142.44.233.155
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
## IP Intelligence Briefing: 142.44.233.155/32
Date: 2026-06-26
Classification: LOW RISK (Individual) / MODERATE RISK (Neighborhood Context)
Risk Score: 30/100
---
**Ownership & Infrastructure**
- Provider: OVH (ASN 16276)
- Organization: Dmytro, Ahrefs Pte Ltd
- Network: OVH-CUST-281059682
- CIDR: 142.44.233.0/24
- Infrastructure Type: CloudCompute / Hosting
- Registration: RIR: ARIIN, RIPECC delegation age: 9,230 days
**Geolocation Discrepancy Alert**
- Claimed Location: Singapore (via multiple sources)
- Country Code: CA (Canada)
- RTT Violation: 28ms measured vs. 112ms minimum possible for 5,598km distance
- Assessment: Geolocation data is inconsistent; geoPlausible flag set to FALSE. The RTT anomaly indicates either routing anomalies or spoofed location claims.
**Network Services & DNS**
- Open Ports: None detected (Firewalled / No Services)
- PTR Hostname: proxy-ca003-san155.ahrefs.net
- Forward Resolution: proxy-ca003-san155.ahrefs.net (1 record)
- Domain: ahrefs.net
- TLS/HTTP: No TLS certificates, no HTTP services running
- Security Headers: No HSTS, CSP, or HTTP/2 support
**Threat Indicators**
- Abuse Confidence: Not available
- Blacklist Status: Listed on 1 of 8 DNS blacklists
- Known Campaigns: None correlated
- Tor/Proxy: Not a Tor exit node, not a known proxy
- Threat Feeds: No indicators in major threat feeds
**Subnet Analysis (142.44.233.0/24)**
- Abuse Density: 0.5742 (HIGH ABUSE CLASSIFICATION)
- Subnet Risk: 22/100 inherited risk
- Active Siblings: 212 of 256 total IPs
- Threat Siblings: 147 IPs flagged as threats
- Neighbor Risk Distribution: 96 medium-risk, 4 low-risk, 0 high-risk
- Assessment: While this IP shows low individual risk, the /24 subnet exhibits elevated abuse activity. 57% of active peers in the subnet have been flagged for abuse.
**Observation History (29 Signals)**
- Last Observation: 2026-06-26T19:24:36 UTC
- Recent Signals: Minimal threat indicators
- Signal Types: Geolocation anomalies, routing signals, subnet abuse classification
- Persistence: No persistent malicious activity detected
- Risk Trend: Stable with no escalation observed
**Relationships**
- Total Relationships: 60
- Network Associations: 55+ "Same Network" relationships to OVH-CUST-281059682
- Organization Links: No direct organization or hostname correlations beyond ahrefs.net
---
**Recommendations**
IMMEDIATE ACTIONS:
1. Monitor Subnet Context: While this IP shows low individual risk (30), the /24 subnet is classified as high abuse. Monitor for peer activity changes.
2. DNSBL Review: Investigate why the IP is listed on 1 of 8 DNS blacklists.
3. Geolocation Verification: Investigate the RTT/geo discrepancy for potential spoofing or misconfiguration.
FIREWALL RULES:
- No immediate blocking required (risk score 30, no active threat indicators)
- Consider rate limiting if the IP shows increased activity
- Monitor for service activation (currently no open ports)
INVESTIGATION PRIORITY: LOW-MEDIUM
- The IP appears to be a legitimate OVH hosting endpoint for ahrefs.net infrastructure
- No active malicious indicators present
- Subnet-level context warrants periodic review
---
Conclusion: This IP address represents a low-risk endpoint within a moderately abused OVH cloud subnet. The infrastructure appears to be legitimate hosting for ahrefs.net services. The primary concern is the subnet-level abuse density (0.5742) and geolocation inconsistencies, which warrant ongoing monitoring but do not currently justify blocking or aggressive countermeasures.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059682 |
| CIDR Block | 142.44.233.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca003-san155.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca003-san155.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 2 โ Moderate operator sophistication with routing hygiene |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 23% | 2 | 4 |
| routing | 22% | 3 | 4 |
| services | 12% | 2 | 2 |
| ownership | 22% | 3 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 13 | 19 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ Claimed geolocation contradicts RTT physics measurement
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:43 UTC |
| Last Seen | 2026-06-26 23:16:52 UTC |
| Profile Built | 2026-06-27 19:31:25 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 34 |
๐ 27 signal types ยท 34 observations collected
This report is generated from 27+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.