 30 observations collected

This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

142.44.228.99📋 Copy