198.244.183.242

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IPDEBRIEF INTELLIGENCE BRIEFING

Target IP: 198.244.183.242/32

Classification: Moderate Risk (Score: 40)

Date of Analysis: 2026-06-14

Data Sources: IPDebrief Enterprise

---

EXECUTIVE SUMMARY

IP address 198.244.183.242 is a cloud compute endpoint operated by OVH (ASN 16276) within the Ahrefs Pte Ltd Dmytro organization. The IP resolves to hostname proxy-uk004-san242.ahrefs.net and is geolocated to London, England. Risk assessment indicates moderate threat level (score 40) primarily attributable to high-abuse neighborhood conditions rather than intrinsic malicious behavior. No active threat indicators, open services, or known malicious activity were detected.

---

NETWORK OWNERSHIP & INFRASTRUCTURE

ASN: 16276 (OVH SAS)
Organization: Ahrefs Pte Ltd Dmytro
Provider: OVH (Cloud Compute)
Registration: ARIN
CIDR Block: 198.244.128.0/17 (BGP Prefix)
Infrastructure Type: Cloud Compute / Hosting
Status: Active, Route Stable: No

---

GEOLOCATION DATA

Field	Value
Country	Great Britain (GB)
Region	England
City	London
Coordinates	55.38°N, -3.44°W
Accuracy Radius	750 km
Confidence	0.28
Geo Consensus	False
Geo Plausible	True
Min RTT	84 ms
Avg RTT	88.2 ms

---

THREAT ASSESSMENT

Overall Risk Score: 40 (Moderate)

Risk Breakdown:

Threat Indicators: None detected
Abuse Confidence Score: Not applicable
Blacklist Count: 0
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Known Campaigns: None

Control Plane Data:

DNSBL Listed: 1 of 8 total lists
Route Changes (30d): 0
Route Stability: False
RPKI State: Not available
IRR Consistency: Not available

---

NEIGHBORHOOD ANALYSIS (198.244.183.0/24)

Metric	Value
Subnet Abuse Density	0.6992 (69.92%)
Classification	High Abuse
Total Siblings	256
Active Siblings	151
Threat Siblings	179
Inherited Risk	27
Risk Distribution	Medium: 100%

Assessment: The /24 subnet exhibits high abuse density (69.92%), with 179 of 256 total IPs flagged as threat siblings. This contextual risk significantly influences the target IP's risk classification.

---

DNS & SERVICE ANALYSIS

Attribute	Value
PTR Hostname	proxy-uk004-san242.ahrefs.net
Forward Resolution	1 host
Forward Confirmed	No
Domain	ahrefs.net
Open Ports	None detected
TLS Certificate	None
HTTP Banner	None
Service Purpose	Firewalled / No Services

Email Authentication:

SPF Record: Not found
DMARC Record: Not found
TXT Record Count: 0

---

OBSERVATION HISTORY (Last 24 Observations)

Key Signals:

Abuse Classification: High abuse (0.6992 density) — 2026-06-14 18:14:52
ASN Attribution: AS16276 ovh sas (FR) — 2026-06-14 18:14:52
DNS Records: ahrefs.net (CAA records present) — 2026-06-14 18:14:32
Infrastructure Type: Cloud Compute, OVH provider — 2026-06-14 18:13:41
Geolocation: GB (London) — 2026-06-14 18:13:42

Temporal Analysis:

Ownership Changes: 0
Threat Persistence Days: 0
Threat Observation Count: 1
Persistently Malicious: No

---

RELATIONSHIP GRAPH

Total Relationships: 60

Primary Relationships:

Same Network: OVH_282347340 (55+ instances)

No cross-organization, certificate, or hostname relationships beyond network-level associations.

---

RECOMMENDED ACTIONS

Risk-Based Recommendations:

1. Firewall/Network Blocking:

- iptables: `iptables -A INPUT -s 198.244.183.242 -j DROP`

- nftables: `nft add rule inet filter input ip saddr 198.244.183.242 drop`

- Nginx: `deny 198.244.183.242;`

- pfSense: `198.244.183.242/32`

2. WAF Rules:

- Cloudflare WAF: Block with expression `ip.src eq 198.244.183.242`

- AWS WAF: Add `198.244.183.242/32` to blocked addresses

3. Contextual Considerations:

- IP associated with legitimate Ahrefs infrastructure

- No open services detected (reduces exploitation vector)

- No specific threat indicators beyond neighborhood context

- Consider blocking subnet-level (198.244.183.0/24) if abuse threshold warrants

---

INTELLIGENCE CONCLUSION

IP 198.244.183.242 presents moderate risk (score 40) primarily due to high-abuse neighborhood classification rather than intrinsic malicious behavior. The IP is properly registered to Ahrefs Pte Ltd Dmytro on OVH infrastructure with no open services and no detected threat indicators. SOC analysts should weigh the neighborhood abuse density (69.92%) against the legitimate organizational ownership before implementing blocking measures. Recommend monitoring for any changes in service state or threat indicator emergence.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	London
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Ahrefs Pte Ltd Dmytro
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	proxy-uk004-san242.ahrefs.net
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`proxy-uk004-san242.ahrefs.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	4
routing	8%	1	1
services	17%	2	3
ownership	17%	2	3
reputation	28%	1	3
geolocation	37%	2	3
Overall	23%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: FR, GB

📅 Observation Timeline 🔄 Live

First Seen	2026-05-11 21:44:05 UTC
Last Seen	2026-06-27 20:19:23 UTC
Profile Built	2026-06-28 14:23:36 UTC
Data Freshness	Live
Signal Types	22
Total Observations	29

🔍 22 signal types · 29 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

198.244.183.242📋 Copy