198.244.168.61
IP Intelligence Briefing: 198.244.168.61/32
Date: 2026-06-09
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: OVH (cloud hosting)
- Ownership: Ahrefs Pte Ltd (SEO/Marketing services)
- Geolocation: London, England, UK (plausible via IP geolocation)
- Network Role: CloudCompute instance (OVH infrastructure)
---
**2. Threat Indicators**
- Malicious Activity: No detected indicators (no malware, phishing, or C2 activity).
- DNS Associations: Linked to `proxy-uk001-san61.ahrefs.net` (Ahrefs subdomain).
- Subnet Abuse:
- /24 Subnet: 198.244.168.0/24
- Abuse Density: 64.06% (high abuse classification)
- Threat Siblings: 164 IPs in subnet flagged for risk.
---
**3. Observation History (Last 30 Days)**
- Geolocation Consensus: Confirmed via multiple signals (accuracy ~750km).
- Network Stability: Route instability detected (BGP route changes).
- Behavioral Signals: No suspicious banners, TLS certificates, or HTTP services.
---
**4. Relationships**
- DNS: Resolves to `proxy-uk001-san61.ahrefs.net` (Ahrefs).
- Network: Same subnet as 151 active IPs, 164 flagged for risk.
- Routing: BGP prefix `198.244.128.0/17` (OVH ASN 16276).
---
**5. Recommendations**
1. Monitor Subnet: The /24 subnet has high abuse density; investigate neighboring IPs for potential lateral movement or compromised hosts.
2. Verify DNS: Confirm if `proxy-uk001-san61.ahrefs.net` is legitimate (Ahrefs uses similar subdomains for proxies).
3. Network Segmentation: Consider isolating cloud instances to limit exposure if the subnetβs abuse density persists.
4. Check for Anomalies: Monitor for unexpected traffic patterns or service changes (e.g., DNS leaks, C2 attempts).
---
Conclusion:
This IP is part of a cloud-hosted infrastructure used by Ahrefs, with no direct malicious activity detected. However, its subnet exhibits high abuse density, warranting closer scrutiny. SOC teams should balance monitoring with avoiding disruption to legitimate services.
Tools Used: `ipdebrief_profile`, `ipdebrief_history`, `ipdebrief_relationships`, `ipdebrief_neighbors`.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Ahrefs Pte Ltd Dmytro |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | proxy-uk001-san61.ahrefs.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-uk001-san61.ahrefs.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 03:09:19 UTC |
| Last Seen | 2026-06-28 17:18:22 UTC |
| Profile Built | 2026-06-29 05:22:20 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.